Researchers talk cyber security at conference

by Michael Coburn | 3/27/07 5:00am

More than 60 researchers from 12 different countries gathered at Dartmouth for a three-day academic conference on cyber security last week. The brand-new event gave attendees the opportunity to review papers and listen to speakers discuss the need to protect critical computer systems from cyber-terrorism.

One of the chief sponsors of the conference was the Institute for Information Infrastructure Protection or I3P, a consortium of academic centers, non-profit organizations and government laboratories based at Dartmouth that coordinate research and development for cyber-security on behalf of the government of the United States.

According to computer science professor and one of the conference's keynote speakers David Kotz '86, much of the world's critical infrastructure -- from electric power grids to transportation and banking systems -- is controlled by computers. At one time, these computer systems existed independently of each other, but they have become increasingly connected to each other and to the Internet, making them more susceptible to terrorist attack.

Should a terrorist hack into one of these systems, they could shut down this infrastructure and seriously disrupt the economy and security of the world, Kotz said.

One of the issues that most concerned the conference's attendees is the protection of oil and gas infrastructure, said Eric Goetz, assistant director of research for I3P and co-chair of the conference.

"The way it works is the oil and gas are controlled through process control systems," Goetz said. "They would reduce temperature and flow of the pipeline and could open and close valves. What's happened in the last 5-10 years is that these systems are run off of Windows system and are connected to the Internet. The connectivity creates real vulnerability."

According to keynote speaker and I3P research director Charles Palmer, identifying critical infrastructure security gaps are only half the problem. It is also necessary to develop solutions to these problems that are not only effective, but applicable in the real world.

"We can provide technology but the failure of the industry and research is that what we offer people is so complicated to get secure it's impossible to use," Palmer said. "People are the critical infrastructure we need to protect. We need to build systems that are secure and usable for what my sister calls 'normal people' or we're just doomed."

The conference was hosted by the International Federation of Information Processing, an international organization designed to bring together leading Information Technology societies from across the country for conferences such as these.

"The real purpose of the conference was to bring people together people from across the globe." Dartmouth Communications Director Lauri Burnham said. "Infrastructure has no borders or boundaries. The internet is a global entity. Now experts can come together and talk about these security issues."