Cyber security researchers and government officials gathered at the College from March 23 to March 25 to share and discuss the latest developments in critical infrastructure protection, according to the conference's keynote speaker Shari Pfleeger, research director at the Institute for Information Infrastructure Protection, a Dartmouth-based consortium of 27 universities, national labs and nonprofit research institutions. Speakers at the conference emphasized ways to prevent outages in important infrastructure systems and to protect networks from malicious cyber attacks, Pfleeger said.
In the mid-1990s, the United States government identified critical infrastructure, including power plants, water, energy production facilities and finance and telecommunications operations, that must be protected from "outages and failures," whether accidental or due to malicious attacks, according to keynote speaker and International Federation for Information Processing vice chair Tyler Moore.
The three-day event, which focused on research about the protection of critical pieces of infrastructure, brought together members of academia, governmental agencies and the computing industry who "presented recent research from different sectors about critical infrastructure protection," Hamed Okhravi, a Massachusetts Institute of Technology researcher who participated in the conference, said.
In a lecture called "Human in the Loop: Remembering the User in Critical Infrastructure Protection," Pfleeger discussed "the degree to which we as technologists build technology without remembering how people use and perceive the technology," she said.
Pfleeger, who showed images throughout her lecture, said she displayed a screenshot of an online banking homepage that used "multifactor identification" to ensure greater security for clients' accounts. The site, however, was "almost unusable," and technologists must remember to account for usability during the construction of new technological tools, she said.
Lt. Gen. William Lord, chief of warfighting integration and chief information officer for the Air Force, discussed his duties protecting the information technology infrastructure of the U.S. Air Force, while Moore spoke about the changing face of warfare and the trade-offs between cyber attacks and cyber defense, Moore said.
"The militaries are now having to choose between defending our computer systems and devoting efforts to attacking other computer systems," Moore said. "It seems there is a strong tendency to be putting more towards offensive and attacking than defense."
Militaries often focus on cyber attacks instead of defense because taking the offensive is easier, but the implications of this policy for infrastructure security are worrisome, Moore said.
The conference included nine sessions, each focusing on a specific aspect of critical infrastructure protection. Okhravi chaired a session about risk assessment, which focused on the rapid analysis of intelligence data, he said.
Other sessions focused on topics such as legal issues, cyber war and novel techniques for cyber protection.
Conference participants from around the country and abroad presented papers about the latest research in critical infrastructure protection.
Jason Reeves, who is pursuing a masters degree in computer science at the College, and second-year PhD student Rebecca Shapiro, who works in the Trust Lab in the computer science department, presented their research on information security during the conference.
Reeves's research focused on intrusion detection methods that offer the power grid "some degree of protection without weighing down the system," he said.
Shapiro discussed ways in which supervisory control and data acquisition access owners could "assess the brittleness and see how resilient [the device's software] is to errors in the network data," she said.
Okhravi presented a paper about the creation of "a cyber moving target for critical infrastructure applications," which would "embed resilience into systems" and help protect infrastructures from "sophisticated cyber attacks," he said.
The conference also included a panel of industry leaders, academics and security officials who discussed information sharing between the stakeholders of 18 critical infrastructure sectors, Rochester Institute of Technology computer science professor and panel moderator Rajendra Raj said in an email to The Dartmouth.
"To achieve [stakeholders'] goals, it must be possible to share information securely and robustly, especially during emergencies that might have led to the shutdown of parts of the identified critical infrastructure sectors," Raj said. "Such robust sharing of information usually gets ignored like the proverbial elephant in the room as people usually focus on solving more manageable problems."
Conference participants and organizers said that the conference successfully brought together experts from various fields and backgrounds and allowed for an open exchange of information.
"I think we heard very interesting ideas from different sectors," Okhravi said. "It was a nice pool of recent developments and projects on infrastructure protection. The conference was very informative and technically deep."
The participation of academics and government officials allowed both groups to see how the other is approaching cyber security issues, Shapiro said.
