Article By: Barbara Honegger
As part of its ongoing Centennial Year celebrations, the Naval Postgraduate School’s Information Technology and Communications Services (ITACS) hosted a rich spectrum of educational events throughout October in recognition of the sixth annual National Cybersecurity Awareness Month.
The month kicked off with a keynote address by Kevin Rowney, head of Symantec’s Data Loss Prevention Division, on the topic “Your Role in the Defense Against Data Breach.” Rowney’s presentation outlined the specific steps end users can take to prevent hacking and other external as well as internal IT system breaches.
The keynote was followed by a series of “brown bag” talks by NPS faculty experts in computer science and information security and assurance: Prof. Simson Garfinkel on “Automated Digital Forensics and Media Exploitation”; Naval War College Prof. Jonathan Czarnecki on “The Illusion of Security: Learning to Defer Rather than to Deter”; Prof. Cynthia Irvine on “Combining Security and Usability”; Senior Lecturer Chris Eagle on “Organizing and Participating in Computer Network Attack and Defense Exercises”; and Prof. John McEachen on “Security Issues in Future Telephony: VoIP and 4G Mobiles.”
The capstone event of the month was a Cyber Summit on Oct. 29 hosted by Vice President and Dean of Research Karl van Bibber, Dean of the Graduate School Operations and Information Sciences Peter Purdue and Vice President of Information Resources and Chief Information Officer Christine Haska.
“The security, resiliency and reliability of the nation’s cyber and communications infrastructure is recognized by the Department of Homeland Security as a crucial element in protecting the public, economy and government services,” NPS President Dan Oliver said in his opening remarks, “and it is our responsibility as an institution with a mission of improving U.S. national security to continue to develop our cyber expertise. From your participation here today we know that you understand the importance of this vital mission, and with the new Cyber Command we look forward to your contributions in establishing educational programs for the evolving cyber workforce.”
“The Naval Postgraduate School has a long history – almost 50 years – of embracing cybersecurity in a broad and comprehensive way, and this summit provides a sampling of the best research in the field from seven of our departments,” Executive Vice President and Provost Leonard Ferrari told the attentive audience of students, faculty and staff. “We thank all of you for sharing your research and hope this event will stimulate further cross-campus collaboration and serve as a catalyst for a major umbrella funding proposal for NPS, as well as opportunities for new cooperative agreements with industry.”
Presentations at the all-day Summit included “Grand Challenges in Cyber Security” by Professor of Computer Science (CS) Cynthia Irvine; “Aligning Usability and Security” by CS Associate Prof. Simson Garfinkel; “Can Complexity Science Support the Engineering of Network Centric Infrastructures?” by Operations Research Assistant Professor David Alderson; “Threat Level Orange: How Much Can You Count on Your Wireless Mobile Device?” by Associate Professor of Electrical and Computer Engineering (ECE) John McEachen; “Software-Defined Radios for Cyberspace Operations” by ECE Assistant Professor Frank Kragh; “Cryptographic Attacks and Countermeasures: A Mathematical View” by Associate Professors of Mathematics Panta Stanica and David Canright; “American C-power” by Associate Professor of Information Sciences (IS) Bay Buettner; “Test Bed for Self-Organizing Networking and Collaboration” by IS Associate Professor Alex Bordetsky; “Physics Models for Cyberspace” by Physics Department Professors James Luscombe and David Ford; “Cyber Conflict” by Distinguished Professor of Defense Analysis (DA) Dorothy Denning; and “Cyberwar Means More Than Cyberspace” by DA Professor John Arquilla.
“NPS is actively researching the broad spectrum of usable security issues,” Garfinkel told the audience during the well-attended event in Ingersoll Hall. “The challenge in achieving this is that computer system users tend not to use the [security] features they already have and most system designers think of [programming for] security as a secondary task. We’re finding it increasingly difficult to design for both end user usability and security not only because of the tradeoffs [between the two], but because experts in the former usually aren’t experts in the latter and because adversaries can exploit the features we put in to make a system more user friendly.
“The answer is to ‘design in’ usable security and psychological acceptability [by end users] from the beginning,” Garfinkel noted, “not give users so many [security setting] choices – one system has 2 to the 64th power possible security state options – and program in better fail safe defaults. We need to do a better job of encouraging vendors to do this.
“To adapt a famous quote from President [Franklin Delano] Roosevelt,” Garfinkel concluded, “‘Those who would give up essential usability to purchase a little temporary security deserve neither usability nor security.’”
“Wireless matters because that’s what the enemy uses,” said Kragh, whose presentation focused on the advantages of software-defined radios for intelligence collection and cyber operations. “Look at almost any jihadi Web site and you’ll see photos of terrorists holding cell phones, which can be exploited for detection, geo-location and evesdropping.” In his earlier talk, McEachen noted that the first mobile WiMax network was set up not in the U.S. or Europe, but in Pakistan.
“This was a tremendous team effort,” said NPS Director of Information Assurance and Privacy Chris Gaucher, whose efforts as lead organizer Haska credited with creating a compelling program. “I want to thank the entire team for everything they did to make it such a great success -- President Oliver, Dr. Haska, [ITACS Executive Director and Deputy Director] Joe LoPiccolo and Terri Brutzman for their tremendous leadership and support; Kevin Rowney of Symantec for kicking off the month; [Supervisory IT Specialist] Jim Hall and the Centennial Planning Committee for the great assistance in marketing, planning and help with execution; [Technology Assistance Center Director] Chris Abila and the TAC team for their awesome support; all of our “brown bag” faculty presenters for sharing their time and expertise; Jon Russell and the Ed Tech team for audio/visual and capturing the “brown bag” and awareness trainings; the NPS Foundation for donating the speakers’ gifts and Michele Merenbloom for coordinating with the Foundation; Information Assurance (IA) Manager Jason Cullum and the IA team for information capture at the “All Hands”; and Dr. Fran Horvath and the Institutional Advancement team for publications and photography.”
All events during the month-long celebration were open to all students, faculty and staff at NPS. The purpose of the “All Hands” forums was to help participants understand the depth and breadth of Department of Defense cybersecurity challenges and learn some of the most promising solutions from top NPS and industry experts in information security and assurance. The lectures also showcased NPS’ unique position in both education and research to protect the nation’s critical cyber and communications infrastructure.
As a follow up, ITACS is offering three “All Hands” Cybersecurity Awareness Refresher Trainings designed to satisfy all annual NPS requirements for DoD Information Assurance, Electronic Data and the Privacy Act, Privacy Orientation, Safeguarding Privacy Act Data, Annual Security Awareness, and Phishing and Other Scams in one 90-minute session. The remaining refresher trainings will be held at 3:00 p.m. in King Auditorium on Nov. 19, Dec. 3 and Dec. 10.
Posted November 10, 2009.