[ISN] Researchers talk cyber security at conference

From: InfoSec News (alerts@private)
Date: Wed Mar 28 2007 - 00:02:08 PST


http://www.thedartmouth.com/article.php?aid=2007032701040

By Michael Coburn, 
The Dartmouth Staff
March 27, 2007

More than 60 researchers from 12 different countries gathered at 
Dartmouth for a three-day academic conference on cyber security last 
week. The brand-new event gave attendees the opportunity to review 
papers and listen to speakers discuss the need to protect critical 
computer systems from cyber-terrorism.

One of the chief sponsors of the conference was the Institute for 
Information Infrastructure Protection or I3P, a consortium of academic 
centers, non-profit organizations and government laboratories based at 
Dartmouth that coordinate research and development for cyber-security on 
behalf of the government of the United States.

According to computer science professor and one of the conference's 
keynote speakers David Kotz '86, much of the world's critical 
infrastructure -- from electric power grids to transportation and 
banking systems -- is controlled by computers. At one time, these 
computer systems existed independently of each other, but they have 
become increasingly connected to each other and to the Internet, making 
them more susceptible to terrorist attack.

Should a terrorist hack into one of these systems, they could shut down 
this infrastructure and seriously disrupt the economy and security of 
the world, Kotz said.

One of the issues that most concerned the conference's attendees is the 
protection of oil and gas infrastructure, said Eric Goetz, assistant 
director of research for I3P and co-chair of the conference.

"The way it works is the oil and gas are controlled through process 
control systems," Goetz said. "They would reduce temperature and flow of 
the pipeline and could open and close valves. What's happened in the 
last 5-10 years is that these systems are run off of Windows system and 
are connected to the Internet. The connectivity creates real 
vulnerability."

According to keynote speaker and I3P research director Charles Palmer, 
identifying critical infrastructure security gaps are only half the 
problem. It is also necessary to develop solutions to these problems 
that are not only effective, but applicable in the real world.

"We can provide technology but the failure of the industry and research 
is that what we offer people is so complicated to get secure it's 
impossible to use," Palmer said. "People are the critical infrastructure 
we need to protect. We need to build systems that are secure and usable 
for what my sister calls 'normal people' or we're just doomed."

The conference was hosted by the International Federation of Information 
Processing, an international organization designed to bring together 
leading Information Technology societies from across the country for 
conferences such as these.

"The real purpose of the conference was to bring people together people 
from across the globe." Dartmouth Communications Director Lauri Burnham 
said. "Infrastructure has no borders or boundaries. The internet is a 
global entity. Now experts can come together and talk about these 
security issues."


_________________________________________
Visit the InfoSec News Security Bookstore
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Mar 28 2007 - 00:22:14 PST