Army lab investigates "Cyber Science"

Can an evidence-based approach to secure networks lead to a fundamental science of cyber security?

October 08, 2013

Story Highlights

  • ARL has years of experience monitoring DOD networks.
  • In defining the science of cyber, ARL started with the threatening artifact, malicious software, and the resulting security incidents.
  • The lab takes an evidence-based approach to elements within the field of cyber security.

Scientists are skeptical about terms like "breakthrough" and "novel," but few things are more suspect than a claim of the birth of an entirely new science.

Nevertheless, terms like "Science of Cyber" have been popping up with greater frequency as technical intricacies of cyber security become better known, said Dr. Alexander Kott, U.S. Army Research Laboratory associate director for science and technology, Computational and Information Sciences Directorate.

ARL's portfolio of cyber research takes an evidence-based approach to define the elements within the field of cyber security as it relates to protecting and defending Department of Defense (DOD), networks, to see if there is potential for emergence of "Cyber Science," Kott said.

As early as 2010, an independent group of scientists, which advises the U.S. government on matters of science and technology was commissioned by the DOD to evaluate whether a more scientific approach to cyber security would be possible.

For example, one independent group called The JASON Defense Advisory Group looked into whether metrics could quantify the cyber-security status of a system, a network or a mission, according to the 2010 report published by the MITRE Corporation.

The group found that connecting government, academia, and industry to meet DOD's challenges would be an important step in nurturing scientific inquiry.

"ARL has years of experience monitoring DOD networks, and developing tools for intrusion detection and forensics," Kott said. "We work with a number of key partners to protect critical data."

In defining the domain of the science of cyber, ARL started with the threatening artifact, malicious software, and the resulting security incidents.

Scientists within the lab and others are in search of a coherent family of models that yields experimentally testable prediction of characteristics of security violations, Kott said.

For instance, one research effort at the lab is concerned with the architecture and approaches to detection of intrusions in a wireless mobile network. If software agents were deployed on computing devices of the wireless network, and sent relevant observations of the network traffic and of host-based activities to a central analysis facility, then it would provide a means for an analysis to comprehensively process and correlate the information, he said.

"There is a breadth of issues associated with systemizing the cyber research, like the need for a theory of algorithms that are likely to preserve the critical information indicating an intrusion,. and we need a means of rigorously characterizing the detection accuracy" Kott said.

Kott added that basic research at the lab delves into intrusion understanding, as well as network metrics, network sensors, trust management and advanced threats.

The research of the science of cyber goes hand-in-hand to complement the lab's practical computer defense program, which helps answer cyber threats more proactively.

"The bridge between academia and industry enables us to leverage emerging ideas and technology to enhance the security posture of information systems connected to Soldiers," said William Glodek, team lead with ARL's Network Security Branch. "When Soldiers are in a tactical environment, compromise of a system or network could result in loss of life. It is a priority to protect Soldiers from the kinetic effects that can be delivered with help of cyber threats."

While network and information security policies and best practices have been established, we are starting to identify and fill gaps as new technology emerges. "But still we're working to get better," Glodek said.

"We have the luxury of working with cutting edge developmental technology that may be utilized in the mid- to far-term," he said.

Now and in the future, scientists from a variety of research fields have to grapple with the question of a scientifically rigorous approach to cyber security.

ARL will continue to look at the cyber security challenges of assessing vulnerabilities for defense networks, predicting upcoming risks and preventing attacks, responding with an empirically-based approach that "will make contributions to the larger question of 'is there a scientific basis behind cyber security?' " Kott said.

 

Last Update / Reviewed: October 8, 2013