Protecting Cyberspace
Research institute helps to keep computer criminals
at bay.
By Kathleen Kocks
On Feb. 15, 1946, the world’s first electronic
computer, ENIAC, was dedicated at the University of Pennsylvania’s
Moore School of Electrical Engineering. Built for the
U.S. Army Ordnance Corps, ENIAC was only used for scientific
purposes, like performing mathematical calculations for
ballistic trajectories or atomic energy. ENIAC’s
world was confined to a large room.
The world of today’s computers, known as cyberspace,
is far vaster, spanning the globe and reaching beyond
the solar system. Cyberspace brings people together,
facilitates commerce, defends the country, and manages
national infrastructures like power grids and communication
systems. It is hard to imagine an area that cyberspace
does not touch.
Cyberspace is also an ever-expanding frontier that lacks
sufficient defenses and policies to prevent abuse of
its enormous capability and power. Some of cyberspace’s
vulnerabilities are increasingly apparent: hackers, worms,
viruses, spyware, identity theft, invasion of personal
privacy, and the potential for cyberterrorism attacks
that could cripple our country in a matter of minutes.
To help bring order to this frontier, GW established
in 1993 the Cyberspace Policy Institute, based in the
School of Engineering and Applied Science’s Department
of Computer Sciences. The institute was founded by Lance
J. Hoffman, who is known for his pioneering research
on computer security and risk analysis, and for his interdisciplinary
work in computer privacy issues. He currently is a distinguished
research professor in charge of the computer security
and information assurance program in computer science,
and he is often quoted in the media.
About five years ago, the institute added to its charter
and became the Cyber Security and Policy Research Institute.
Lance J. Hoffman, founder of GW’s Cyberspace
Policy Institute
Julie Woodford
|
|
“The institute originally focused on policy analysis,
particularly concerning personal privacy. One of the
biggest issues involved e-commerce and privacy policies
addressing what companies could or could not do with
personal information obtained during computer transactions,” explains
Dianne Martin, CSPRI director, professor, and chair of
the Department of Computer Sciences. “Then we had
9/11, the war with Iraq, the Patriot Act, and homeland
security, so the focus at the institute shifted to include
cyberspace security. The institute looks at pending government
regulations and legislation related to cyber privacy
and security. We also are involved in research to provide
technical solutions to the problems.”
With the needs of cyberspace expanding beyond pure computer
science, CSPRI serves as an umbrella organization for
many disciplines within the University.
“It promotes an interdisciplinary approach to
solving problems that require expertise in computer science,
engineering management, the law, and ethics. We need
people with different perspectives looking at these issues,
and the institute brings together people who don’t
normally talk. It allows us to look at things in a broader
way, and it provides a more interdisciplinary research
environment and application of that research,” Martin
says.
What becomes of interest to the nation’s policymakers
is what becomes of interest to the institute. Issues
researched at CSPRI include identity theft, electronic
commerce, electronic copyright policy, electronic voting,
cyberterrorism, and open source software.
“In terms of our policy work, we look at how computer
technology enables various capabilities, research how
those capabilities are being exploited or could be exploited,
then we look at creating policies that prevent those
abuses. We have to have policies, because if you just
let technology be the driving force, there is always
the possibility of a host of unintended consequences.
“We also have to consider very carefully before
establishing policies. There’s a delicate balance
between creating policies that are truly needed versus
being too heavy-handed with policymaking.”
Much of the research at CSPRI is related to cyber security
and details are understandably kept under wraps. But
an area that has received significant exposure is CSPRI’s
recent focus on open source software.
|
Dianne Martin is the director of the Cyber Security Policy and Research
Institute.
Julie Woodford
|
Open source software such as Linux allows users to have
access to the software’s complete code, as opposed
to proprietary software such as Microsoft that requires
the manufacturer’s support. To assist the federal
government as it began considering what kind of software
it would use to improve cyber security, CSPRI held four
conferences on open source software, inviting speakers
from all sides of the table to facilitate full discussion.
“The issues surrounding this topic are all about
security and control, as in who gets to controls your
data,” explains Tony Stanco, CSPRI’s associate
director. “When you are using a computer that runs
proprietary software, you have no idea how it works or
what the software might be doing in the background. It
could be sending out your private data to the software’s
manufacturer or another third party without you knowing
it.
“With open source software, you can audit the code
and see for yourself what is going on. You can make modifications,
fine tune the applications and fix problems yourself, rather
than having to wait for someone else to fix it. This is
especially important for Department of Defense computers.
“One of the biggest issues for the U.S. government
today is the existence of vulnerabilities in the computer
infrastructure. They are trying to patch them up before
we have a cyber 9/11. Open source software allows them
to get more eyeballs on the problem faster, so you have
a much quicker turnaround when it comes to fixing problems.
You don’t have to wait for the software’s
manufacturer to come help you.”
Funding for CSPRI’s conferences and research comes
from various sources but primarily from the Department
of Defense, the National Security Agency, and the National
Science Foundation. Besides attracting research funding,
the institute also obtained a significant grant from
NSF to provide scholarships for GW students in computer
science, engineering management, and forensics.
“Students who are U.S. citizens and are studying
computer security can obtain a full-boat, two-year scholarship;
in return they pay back the scholarship through two years
of service at a U.S. government agency. The objective
of the scholarship is to build the expertise needed to
protect the nation’s infrastructure within the
context of the government,” Martin says.
“If you ask what the tangible benefit of the institute
is, I’d say it’s that we are educating students
who are going to go out to protect our nation’s
infrastructures. Our research is helping to find technological
solutions to some heinous computer security problems
and helping craft policies to prevent abuses.”
|