CybersecuritySandia Labs seeking responses to cyberattacks

Hackers have stolen identities, broken into bank accounts, and breached computer systems of military contractors. They could conceivably interrupt water or electricity service to targeted populations, and worse.

To solve these problems, Sandia National Laboratories is increasing cybersecurity research over the coming year through a new Cyber Engineering Research Institute (CERI) which will coordinate with industry and universities and have a presence on both Sandia campuses in New Mexico and California.

A Sandia National Lab release reports that the move accompanied a recent 2-day meeting on cybersecurity at Sandia’s Computer Science Research Center. At the meeting, Rob Leland, center director, told the attendees: “The paradox is that even as we rely increasingly on computers to run our utilities, banks and basic security measures, the possibility of an adversary seriously damaging the increasingly complex programs that run these concerns has increased.”

The difficulties of defending against cyberattacks, and what to do to change that situation, were major themes of the second University Partners Cyber Open House and Workshop led by Sandia researcher Ben Cook, manager of Cyber Research and Education.

“One of our overarching purposes for holding this workshop was to increase awareness of Sandia as a research and educational partner,” said Cook. “There are few places in the country where a student can come and work on real cybersecurity projects that have national impact.”

Attendees included thirty professors from across the United States, along with cybersecurity program directors from DHS and the National Science Foundation (NSF).

A major problem for future cyberdefense efforts is stagnating student enrollment in cyber courses. One way to solve that problem, and at the same time come up with security innovations, could be through the prize competitions, suggested Carl Landwehr, NSF’s program director for Trusted Computing.

A cybersecurity design competition with a particular target, prize, and completion date, he said, could not only lead to radical technical solutions, but also help reinvigorate the research community and attract students to a field facing chronic talent shortages.

Discussions of one possible prize competition — better security for “smart” electric meters — showed that conducting challenges for even simple systems would take thought.

Sandia researchers Dan Thomsen and Lyndon Pierson said one reason the workshop chose smart meters is that they are tangible examples of a tough problem with high exposure.

“The adversary has access to as many units as needed to ‘reverse engineer’ the security measures,” said Pierson, “and, with access to the supply chain portion of the life cycle, can insert [malicious elements that can be] triggered [later] to cause a targeted denial of electrical service.”