Sharing the Secrets of Cybersecurity
Protection is as much about who you know as what you know.
The tasks critical to success in the realm of information assurance have become so robust that a breadth of expertise is now necessary to stop cybercriminals. To that end, Sandia National Laboratories, Albuquerque, New Mexico, opened a new research facility called the Cyber Engineering Research Laboratory to promote the collaboration required to safeguard networks. An accessible external location, coupled with a synergistic internal mindset, enables advancements and maturity of concepts essential to success in the cyber realm.
Unlike most of the larger laboratory that sits in a secure, restricted area, the smaller subordinate one is located in the open Sandia Science and Technology Park to facilitate access for private sector, university and other nonlaboratory personnel. Inside the facility, researchers from the disparate fields of cognitive science, network defense and analytics are working together to find solutions to cyberchallenges. “That’s a very powerful effect from a cross fertilization standpoint,” says Ben Cook, an acting senior manager in Sandia’s Information and Cognitive Sciences Group. Permanent staff at the Cyber Engineering Research Laboratory (CERL) include established employees from other parts of the laboratory as well as incoming researchers.
Each of the disciplines resident in CERL is important to addressing tough problems such as situational awareness. To aid with that, additional partners include laboratory staff involved with enterprise security. Knowing what is happening across the complex topology of connected computers is difficult both in terms of monitoring to detect anomalies and allowing people to make sense of it all. Combining human and technology systems research will help develop innovative approaches to improve situational awareness as well as other facets of cybersecurity. Cook explains that no single institution can solve cyberproblems alone. Similarly, no single discipline has all the answers. “We can’t take a pure computer science approach,” he states. “There’s more complexity than any one discipline is going to be able to overcome.”
In the last few years, the research community has reached a better understanding of the intricacies of cybersecurity. Previously, these developers were probably too focused on a taking a purely technical approach to finding solutions, but more recently they have realized at a national level that more robust methods are required. Factors such as policy, humans and economics all play roles. Cook says this acknowledgement is refreshing and gaining in traction.
According to him, encouraging collaboration is a main purpose for the establishment of CERL. “Sandia as a national security laboratory has historically focused on work not exclusively but primarily directly for the government,” he explains. “CERL is an attempt for us to reach out more broadly and partner with academia and industry in the area of cybersecurity. So I think the rationale for that is there’s a recognition that both university researchers and industry are making significant contributions and have a vital role to play. There’s tremendous power in the collaboration of bringing government labs, industry and academia together to try to tackle this problem.” True to its partnership mantra, CERL has a sister institute dubbed the Cyber Technology Research Laboratory (CTRL) at the Sandia campus in California that performs similar research. The Cyber Engineering Research Institute (CERI)—a virtual organization—spans the two. CERI focuses on open, exploratory research in cybersecurity in partnership with academia and industry. It also incubates Sandia’s cybersecurity science and technology and seeks to grow the next generation of cybersecurity talent for Sandia and the nation.
Cook emphasizes that CERL is one of a number of collaborative initiatives across the country. A possible future scenario involves creating a national, cooperative network of loosely federated hubs working together. The nation has an opportunity within the government’s federally funded research and development center complex to establish such an arrangement, Cook says.
CERL has a number of university partnerships and is working especially closely with the nearby University of New Mexico and New Mexico Tech. Any industry partners will receive fair consideration to participate as appropriate. In one approach, the laboratory will provide public notification of a developed capability to give viable companies a chance to license and commercialize the technology.
Working together pays off for everyone. CERL’s efforts serve as a bridge between the ideas in academia and the industrial world that can help make them a reality. Laboratory personnel also can help translate research ideas into realistic implementations ready for commercialization. In addition, CERL and similar laboratories can offer practical perspectives because of experience defending actual systems. “We can help university researchers understand threats and understand some of the operational challenges of developing solutions that will have real impact in an operational setting,” Cook explains.
Funding will work in different ways. Sandia is not a significant source of monetary outlay to academia. With industry, the laboratory uses cooperative research and development agreements, or CRADAs, as primary vehicles to help move innovations forward. Other means of interaction include open source software.
Advancing enterprise security, including situational awareness, is the main focus for CERL. Another related, entwined area of emphasis is enhancing the way leaders select and train individuals and build teams to defend networks. Within CERL is a section called the Research and Engineering for Cyberoperations and Intelligence Laboratory (RECOIL), which essentially is a controlled environment for performing cyberdefense exercises. Officials have instrumented RECOIL to see how humans interact with and form a variety of exercises, including forensics at both the individual and team levels. “We hope to help others develop better training programs,” Cook explains.
CERL is interested in finding protections for high-consequence systems important to the Defense Department. One such is supply management, which Cook says Sandia as a whole cares deeply about addressing. He also explains that Sandia has a history of helping industry understand cybersecurity risks with emphasis on the critical infrastructure energy sector through funding from the Department of Energy.
Laboratory personnel partner with companies to carry out technology transfers and to help them assess and mitigate risks in areas such as control systems. Because the private sector controls the vast majority of the nation’s critical infrastructure, including that of critical information technology, “It’s vital for government and for us as a national security laboratory to do what we can to help industry bolster the security of the infrastructure ... . If we’re going to improve the security of the information technology ecosystems in the nation and the world, we have to have a conduit to share our expertise,” Cook states. CERL and CTRL offer a way to share that expertise with industry so they can adopt more effective security solutions.
Officials at the laboratory believe that ensuring information assurance has a lot to do with people so they have a longstanding commitment to educating the next generation of cybersecurity professionals. They want to help overcome the challenge they see of a shortage of skilled cyberworkers. More than 400 students from around the country have worked at the laboratory during the past decade on applied research programs. Some remain at Sandia while others move on to careers in other places. Personnel plan to build on that and host more students, an effort that should be assisted through the outreach efforts and easy accessibility of CERL.
Looking toward the future, personnel plan to expand upon the resources available today and to increase their academic partnerships. This work will involve bringing in more students and faculty and training students to be better workers. CERL also is open to exploring industry sabbaticals through which industry professionals embed in the laboratory for a certain amount of time. Extra emphasis is placed on partnering at the local and regional level. But regardless of the who or where, the overall goal remains to enhance information assurance. “My hope would be that CERL in some modest way leads to demonstrable improvement in the security of our nation’s critical information technology infrastructure,” Cook states.