Home  arrowright President's NSTAC   arrowright R & D Exchange 2003  arrowright Theme/Fact Sheet

NSTAC Banner

Research and Development (R&D) Exchange Workshop
March 13 - March 14, 2003
Atlanta, Georgia

Theme / Fact sheet

 

Theme - The President's National Security Telecommunications Advisory Committee 2003 R&D Exchange Workshop: R&D Issues to Ensure Trustworthiness in Telecommunications and Information Systems that Directly or Indirectly Impact National Security/Emergency Preparedness (NS/EP)

Introduction

Research and Development (R&D) Exchanges are special events conducted periodically by the President’s National Security Telecommunications Advisory Committee (NSTAC). Tracing their origins to 1991, the broad purpose of an R&D Exchange is to stimulate a dialogue among industry, Government, and academia on emerging security technology research and development issues. To ensure inclusion of all stakeholders in the R&D community, the President’s NSTAC has traditionally partnered with the Office of Science and Technology Policy, other key Government agencies with R&D roles (e.g., the Defense Advanced Research Projects Administration, the National Institute of Standards and Technology), and academic institutions in sponsoring R&D Exchanges.


Trustworthy NS/EP Telecommunications

The increasing reliance on the public switched network, the Internet, and computer applications to support national and homeland security, emergency preparedness, and public safety places a premium on “trusted” systems and networks.
The September 11 terrorist attacks demonstrated the critical importance of networked information systems in supporting national crisis management and response. Ensuring that national leaders, first responders, infrastructure owners, and the general public receive timely, accurate, and complete information through trustworthy NS/EP telecommunications – and the underlying networked information systems – is crucial to meeting national security and homeland security objectives.


What is “Trustworthiness”?

An increasingly important research topic in the telecommunications and computer security field is the concept of trustworthiness, which is defined as assurance that a system deserves to be trusted—that it will perform as expected despite environmental disruptions, human and operator error, hostile attacks, and design and implementation errors. Trustworthy systems reinforce the belief they will continue to produce expected behavior and will not be susceptible to subversion. Furthermore, trustworthiness of a networked information system ensures the system completes its required functions and does not do other things. Design and implementation errors must be avoided, identified, eliminated, and, where undetected, tolerated by the networked information system.

The National Research Council’s seminal report, Trust in Cyberspace, helped frame the issue of trustworthiness, which included the correctness, security, reliability, safety, and survivability of the public switched network and the Internet; the software (or “logical”) elements of computer networks; and the systems, devices, and applications employed by end users.
The report identified two tensions inhibiting the development of trustworthy networks and systems:

  1. The state of the art versus state of the practice, and the factors (market forces, restrictive policies, etc) limiting the usage of the best technologies
  2. The expectations of the public versus the extant science and technology base for building trustworthy networked information systems.

A third tension not explicitly called out in the report but closely associated with the concept of trustworthiness is broadening the focus to include cyber, physical, and personnel security issues. To date, the R&D community has emphasized the importance of developing trustworthy networked information systems in cyberspace. However, those systems are also exposed to a host of threats (exploitation by insiders, physical destruction) that extend beyond the realm of cyberspace.


2003 R&D Exchange

The NSTAC, in conjunction with the Office of Science and Technology Policy, and the Georgia Tech Information Security Center (GTISC) at the Georgia Institute of Technology, is sponsoring the 2003 R&D Exchange on March 13-14, 2003 in Atlanta, Georgia. The purpose is to explore the security R&D issues associated with ensuring trustworthy NS/EP telecommunications. Specifically, it will be a two-day event featuring several keynote speakers and breakout sessions focused on the full range of R&D issues (policy, science and technology, operational) affecting the ability of network owners and operators to engineer and architect trust into the networked information systems that comprise NS/EP telecommunications. Leaders from the Federal Government, private industry, academia, and State and local governments will be invited to:

  1. Explore and prioritize key research and development issues related to the trustworthiness of NS/EP telecommunications and the underlying networked information systems
  2. Identify and frame key policy issues associated with the trustworthiness of NS/EP telecommunications for future consideration and study by the President’s NSTAC
  3. Provide input to the White House’s Office of Science and Technology Policy in its preparation of the President’s research agenda and budgetary requests
  4. Identify and characterize barriers and impediments that inhibit the research and development of trustworthy networked information systems.

The exchange will open with a plenary session including several keynote speakers designed to convey the importance of and current state of affairs in trustworthiness research. Following the plenary, the participants will divide into breakout groups to identify the major research challenges and to devise proposed research priorities. Each breakout group will include representatives from private industry, academia, and government (both Federal Government and State and local officials). The exchange will conclude with a plenary session that includes presentations from the groups.

 

Fact Sheet

The Research and Development Exchange is a special event conducted periodically by the President's National Security Telecommunications Advisory Committee (NSTAC). Historically, its broad purpose is to stimulate and facilitate a dialogue among industry, Government, and academia on emerging security technology R&D issues. To ensure inclusion of all stakeholders in the R&D community, the President's NSTAC has partnered with the Office of Science and Technology Policy (OSTP), the Defense Advanced Research Projects Administration, the National Institute of Standards and Technology (NIST), and academic institutions in past R&D Exchanges. The results of the R&D Exchanges are generally captured in a Proceedings document that is published by the President's NSTAC.

In 1990, the growing prevalence of hacker incidents led to the formation of the NSTAC's Network Security Task Force. Its purpose was to assess the threats to and vulnerabilities of the Public Switched Telephone Network. A key component of the task force's work included examining R&D issues related to security with a particular emphasis on improving commercially applicable tools. To explore security technology R&D issues in greater depth, the R&D Exchange concept first surfaced in 1991. To date, there have been four R&D Exchange events:

  • R&D Exchange #1 (1991): The first exchange was actually two separate events intended to provide a forum for industry and Government officials to share their unique perspectives on
  • R&D issues. In the first session, government representatives presented their views on security technology R&D issues. In the second, industry representatives provided their perspectives on
  • R&D issues related to network and telecommunications security.
  • R&D Exchange #2 (1996): The second exchange facilitated a discussion of network security problems affecting national security and emergency preparedness (NS/EP) telecommunications, identified R&D programs in progress to address those problems, and identified future security technology R&D needs. Four broad security topics were discussed: authentication, intrusion detection, integrity, and access control.
  • R&D Exchange #3 (1998): The third exchange was sponsored in conjunction with OSTP and Purdue University's Center for Education and Research in Information Assurance and Security to examine collaborative approaches to security technology R&D. The participants also discussed the need for training more IT security professionals, creating large-scale test beds to test security products and solutions, and promoting the creation of Information Assurance (IA) Centers of Excellence in academia.
  • R&D Exchange #4 (2000): The fourth exchange was sponsored in conjunction with OSTP, NIST, and the University of Tulsa to examine issues of transparent security in a converged and distributed network environment. Attendees discussed the need to address the shortage of qualified information security professionals, expand the number of universities participating in the IA Centers of Excellence program, and promote best practices, standards, and protection profiles to enhance the security of the Next Generation Network

 

Questions or comments concerning this site? Please contact the webmaster.

Reviewed December 07, 2006

Privacy Policy
NCS Web Banner Department of Homeland Security