                    
|
|
|
Home
Research and Development (R&D) Exchange
Workshop
Thursday, September 28, 2000 - Session I: Differing Perspectives on Security in Converged Networks - BAH Lecture Hall
Friday, September 29, 2000 - Session I: Differing Perspectives on Security in Converged Networks - BAH Lecture Hall
The President’s National Security Telecommunications Advisory Committee (NSTAC) held its fourth Research and Development (R&D) Exchange at the University of Tulsa in Tulsa, Oklahoma on September 28 and 29, 2000. Focusing on long-term security R&D issues related to the convergence of public networks and Internet technologies, the exchange was co-sponsored by the White House Office of Science and Technology Policy (OSTP) in conjunction with the Telecommunications and Information Security Workshop. This workshop was co-sponsored by the National Institute of Standards and Technology (NIST), the National Information Assurance Partnership (NIAP), and the National Telecommunications and Information Administration (NTIA). The theme of the 2000 R&D Exchange was Transparent Security in a Converged and Distributed Network Environment: A Dream or a Nightmare? The exchange provided a dynamic dialogue among Government, industry, and academia on network security, critical infrastructure protection, and network convergence. Nearly 100 people participated in the 2-day event, divided into four facilitated panel discussions. Dr. Peter Fonash, Chief of Technology and Programs for the National Communications System, moderated the workshop’s Session I. Dr. Fonash also provided an overview of convergence issues and discussed NCS technology programs. The session, Differing Perspectives on Security in Converged Networks, began with a keynote address via satellite from Congressman Curt Weldon of Pennsylvania. Congressman Weldon serves as the Chairman of the Military R&D Subcommittee, House Armed Services Committee, and is the Senior Member of the House Science Committee. In his broadcast, Congressman Weldon emphasized the importance of protecting our Nation’s telecommunications and information systems from an array of new threats. He discussed the importance of maintaining information dominance during war and expressed the growing threat posed by cyber terrorism. In concluding his remarks, Congressman Weldon outlined three recommendations to the group. First, he asked attendees to develop technical tools and capabilities to collect, aggregate, and mine threat information. He then asked the corporate conference attendees to invest in R&D programs to ensure that the U.S. military retains access to emerging information technologies on the battlefield. Finally, he expressed the need to help train the next generation of computer security professionals and followed his address by participating in an interactive question and answer period. Session I continued with presentations from five panelists identified as representing the views of telecommunications users, vendors, and network providers. Dr. Paul Prucnal of Princeton University presented a briefing on emerging optical technologies and their potential impact on the Next Generation Internet. He highlighted the high demand of bandwidth, and noted the reason most often cited for shortfalls was the limited capacity of fiber optic cable to transmit high-speed data. Prucnal also explained that there was a great deal of unused bandwidth on fiber optic cables and that the bottleneck was really the inability of routers to manage the flow of data. A second panelist -- Robert Wright of BellSouth -- explained a network provider’s perspective on managing risks and described the tension in corporations of balancing the need for security versus the benefits of utility and accessibility. Edward Balkovich of Verizon Communications, who highlighted the security issues related to integrated voice and data networks and voice over internet-protocol technology, followed Wright. Balkovich also emphasized the importance of focusing on the SS7 to IP security interconnections, where attacks are most likely to occur. Following Balkovich was Dan Woolley of Global Integrity, who provided an overview of the increased incidence of electronic intrusions and discussed the costs associated with security incidents and recovery operations. Woolley said cyber protection is essential to a business surviving and explained that surveyed organizations estimate losses of $265 million in 1999 as a result of unauthorized employee access or abuse. Woolley cited several reported incident types that include IP theft, sabotage, fraud, viruses, and penetration. In the case of IP theft, Woolley said companies surveyed lost over $65 million in the past year. Concluding Session I, Dr. Jack Edwards, NSTAC’s Industry Executive Subcommittee (IES) member from Nortel Networks, emphasized the importance of security in the control space. Dr. Edwards also described the importance of devoting R&D to developing better test and evaluation methodologies. Session II Technology Transfer Issues included discussions of security issues involving technology transition and implementation. Dr. Gif Monger of Science Applications International Corporation (SAIC) described the netEraser program partially funded by In-Q-Tel. The netEraser program was established to provide secure network services in the .scom domain. NetEraser creates a secure gateway for electronic commerce. WorldCom’s Paul Krumviede then outlined several areas where Government and industry have collaborated regarding the Internet and challenges concerning the effective transfer of technologies. The final two sessions were facilitated discussions of the main ideas taken from the previous day’s R&D Exchange and NIST/NIAP tracks. Included in these panel discussions were presentations from SAIC’s Hank Kluepfel, Dr. Edwards, Dr. Terrence Kelly from the White House Office of Science and Technology Policy, and Dr. John Hale from the University of Tulsa. Panelists encouraged participants to identify key issues and challenges associated with security in converged networks. Several attendees suggested the President gain more support for CyberCorps, training of law enforcement and lawyers for prosecution of computer crimes, standards for broadband switch security, partnerships of Government and industry, and R&D funding. Following Session I, SBC Communications hosted a reception and tour for Exchange participants at the Gilcrease Museum in Tulsa. Five NSTAC companies Computer Sciences Corporation (CSC), SAIC, the National Telecommunications Alliance (NTA), Nortel Networks, and Northrop Grumman sponsored a farewell luncheon concluding the exchange. In effort to increase NSTAC visibility, the National Communications System and the NSTAC exhibited an NSTAC display to promote various NSTAC Reports, CDs, and anniversary brochures. Since 1990, NSTAC has devoted considerable attention to network security and information assurance issues. NSTAC continues to examine network security standards, and analyze intrusion detection technology research and development. The Presidential advisory committee has previously sponsored three R&D Exchanges to facilitate and promote a dialogue among industry, Government, and academia. The last R&D Exchange held in October 1998 discussed the need for security metrics and large-scale test beds; the "brain drain" of information technology and security professionals leaving Government and academia; and the need to adopt a long-range view (approximately 5-10 years) of security technology R&D. Participants at the fourth R&D Exchange encouraged NSTAC to hold another R&D Exchange in 2001. Suggested topics include: (1) the human dimension of network security and the challenges major education, training, and awareness organizations face in protecting their key systems, and (2) identification of emerging technologies such as self-healing systems that promise to assist organizations in compensating for shortfalls in personnel or skills. R&D exchange proceedings, including any conclusions and recommendations resulting from the Tulsa Exchange, are currently being developed by the NSTAC’s R&D Task Force. If you would like additional information on the NSTAC R&D Exchange, please visit the TISW 2000 Workshop website at www.cis.utulsa.edu/tisw2000, the NSTAC homepage at www.ncs.gov or contact Ms. Kiesha Miller at (703) 607-6134.
Questions or comments concerning this site? Please contact the webmaster. Reviewed 22 March 2004 |
