abqjournal.com http://www.abqjournal.com/main/2012/12/17/biz/sandia-creates-cyber-security-institute.

html

Sandia creates cyber security institute

Cyber security research engineer Kevin Nauer works at a mobile file server at Sandia National Labs Cyber Engineering Research Institute. (DEAN HANSON/JOURNAL) When a rogue nation took over computer controls at multinational coffee company Schmucks Bucks this summer to shut it down, computer engineering students counterattacked at Sandia National Laboratories. Student teams hacked in to turn the brewer back on, in effect, providing fresh cups of coffee all around. While fun and educational, the training exercise at Sandias Cyber Engineering Research Institute offered a hands-on simulation for real-world scenarios, albeit for enemy attacks on national infrastructure and industries, said Kevin Nauer, a computer forensics expert at the institutes Research Engineering Cyber Operation and Intelligence Lab. Sandias newly created cyber institute, established in 2011, regularly conducts such exercises to encourage computer professionals to work in teams to resolve cyber threats. Its part of the institutes mission to build partnerships with academia and industry to train cyber security

specialists and develop new ways to protect online networks. We want to get people together in synthetic task environments to develop a foundation of skills where everyone is operating off the same sheet of music, Nauer said. We bring people into a live environment that pits them against one another in weeklong games. We throw attacks at teams for them to figure out how to respond.

Researcher Ann E. Speed works at the Cyber Engineering Research Institute.

Sharing cyber expertise

The institute allows Sandia to share national laboratory expertise in cyber defense with universities and industry, said Director Rob Leland. Thats critical, given the increasing number and sophistication of cyber threats and the range of potential enemies, including adverse nations, terrorist networks, organized crime and individual hackers. Our overall goal is to get all three sectors cooperating together, Leland said. Through outreach, we want to bring our capabilities to bear on problems and issues at the community level. That reflects a newfound openness at Sandia. Sandias responsibility for the cyber security aspects of the nuclear program, providing computer security for weapons, goes back decades, said Senior Manager Ben Cook. But now theres a more general, national need for these capabilities We want to connect more effectively (with communities) to create a two-way interchange of people and ideas. The institute is divided into two divisions. The Cyber Engineering Research Lab, which employs about 100 Sandia specialists at a 25,000-square-foot facility at the Sandia Science and Technology Park in Albuquerque is one. And a Cyber Technology Research Lab in Livermore, Calif., that provides closer communication with industry and academia in the Silicon Valley, is the other.

Improving cyber defenses

Apart from training, the institute conducts extensive research to improve cyber defense capabilities. That includes assessing human strengths and vulnerabilities when working in cyber security, said Chris Forsythe, a psychologist and cognitive science specialist. We focus on the human dimension of problems, Forsythe said. We can put a lot of technical solutions in place, but at the end of the day, theres a human in the loop. We have to arrive at solutions that take into account their issues and problems and how they learn and solve things. Sandias cognitive systems group, for example, uses electroencephalography (EEG) sensors to monitor subjects brain activity in memory and other performance tests in a lab at the institute. That helps to better understand how people learn, which could show ways to improve decisionmaking and human performance in detecting and resolving problems in cyber security and other areas, Forsythe said.

Sandia National Labs Cyber Engineering Research Institute. (DEAN HANSON/JOURNAL) Other research focuses on data analytics, taking massive amounts of information and extracting things to detect potential problems. We need to detect anomalies in network traffic, which means analyzing huge sets of data to determine whats happening at the host and network levels, Cook said. We want to make computer systems inherently more secure by eliminating vulnerabilities that emerge because of the complexity of systems.

UNM, N.M. Tech involved

Sandia specialists are collaborating on research projects with the University of New Mexico and the New Mexico Institute of Mining and Technology in Socorro. UNM computer science professor Jared Saia is helping the institute develop technology that could allow private and public entities to share information from data centers without compromising individual privacy or proprietary resources. That could shore up efforts to detect suspicious activities on networks. In addition, investigative queries often require only certain blocks of data, so UNM and Sandia are developing ways for collaborators to send targeted sets of information, Saia said.

At New Mexico Tech, researchers have worked with Sandia on ways to conduct digital forensics with huge mounds of data. Were talking terabyte-size data sets, said Lorie Liebrock, former chair of computer science and now dean of graduate studies. A lot of digital software doesnt work well because it cant process data sets that big. Both universities have benefitted from training and workshops, which Sandia offers to college and high school students, and to cyber security professionals, to train new generations to work in cyber defense and to strengthen the skills of those already working. The institute enables more collaboration with people outside of Sandia, Saia said. Ive been able to attend very good workshops there without the typical rigmarole to get onto the (military) base. It makes it easier for people from all over the U.S. to come and work on these problems together.

Cognitive research specialist Chris Forsyth works in the EEG lab at the Cyber Engineering Research Institute.