The Annual Cyber Security and Information Infrastructure Research Workshop (CSIIRW-07) was held at Oak Ridge National Laboratory in Oak Ridge, TN at the Joint Institute for Computational Sciences, Building 5100, on May 14-15, 2007.

As our cyber infrastructure grows ever larger, more complex and more distributed, the systems that compose it, become not only more prone to failures, but more prone to security violations.  At the same time, as our cyber infrastructures take more life-critical, mission-critical and infrastructure-critical roles, the stakes of failure-free and violation-free operation grow ever larger.  Furthermore, as perpetrators become more sophisticated, it becomes increasingly difficult to build adequate protection defenses.  The combination of increased vulnerability, increased stakes, and increased threats make cyber security one of the most important emerging challenges in the evolution of modern cyber infrastructure design and deployment.

Though they may play a significant role in an overall strategy, piecemeal solutions to security vulnerabilities are not a match for the magnitude of the challenge at hand. As cyber infrastructure dependents, how do we know we can trust what we see? If we consider the viewpoints of all cyber infrastructure stakeholders then must we maximize the satisfaction of the policy makers, system administrators, resource consumers while anticipating the perpetrators' options?  

The goal of the workshop is to challenge, establish and debate a far-reaching discussion that broadly and comprehensively outlines a strategy for cyber security that is founded on sound technologies that meet the challenge of cyber security (beyond a Maginot line mentality). Some of the characteristics that we should see in such a strategy include a focus on:

√ Gaining an understanding of existing and emerging threats.

√ Advances in insider threat detection, deterrence, mitigation and threat elimination.

√ Ensuring the continuing security, survivability and dependability of our critical infrastructures including the availability of time-critical scalably secure systems, information provenance and security with privacy.

√ Observable/ measurable/ certifiable security effects, rather than hypothesized causes.

√ Quantitative metrics of security, that enable us to specify security requirements, formulate security claims, and certify security properties.

√ Solutions that provide a measure of assurance against known and unknown (though perhaps pre-modeled) threats (e.g., cryptography, QKD, building scalable secure systems, information provenance and assurance to name only a few).

√ Mission fulfillment, whether or not security violations have taken place (rather than chasing all violations indiscriminately) and whether or not they affect the system's mission (including situational understanding and attack attribution).

Last year's theme was:  Beyond the Maginot line.  To pursue a military analogy, we must shift our focus away from winning battles, towards a strategy for winning the war. Our ultimate goal is to elevate trust in the mission and it's underlying critical infrastructures.

How can we focus our future efforts to maximize the success of our strategy to ensure our technologies can meet the challenge of cyber security? This round table discussion will provide the basis for the preface (workshop conclusions and recommendations) into the published proceedings. There will be a cost recovery fee charged for the round table dinner only.

Planned Workshop Highlights
Keynote Professor Bill Sanders, Director, Information Trust Institute, UIUC
Keynote Dr. Carl Landwehr, Chief, Cyber Access and Protection Division, Disruptive Technology Office under the Director of National Intelligence
Round Table Dinner at the Double Tree Hotel Oak Ridge
Published proceedings

Last updated 1/30/07 by F.T. Sheldon
ORNL Home | Disclaimer