Carnegie Mellon creates a second center devoted to security issues

Carnegie Mellon creates a second center devoted to security issues

By William Jackson

GCN Staff

At Carnegie Mellon University in Pittsburgh, the new Carnegie Mellon Institute for Survivable Systems will form public-private research partnerships to secure the nation's information infrastructure.

CMISS will draw on the same academic resources that have made the university the home of CERT Coordination Center since 1988. CMISS will have about $40 million in corporate and public funding.

'We are becoming more dependent on information systems, but we have not made any great strides from an engineering standpoint in making the systems more survivable,' CMISS director Richard D. Pethia said. Pethia also is director of the university's Software Engineering Institute (SEI), which houses CERT.

The new institute will focus on 'anything a system needs to resist, recognize and recover from attacks,' Pethia said. That includes conventional security products, as well as fundamental changes in systems design, he said.

CMISS also will study public policy and management practices.

Most security technology today focuses on resisting attacks, but little is being done on recognizing attacks and even less on recovering from them, Pethia said.

Security counts

'In many cases, security is an add-on' in the form of firewalls and filters, he said. 'They are important but expensive.' Security designed into a system would be more efficient and cost-effective, he said.

In 1989, CERT's first full year of operation, it received only six computer intrusion incident reports. The number of reports climbed to more than 2,000 in the mid-1990s and spiked to more than 8,000 last year. This year has brought even higher-profile service-denial attacks and widespread computer virus outbreaks.

CMISS' roots go back three years to the Clinton administration's directive to secure government systems and increase cooperation between government and the private sector in protecting the information infrastructure.

In addition to SEI, CMISS will draw on the resources of the university's College of Engineering, Institute for Electronic Commerce, Research Institute, Electrical and Computer Engineering Department, Graduate School of Industrial Administration, H. John Heinz III School of Public Policy and Management, School of Computer Science and Chief Information Officer Institute.

CERT, a federally funded R&D organization, acts as a clearinghouse for information about attacks and vulnerabilities, as well as their fixes. But CMISS will focus on system development rather than reported incidents.

'There is not a lot of overlap' between the two organizations, Pethia said. 'We see them as complementary.' He said he expects to announce the first public-private partnerships this summer.

One of the first research projects will be survivable network standards.

Some of the standards include defining mission-critical functions at the drawing board, mapping functional areas across architectures and identifying vulnerabilities.

'Information assurance as it is practiced today is not a science,' said John L. Anderson, dean of the Carnegie Mellon College of Engineering. 'It remains largely ad hoc in that it lacks rigorous foundations on which to base scalable and repeatable engineering practices or sound management decisions.'

Pethia said he expects the consortium will see results in three to five years and fundamental improvements in security could be even longer in coming.

Because of the large investments in current technology, security will continue in the form of add-ons after other options become available, he said.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected