NSA, universities push to establish cybersecurity as a science
- By Kathleen Hickey
- Feb 20, 2014
The National Security Agency wants to raise cybersecurity into a more scientific endeavor from its current role as an art form of hits, misses and post-attack patches. To support those aims, the agency is now accepting nominations for the best scientific cybersecurity paper published between Oct. 1 and Dec. 31, 2013.
The annual competition reflects the agency's desire to increase collaboration and build the science base of national security efforts. It also “supports the greater NSA mission to strengthen and protect cyberspace for our nation," said Dr. Michael Wertheimer, NSA director of research. "It offers a great opportunity to share scientific methods, and it was a remarkable success in its first year.”
Computer security science is aimed at developing a scientific method to prevent cyberattacks; the competition was developed to stimulate research in the area.
Today’s approach toward cybersecurity “is bolt-on rather than built-in, like an afterthought. We need to be proactive,” said Shankar Sastry, dean of the college of engineering at the University of California at Berkeley in an article in US News.
“We believe what is missing is the science of cybersecurity—a science base, like the kind taught in medical schools, so as to enable doctors to treat and help patients.”
In another effort to further that idea, NSA and the Department of Homeland Security last year partnered with 181 universities to come up with new programs to meet the growing need for cybersecurity experts.
In addition, an online community called SOS, the Science of Security, was set up to promote collaboration among federal agencies focused on security science. The community describes security science, among other things, as providing a scientific basis for understanding system security properties, developing new, secure, scalable systems as well as predicting computer and networked system behavior after different kinds of attacks.
The deadline for applications is March 31 for the NSA competition, with winners announced Aug 1. Entries will be judged on scientific merit, the strength and significance of the work reported and the degree to which the papers exemplify how to perform and report scientific research in cybersecurity.
Last year’s winner of the best cybersecurity paper was Joseph Bonneau for his paper, “The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords.” The paper studied how to measure and model password strength within a scientific and mathematical framework. All winning papers from last year are available at the Cyber-Physical Systems website.
A panel of experts will review the latest nominations, including Dr. Dan Geer from In-Q-Tel and Dr. John McLean of the Naval Research Laboratory. NSA’s Wertheimer will make the final award decisions based on recommendations from the experts.
The contest winner and honorable mentions will be announced on the NSA website, and the winner will be invited to present the winning paper to an audience of cybersecurity experts and government personnel.
More information on the contest, including eligibility criteria, nomination procedures, judging criteria and downloadable nomination forms are online.
Kathleen Hickey is a freelance writer for GCN.