Logo: University of Southern California

Cold Defense for a Hot Threat

Cold Defense for a Hot Threat

The Deter Laboratory mimics the internet, allowing clever computer scientists to mount cyber attacks and create defenses against them.

Behind a locked door on the second floor of the Viterbi School’s Information Sciences Institute (ISI) in Marina del Rey is an ice-cold room filled with rack upon rack of computers busily blinking under the frigid blast of air-conditioning. These computers, linked to a similar roomful at the University of California, Berkeley, constitute a miniature Internet, says Terry Benzel.

Like the real Internet, this one comes complete with its own addresses, servers, users, traffic and other Web accoutrements. In this Internet, very clever malicious actors are trying to propagate code that can paralyze operations, steal information and compromise vital business or government functions.

That too, unfortunately, is just like the real Internet.

Benzel is director of the DETER laboratory project, which for the past five years has sought to protect the computing community and the nation against cyber attacks. Such attacks have the potential to be far more damaging than most citizens—and lawmakers—realize.

In the DETER lab, the “bad guys” are not hackers, but computer scientists from all over the country who specialize in Internet security. DETER is the computer equivalent of the ultra-secure biological laboratories used to study extremely dangerous, contagious viruses. Researchers can experiment, investigate, invent, share and, yes, attack a carefully isolated virtual network that faithfully mimics the behavior of the far larger real one.

“The DETER nodes simulate any piece of equipment or connection that might be found on the Internet, including an entire network, if necessary,” Benzel told a reporter from Homeland Security Today. “In addition, the DETER test bed is designed specifi cally to allow our experimenters to run tests with malicious code, so we can have true, live malicious software (malware) running in the test bed.”

Without DETER, each researcher would need his or her own facility. Such a facility would be hard for other researchers to duplicate, and it would be difficult to confirm their findings. And each facility would have to be individually secured. With a single, shared test bed, reproducibility and security are assured.

At first glance, “internationally known computer security expert” would not be most people’s occupational guess regarding Benzel, a mother of two who loves cats and has an easy smile. As a college mathematics major, she thought: “I would get a Ph.D. and teach,” as her father had before her. Then she became interested in computers, “and in 1980, I read a journal article on computer security.” She had found her vocation.

After receiving her M.S. in mathematics, she embarked on a research and development road in the private sector that led through a series of companies and corporate takeovers, and eventually became division vice president with executive responsibilities at Network Associates, where she ran a 125-person research laboratory. Along the way, she picked up her M.B.A. from UCLA.

Six weeks after 9/11, Benzel’s commitment and passion for cyber security research led to an opportunity to testify before Congress.

She presented “Cyber Security—How Can We Protect American Computer Networks from Attack: The Importance of Research and Development,” before the House Committee on Science.

She came to ISI in 2003. In September of that year, the Department of Homeland Security and NSF established DETER with a $5.5 million grant. The project has grown steadily since then, now numbering more than 150 users. Last April, DETER received an Excellence Award from the American Council on Technology.

DETER takes advantage of ISI’s deep IT expertise. Cliff Neuman, who helped create the widely used Kerberos cyber-authentication system, was an early co-director of DETER. Veteran computer scientist Bob Braden, whose experience dates to the pre-Internet Arpanet, and Braden’s frequent co-worker, Ted Faber, are also on the team. John Wroclawski, who directs ISI’s networking division, has been setting an aggressive research agenda to expand and enhance DETER to provide new scientific rigor in cyber security experimentation and testing.

Despite the progress, Benzel is worried that the bottom-line threat from her 2001 testimony is still very much alive, and attention and resources devoted to cybersecurity are still lagging. She notes that the Department of Homeland Security is funding more than $1 billion in research, but only $15 million goes to research on computer attacks.

Computer hackers gaining access to secure facilities are a part of the problem—but the danger goes deeper, beyond just compromised information, say Benzel and Neuman, particularly at a time when jumpy financial markets have seen giant swings, up and down, along with brand-name failures.

“America and the world’s complex banking system depends on digital information, requiring second-by-second updating of the status of trillions of dollars,” says Neuman. There are terrorists who have sophisticated IT knowledge—often acquired in Western universities—who are well supplied with funds to purchase additional expertise and resources.

“Given the reach of ‘botnets’ [networks of software robots] and malware today, massive attacks are quite possible, and I am surprised we have not seen them as of yet,” Neuman says. “Our defenses could be better.”

“The combination of physical and cyber threats is even more alarming,” says Benzel. “In addition to software attacks, terrorists can potentially damage physical infrastructure in a way that creates a cascading series of cyber-infrastructure outages that would undermine citizen confidence. The financial markets, manufacturing sectors and transportation sectors could all be susceptible to these sorts of attacks.”