January 21, 2003

1
BREAKFAST ROUNDTABLE
CRIM
Center for Research in Information Management
Forging Partnerships for Information Security

• January 21, 2003
• Dr. Roy Campbell, Director
• University of IllinoisCenter for Research in
  Information Security (CARIS)
• Paul A. McNabb, President and CEO
• Argus Systems Group

2
Outline of Presentation
Forging Partnerships for Information Security

• Background on U of I, Argus, CARIS
• Partnership Possibilities
• Technologies of Interest
• Questions / Discussion

3
Background on U of I, Argus, CARIS
4
U of I Expertise
Computer Science Related Programs

• Computer Science
• One of top 5 programs in the country
• 40 faculty, 1,100 undergraduate students, 400
  graduate students
• Beckman Institute for Advanced Science and
  Technology
• National Center for Supercomputing Applications
  (NCSA)

One of 22 NSA Centers of AcademicExcellence in
Information Assurance Education
5
Argus Products

• PitBull operating system-level security
• Staff of 30 in Savoy, Illinois
• 42 resellers in 20 countries
• Client emphases include
• U.S. / allied defense intelligence agencies
• international finance/banking services
• Example technical awards
• CNET Editors' Choice
• eWEEK eXcellence Awards
• ASP Konsortium's (Germany) Best Technical
  Security Solution award

6
CARIS Mission and Goals

• Founded in November, 2001
• World leadership in information assurance
• research and development
• multidisciplinary education
• university and community awareness
• public policy influence
• In infrastructure and information system security
• Mutual benefit to multiple constituencies

7
Partnership Possibilities
8
Internet Security Inadequate

• 155 hacking accesses in 2001 to federal computers
  (Chicago Tribune, 2001)
• 85 of companies polled had security breaches in
  the past year (Computer Security Institute, 2001)
• In North America alone, 6,822 person-years lost
  to security breaches (Reality Research
  Consulting, 2000)
• Reported hacks in the U.S. cost 265 million in
  2000, twice the 1999 level (2000 Computer Crime
  Security Survey, Computer Security Institute)
• Worldwide cost estimates range from 17.1 billion
  in 2000 (Computer Economics, July 2001) to 1.6
  trillion annually (PricewaterhouseCoopers, 2000)
• Code Red alone cost more than 1.2 billion in
  damage (Computer Economics, July 2001)

9
Internet Security Is Big Business

• Predicted 300 percent jump in corporate and
  government IT spending over the next four years
  (Business Times, September 2001)
• Worldwide market for information security
  services to grow by 25.5 per year annually
• To reach 21 billion by 2005

10
Partnerships A Must

• Rapidly develop effective security technologies
• Make them available in the marketplace

Research
Better security for individuals and the world
Marketplace
11
Key Responsiveness Capabilities

• Research to create innovative responses
• And assure they are effective
• Development to turn technology into product
• Marketing to bring technology to real-world
  implementation
• Resources (, skilled staff) to support all
  other activities
• Informed policies and standards to guide
  implementation
• Knowledgeable users who understand needs
• No single institution has them all
• Must be faster than ever before

12
Key Partnership Constituencies

• Educational Institutions
• research
• education
• they have different interests
• Corporations
• Government bodies
• regulatory
• legislative
• The Public

13
Corporate Benefits

• Joint projects that increase funding
  opportunities
• University research that transfers to marketable
  products
• Training and education possibilities for staff
• Improved infrastructure for more secure business
  transactions
• Influence on the direction of research in the
  field
• Early access to know-how and other benefits
• Forum for public policy input
• Access to top-notch students as potential staff

14
Government Benefits

• More ways to meet goals of funding organizations
• e.g., NSF, NIST
• Improved infrastructure for more secure
  transactions
• Specific federal, state, and local needs
• e.g., security of Internet data offered via local
  cable
• Improved awareness and security for community
• Synergies with federal and state homeland
  security mandates
• Informed input on legislation and other issues

15
University Benefits

• Contribute to solution of critical, real-world
  problems
• Significantly advance the state of knowledge in
  information security
• Increased project and funding opportunities
• Provide value to the State of Illinois through
  industry-academic partnerships
• Forum for public policy input
• Student access to industry for employment

16
Public Benefits

• Increased knowledge and awareness of security
  issues
• Better security by knowing what to steps to take
• Better security through improved infrastructure

17
Example Partnership Benefits
Funding Sources
Academia
Joint Projects
real-world technology transfer
Superior Products
better security
Business Industry
Public
18
Other Partnership Benefits
Partnership
better policies
protection of resources
Funding Sources
increased corporate expertise, stronger
infrastructure,
Public
Business Industry
19
CARIS and Other Groups
CARIS Steering committee
External Advisory Board
CARISFaculty

• CARIS

Business Partners
Government Agencies
Other Institutions
20
CARIS Partner Program

• Pursuing partners
• Submitting proposals for funding
• Funded projects already in place
• Various levels of support and types of
  involvement
• Level 3 Project Partner (0 - 4,999)
• Level 2 Affiliate Partner (5,000 - 29,000)
• Level 1 Associate Partner (30,000 or more)
• Description available on CARIS web site
• www.caris.uiuc.edu

21
Possible Types of Joint Projects

• Joint Research and development
• Co-sponsored workshops / seminars / lectures
• Internships and other student projects
• Public awareness campaigns
• Legislative visits
• Faculty consultation
• Access to ongoing research studies

22
Intellectual Property Rights

• Often the biggest issue in partnerships
• Especially for development work
• Including developing educational materials
• Must be decided up front, in writing

23
Technologies of Interest
24
CARIS Technical Directions

• Computer system security, especially operating
  system security
• Modeling and evaluation of security technologies
• Business models associated with security
  technology deployment
• Legal issues and best practices
• Privacy and open system security
• Wireless communication and smart card
  technologies
• Mobile devices and security
• CARIS proposals to date total over 50 million

25
Projects at other Institutions

• CERIAS (Purdue)
• Behavior Based Artificial Agents for Information
  Security
• Critical Social, Legal and Ethical Issues in
  Information Use and Abuse in Health
• Detecting Denial of Service Attacks
• Integrating Human-Usability Metrics into
  Information Security Models
• Online Security Communication about Credit Card
  Usage
• Protection of Educational Data in Large Scale
  Databases and Internet Environments
• Multicommodity Private Bidding Auctions
• Static and Dynamic Security in Web Data
  Management

26
Projects at Other Institutions

• George Mason
• Integrity and Secrecy
• Security and the World Wide Web
• Survivability and Information Warfare
• Temporal Databases
• Stanford
• Intrusion tolerance via threshhold cryptography
• Electronic wallets
• Assurance for mobile code
• Secure public Internet access handler
• Security has become a BIG research area.

27
Funding Possibilities DoD

• US Army Research Office (400 million budget)
• US Army Research Laboratory (670 million budget)
• Defense Advanced Research Project Agency(1.96
  billion budget)
• Air Force Research Laboratory (500 million
  budget)
• Naval Research laboratory
• Others
• US Army Communications Electronics Command
• US Air Force Communications Command

28
Other Funding Possibilities

• National Security Agency (NSA)
• National Science Foundation (NSF)
• National Academy of Sciences
• National Institute of Standards Technology
  (NIST)
• Central Intelligence Agency (CIA)
• Department of Education (DoE)
• Industrial Affiliate Program
• State of Illinois
• Targeted corporate research programs

29
Relevant Federal Legislation

• H.R. 1259 Computer Security Enhancement Act of
  2001
• Requires NIST to provide assistance to federal
  agencies in information security and privacy.
• Out of House in Senate committee
• H.R. 2435 Cyber Security Information Act
• Prohibits the disclosure of cyber security
  information voluntarily provided to a federal
  entity
• In House committee

30
Relevant Fed. Legislation (cont)

• H.R. 3316 Computer Security Enhancement and
  Research Act of 2001
• NIST support for research institutions, National
  Research Council
• In House committee
• H.R. 3394 Cyber Security Research and
  Development Act
• NSF and NIST programs for computer and network
  security RD, research fellowships
• Signed into law November 27, 2002

31
Questions / Discussion

• The floor is now open

32
Contact Information
33
Contact Information
CARISAttn Roy Campbell 1304 W. Springfield
Avenue 3315 Digital Computer Lab, MC-258 Urbana,
IL  61801   voice (217) 265-5225 fax (217)
244-6869 www.caris.uiuc.edu
34
Contact Information
Argus Systems Group, Inc. 1809 Woodfield
Drive Savoy, IL 61874   voice (217) 355-6308
fax (217) 355-1433 www.argus-systems.com
35
Contact Information

• Roy Campbell, Director
• rhc_at_cs.uiuc.edu
• use CARIS address
• Paul McNabb, Deputy Director
• mcnabb_at_argus-systems.com
• use Argus address
• Anda Ohlsson, Secretary
• ohlsson_at_cs.uiuc.edu
• use CARIS address