Creating a science to detect and model cyberattacks and the risk and motivations behind them, and creating a response that can counter the attack and neutralize the cyberattackers in real time, is the aim of a cooperative agreement between the Army Research Laboratory and Penn State.
The five-year funding for the core and enhanced program is $23.2 million, with an additional $25 million for the optional five-year extension -- a potential total of 48.2 million over the 10-year collaboration.
"We're going to develop a new science of understanding how to make security-relevant decisions in cyberspace," said Patrick D. McDaniel, professor of computer science and engineering and principal investigator on the project. "Essentially, we're looking to create predictive models that allow us to make real-time decisions that will lead to mission success."
Models for Enabling Continuous Reconfigurability of Secure Missions, a five-year cooperative agreement renewable for an additional five years, will form a Collaborative Research Alliance consisting of Penn State, Carnegie Mellon University, University of California Davis, University of California Riverside and the Army Research Laboratory. Consortium and Army researchers will jointly develop the research program, and lead and conduct research under this Collaborative Research Alliance.
An industrial partner will also be engaged in the first year. Other Penn State faculty working on the project include Thomas La Porta, Distinguished Professor of Computer Science and Engineering, and Trent Jaeger, professor of computer science and engineering.
The project will support 17 faculty and more than 30 graduate students among the partnering universities.
"This award is important to Penn State on two levels," said Penn State President Rodney Erickson. "First, it gives us tremendous opportunities to broaden our institutional impact by supporting a graduate program that will help us to produce the next generation of scholars and practitioners in cybersecurity.
"Second, it puts Penn State in a position of global leadership in developing this new science of cyber decision-making, which will have critical implications to bolstering our nation's security."
The maturation of the Internet and computer technology changes every aspect of our lives, noted McDaniel, who is also co-director of Penn State's Systems and Internet Infrastructure Security Laboratory.
"One avenue where we have been less than perfect is cybersecurity," he said. "We need a new science of cybersecurity that builds on the existing science of computing and networks."
John Pellegrino, director of the Army Research Laboratory's computational and information sciences directorate, noted that "the understanding and operation of complex, heterogeneous Army battlefield networks in the presence of unrelenting cyberattacks is a formidable challenge for the Army's scientific and network operations communities. We look forward to exploring this fascinating and dynamic technical area, bringing some of the top technical minds in the Army Research Laboratory together with these highly talented academic partners to advance cyber science, and with our partners in the Army's Communications -Electronics Research, Development and Engineering Center and in industry, exploit the discoveries to strengthen our networks."
While this research has obvious applications to defense, cyberattacks take place today anywhere computer networks exist, so that the implications for industry and consumers are great.
The alliance will focus on four areas: detecting adversaries and attacks in cyberspace, measuring and managing risk, and altering the environment to achieve best results at the least cost. The fourth area -- developing models of human behaviors and capabilities that enable understanding and predicting motivations and actions of users, defenders and attackers -- will be integrated into the first three areas.
"The way the team is structured, every person will be involved in at least two of the four thrusts," said McDaniel. "For most, this leads to involvement in one thrust where they are expert and one where they are not. In this way, we ensure that we don't just get the same old ideas, but leverage ideas and viewpoints from different perspectives."
The researchers will look at human factors, how to modify computer and network environments in reaction to events and how to convey information to the proper people in the proper way. They will develop methods to assess the risks to personal privacy, life and limb and finances. They will also assess the state of the attackers, what motivates them and their goals and abilities.
According to McDaniel, the new science will enable future networked systems to take actions in response to attacks without human intervention. For example, a server observing unusual network traffic from an unknown entity might determine it was under attack and filter that traffic. However, many of the required actions will need human decision-making and action.
"Future Army networks will be heterogeneous and dynamic, and they will continue to face advanced evolving persistent threats," said Ananthram Swami, the Army's ST for network science and manager for the Collaborative Research Alliance. "The CRA gives us an opportunity to jointly advance the theoretical foundations of a science of cyber security in the context of Army networks. Such a science will eventually lead to network defense strategies and empirically validated tools. Substantial interactions and staff rotations between domain experts and scientists across the consortium and Army Research Laboratory will be vital to enabling the joint research that will ensure the success of the program."
A typical situation the project seeks to solve might involve a soldier in a combat area seeing a disreputable looking person. The soldier takes a photo and wants to send it to the intelligence resources to determine if the person poses a problem. The enemy's cyber objective is to stop, alter or slow down the transfer of the image and the resultant return of information to the soldier. Such attacks on cyber infrastructure are increasing in number and sophistication.
"We would like to be able to see that the image gets to its intended destination and if the pathway is attacked, if the network is attacked, we want to be able to reorganize so the information can flow both ways," said McDaniel. "We want to be able to make decisions to drive attackers to a state of ineffectiveness. If a network or computer is under attack, we want to be able to assess the situation, make decisions and alter the environment to prevent the attack from being successful."