NSA gathers together the top minds in what it calls the Science of Security – Federal News Network

admin on April 9, 2021 Leave a Comment

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drives daily audio interviews onApple PodcastsorPodcastOne.

HotSOSmight sound like something in the condiments aisle. But its actually an annual event held by the National Security Agency. Hot Topics on Science of Security, its formal name, will be held online next week. For what happens at the event and some of science challenges in security, Federal Drive with Tom Temin checked in with NSA science researcher, Adam Tagert.

Tom Temin: Mr. Tagert, good to have you on.

Adam Tagert: Its great to be here.

Tom Temin: And when you say the science of security, what areas of security are we talking about? Is it mainly cyber?

Adam Tagert: Were talking cybersecurity, everything dealing with computers, mobile devices, things like that.

Tom Temin: Okay, thats enough to keep any conference occupied. And when you mentioned the science of security, thats an unusual term because most people talk about the technology of security. What do you mean by science?

Adam Tagert: Well, with science, were talking about what is the reasons were doing things with technology, we want to understand the concepts, the theories and the models of how both technology and humans behave in the cyber world. So that way, when we develop a defense, we actually have real confidence that it does what we think it intends to do.

Tom Temin: And what are some of the scientific disciplines? I mean, what are the kinds of people and professions that look at these questions?

Adam Tagert: Okay, so you obviously will think of computer science and electrical engineering. But we also have projects dealing with philosophers who are looking at the what does it mean to be resilient? We also have human behavior, people in psychology trying to understand the human aspects of peoples behavior with cyber. So its a very broad discipline across disciplines.

Tom Temin: I was wondering if it also includes the behavior science of people that might be the recipients of cyber attacks, especially phishing attacks? Which, golly, they are really some sophisticated emails coming out these days?

Adam Tagert: Absolutely. That is a key component of dealing with cybersecurity was looking at phishing. We had a project once looking at how different countries peoples responded to phishing, its different depending if youre looking in United States or say India.

Tom Temin: Got it. And I guess it probably varies by age group to some given population.

Adam Tagert: Yeah. The different motivations between older people, theres definitely lots of senior attacks versus how young people are maybe more cynical when it comes to receiving an email.

Tom Temin: Alright, and tell us a little bit about the conference. Who attends and how does it all work?

Adam Tagert: Thats us, we get attendees from all three government, academia and industry, which is a great environment for collaboration. We have government people talking about the problems and some of our approaches. And then we have academics that are working on the same problems. And were trying to bring everything together. And industry is saying, hey this is how we operate. And this is our challenges, because its all different flavors of the same challenge. And one of the great things about HotSOS is we really talk about ongoing research instead of a lot of traditional conferences, where we talk about research that is done, and were just publishing it for everyone to look at. HotSOS is about the ongoing, so we actually read draft papers, and we have 45 minute in-depth discussions led by discussants, who in some cases theyre NSA zone researchers who are leading discussions on these important topics. Let me give you one really interesting example. We have a work in progress paper from Towson University, which is in Baltimore. And theyre looking at how election workers, the poll workers deal with cybersecurity. Theyve been working with the state of Maryland on training. And in this study, theyve done a survey of 2,000 workers in 13 states just to see how they respond to cyber threats and what their perceptions is. And really, hopefully, we can get some better security there.

Tom Temin: And what about some of the hard sciences. I know that quantum computing is a topic in cybersecurity, also dealing with data and processing it in encrypted form, which is very difficult for processors and so on. Are those types of questions also part of this?

Adam Tagert: Absolutely. Dealing with computing the cloud where you want to keep everything encrypted just for your own privacy. You dont want people to see what data is, is in fact, one of the topics of our keynote from NSA. So our keynote from NSA, Nick Felts ,will be talking about the effort to keep as much as possible encrypted when youre computing the cloud. So its going to be an interesting talk there.

Tom Temin: Now, when this conference was in person, where did it take place?

Adam Tagert: So it rotated around the country. So NSA funds a series of LabLits, which are small virtual labs at universities in the United States, and HotSOS would rotate around them. So sometimes we were in Raleigh, North Carolina with North Carolina State. Other times wed be in Carnegie Mellon in Pittsburgh. So we would move around the country.

Tom Temin: And now that it has been, I guess this must be your second time in a row virtual, correct?

Adam Tagert: It has. This is the second virtual. Last year we were supposed to be in Lawrence, Kansas, but we ended up being in virtual Lawrence, Kansas.

Tom Temin: Yeah, I dont know which is better in Lawrence, Kansas. But with respect to attendance, do you find what other conferences find that instead of getting scores or hundreds, you get tens of thousands because anyone can go?

Adam Tagert: Well, one of the benefits is our sponsorship has allowed us to waive registration fees, so anyone can participate for free. Traditional attendance was about 150 people. Last year, we had 430 attendees in the virtual setting. And so far this year, were over 550 registered attendees.

Tom Temin: Yeah. So its almost tempting to never go back to in person because theres no lunch to be served, no airplane to be ticketed. But another question I had to with respect to the topics, again, is the security clearance process. And theres a RAND study just out on maybe ways to update the criteria for security clearance, given the millennial age and the younger people coming in potentially to the federal and contractor workforce. Does the science of security include how do we evaluate people in a way that gives some higher degree of confidence that they can be trusted?

Adam Tagert: So for the science for security program, we dont actually look at the security aspect of how people are evaluated for clearances, were really looking at the cyber aspect. So an expert in those areas would probably have a better idea of how to evaluate somebody.

Tom Temin: Okay, well well just hope the people that get these secrets in their hands can keep them, but thats a conference of another sort, I guess. And looking to the conference, which is taking place next week, what are the grand challenges? Does it look in those terms at what are the big challenges for cybersecurity in the science realm? Whats the next big frontier?

Adam Tagert: So were actually having a discussion on what is the next challenges for the science security for the 2020s. We opened an open call for ideas and we have 45 topics to discuss during the conference on it. Obviously, human behavior aspects of it are going to be a key component of the challenges. How to have resilient computers so that they can continue to operate even after we compromised. Because saying, I received the compromise, Im going to turn off all my systems and build it over is not a realistic solution. Metrics, how to value of what device or software is more secure than others. And those are just some of the ideas that we have been working on and probably will continue to be working on for the hard challenges.

Tom Temin: And what is involved with attending if someone would like to? Can you just do it online?

Adam Tagert: You can do it online. There are no apps or anything to install, you just go to the NSA website to find the article on HotSOS. Or you can visit the HotSOS website at sos-vo.org.

Tom Temin: Adam Tagert is a security science researcher at the National Security Agency. Thanks so much for joining me.

Adam Tagert: Thank you.

View original post here:

NSA gathers together the top minds in what it calls the Science of Security - Federal News Network

Related Posts
Posted in Computer Science

Comments are closed.