ALBUQUERQUE, N.M. — An unusual urgency underlay the brief speeches noting the formal opening of Sandia’s Cyber Engineering Research Laboratory (CERL) last month.
A warning of “malicious cyber activity,” sent out one day earlier by the FBI and the Department of Homeland Security, accompanied a growing flood of news releases from major businesses and large institutions acknowledging their websites had been hacked and data sometimes compromised.
U.S. Sen. Tom Udall, D-N.M., mentioned Winston Churchill’s book “While England Slept,” which in 1938 criticized the English government’s lack of preparation against the threat from Nazi Germany.
“Cyberthreat is not one of guns and tanks but we need to take it seriously. … The threat is real to … our water systems, oil pipelines, hospital systems … and we should bring justice to those who would do us harm. CERL is a crucial part of our defenses,” Udall said.
Activities at CERL — located in the Sandia Science & Technology Park — are expected to marry computing expertise from across Sandia Labs with that of universities and businesses to develop long-term solutions against the increasingly serious challenges posed by hackers and cybercriminals to individuals, business and government.
U.S. Rep. Ben Ray Lujan, D-N.M., who stressed partnerships between businesses and New Mexico’s national labs, Sandia and Los Alamos, said, “Personal information taken and used in some way, from an ATM machine or anywhere else, can allow someone from around the world to get into something personal (of a U.S. citizen).”
Albuquerque Mayor Richard Berry said the takeover of four TV stations by attackers who jokingly advertised “the zombie apocalypse” was not funny in what it said about communications security.
Dimitri Kusnezov, chief scientist and director of the Office of Science and Policy at the National Nuclear Security Administration, offered a historical view. “The need for secrecy (has ranged historically) from clay tablets and cuneiform to today’s complex protocols. … Our cybersecurity needs will not recede in time but only get greater as data complexity gets greater. … There is no scientific silver bullet. The key is to train our people to be more aware, smarter, building in as many safeguards as we can, co-developed with technology. Centers like this can forward these steps,” he said.
Sandia President and Labs Director Paul Hommert spoke in support of Kusnezov’s comprehensive approach to move security forward: better training, improved search algorithms, another level of equipment.
“(Cybercrime) can’t be tackled alone,” Hommert said. “The public and private worlds must combine efforts to work as a team.”
He mentioned Sandia’s Center for Cyberdefenders student internship program, which has honed the skills of more than 300 students in the past decade in an effort to develop the next generation of cyber workers.
CERL projects are more complex than what the public may imagine to be a James Bond-style response to strike back immediately at cyber adversaries.
One project improves and tests algorithms to prevent adversaries from penetrating emails or damaging websites. The effort involves a kind of electronic topographical map that charts entry points and paths of a large number of emails within a system to recognize anomalies — messages that stand out because of their oddness.
In another, the brainwaves of students wearing electroencephalograph caps (the same as used in hospitals and gaming) are mapped to build a library of what success looks like in handling particular cyber tasks. The idea is to cut in half the time needed to train a cybersecurity professional — by some estimates, about five years.
Students from colleges and high schools also compete in virtual cyber exercises to solve enough digital clues to catch an imaginary “bad guy” molesting the economic well-being of a large coffee company.
John McGraw, vice president for research at the University of New Mexico, recognized the complexity of the response needed. “Sandia’s unique mission is to protect the public against vulnerabilities not recognized by the public,” he said.
Sandia has had a head start in computer security, said Ben Cook, a member of the CERL leadership group, because it was safeguarding nuclear weapons secrets at the dawn of the computer age, long before the term “cyberspace” was in common usage.
Cray Computing CEO and President Peter Ungaro, who has made no secret of his feeling that Sandia kept Cray solvent by helping create what he termed “the most successful family of supercomputers ever built (the Sandia/Cray Red Storm supercomputer),” advocated CERL collaborations to “develop a technical roadmap to take problems currently intractable and solve those to make them broadly applicable across a wide variety of frameworks.
“Cybersecurity is one of the largest threats out there today,” he said. “The vast amount of digital data is growing at an exponential rate — every two days, there’s more data created than from the dawn of civilization to 2003. Our hacker adversaries are getting more sophisticated in using data against us.”
Rob Leland, director of Sandia’s Computing Research center, concluded the talks by speculating that, just as the development of the laminar flow clean room ushered in a revolution in microelectronics, “there’s the potential for us to do something similar in the cyberworld and that CERL will play a key role in bringing that about.”
The clean room, invented at Sandia and patented by the Atomic Energy Commission in 1962, made the microelectronic age possible by providing a simple, standardized way to greatly lessen the number of dust particles in research labs and electronic production lines.