If you said to turn off all of the devices, throw them in a combination lock safe, lock the safe, forget the combination, and throw the safe (it’s a pretty big safe) into a fairly deep body of water, well, you’ve just won what’s behind Door Number Two.
Problem is, even though the network might be completely secure, it’s also completely unusable.
The question, then, becomes: how do you secure portions of a network that you need to use, while accepting the fact that you can’t secure everything?
The answer’s kind of complicated.
I had been looking into doing some undergraduate research—it’s not bad to have on your résumé, and it gives you the opportunity to work on something important that might be related to your future career—and was referred to a point of contact (Dr. Massimiliano Albanese) at the Center for Secure Information Systems (part of George Mason University).
The Office of Naval Research had funded research to answer our earlier question, and I was given the opportunity to help work on this project. Dr. Albanese recommended applying for the Undergraduate Research Scholars Program for the research.
So, back to our earlier question, but let’s give it the appropriate context.
A US Navy fleet has made contact with an enemy fleet and wants to engage it. Now, this US Navy fleet’s network of computers is much larger and more complicated than the earlier example of your home network—each ship has computers that help it function, talk to other ships, and talk to other local and distant US forces—so even securing the network enough to maintain usability is a difficult challenge. We’ll make things somewhat simpler by just focusing on one computer: let’s say that a component of a fire-control system on a US ship is responsible for calculating a course for a cruise missile to be fired on an enemy ship.
This is definitely a computer that we want up and running for the amount of time it takes to do its job. Let’s throw a wrench into things and say that the US fleet is currently under cyber attack from some adversary.
How do we take the existing network and harden it so that our computer functions while the network is under attack?
The algorithm I am currently working on (written in the Java programming language) is designed to provide that answer.
The network is first converted into an “attack graph”: a representation is constructed that portrays a hierarchical model of paths for how an attacker would tear through the network, and a list of actions that can be taken to disable certain conditions the attacker needs to do so.
Each action has a usability cost; the goal of the algorithm is to find the lowest-cost set of actions to protect our computer (and possibly others) in the shortest amount of time.
Optimizing this algorithm, and visualizing the attack graph and its solutions, is what I’m currently working on. I’ll usually receive some guidance on a weekly basis as to some strategies for optimizing the algorithm, try those strategies, and see if the algorithm improves cost-, time-, or resource-wise. If it does, great. If not, it’s back to the drawing board.
More recently I’ve been working on the visualization component of this process: using Java to illustrate the graph, and then view the effect of the solution set of actions on that graph for whatever asset is designated as important. (We have a data set of graphs to work with).
While I’ve discovered in the last few weeks how difficult it is to push past the boundaries of my knowledge base in Java—especially when I have to self-teach myself things as I go along—the fact that I’ve been given the opportunity to work on a project that can potentially save lives in the future is an incredible, and a very fulfilling, experience.
