One of the privileges of being part of FOSEP is that we are able to find more ideas for topics and speakers by going to conferences. I was able to attend the AAAS meeting in Boston this past February, and for the next few blog entries, I’m going to report on some of the interesting facts I’ve learned, and try to group them by topic.
Security and Research
8:00 AM on February 15th, I’m Jet-lagged, so the time is more like 5:00 AM. Thank goodness for coffee! This Security Research is targeted at making sure NOTHING happens, so nobody will notice when the research works. It is difficult to measure prevention, something I feel keenly in public health. If there were attacks that were prevented, who would know besides those in the CIA, FBI, or Pentagon? Do we really want to know all the risks that we face?
The three speakers were Stephan Lechner, (Joint Research Center, Institute for the Protection and Security of the Citizen from Europe – see http://ipsc.jrc.ec.europa.eu/ ), Scott Borg (U.S. Cyber Consequences Unit – see http://www.usccu.us/ ) and Suvi Sundquist, (Finnish Funding Agency for Research and Innovation). Sundquist presented on her company that funds small research projects in security for the commercial market.
The Joint Research commission is funding all sorts of interesting research:
1) Special nuclear fuel seals so that nuclear fuel essentially can’t be opened, even by terrorists who want to get a hold of it
2) Maritime research to model tides, waves etc, and specialized radar. This new system they developed was used to help rescue passengers from the Costa Condordia earlier this year (If you don’t remember: http://www.bbc.co.uk/news/world-europe-19962191 )
3) Earthquake and bomb computer simulations to make better buildings that will not collapse in a earthquake, and simulations of shock waves. It was a little disturbing in this part. He showed a few videos. What is the “death zone”, for example, if there was a truck bomb or a suicide bomber in a railway station? How much bomb weight could a person carry? How could you sense that extra weight at entrances? How can you design buildings so that the damage from the biggest bomb you can simulate is minimized?
The Cybersecurity Presentation was even more sobering.
We are vulnerable to cyberattack or breakdown due to our interconnected systems, including the electric grid and computer networks. How could we make a smart electricity grid that could handle the larger loads during the day, and lower loads at night without overloading? For instance, Amazon needs lots of extra computation power around the winter holidays, which might not be needed in the middle of summer. Thinking of computing: is anything really secure? I definitely like having my information physically stored some place. While I like the Cloud, I don’t trust it completely. One of the reasons the government hasn’t moved over to the cloud is that they haven’t figured out ways to make it secure.
I think what was more scary though was the video that was shown as a demonstration of the way computer code could cripple us. Since everything is connected, it can be vulnerable. Remember how Stuxnet destroyed Iranian nuclear processing plants? In 2007 the Idaho National Labs showed how a generator could be destroyed by a hacker (see this video taken from CNN: http://edition.cnn.com/2007/US/09/26/power.at.risk/index.html#cnnSTCVideo ) . What might happen if all of our dams and power plants were attacked? In this country we have enough capacity for about 3 days without electricity to have normal functioning of our systems. After those 3 days, we might be in trouble. We probably don’t have that much to fear from state actors themselves, as any cyberattack would be met in kind, but how can we be protected from non-state actors?
I certainly feel good that this research IS going on. I hope to never really have to learn about it, because that means that something went wrong, and most likely someone could get hurt.