SaTC PI Meeting - Cross Disciplinary Conversations

1. How can we teach, and encourage and evaluate the teaching of, safe programming practices to reduce vulnerability of future software systems?
Discussion/additional questions: Develop strategies for improving educational approaches, not necessarily limited to CS majors (or to universities)

2. What threat models should guide future SaTC research?
Discussion/additional questions: explore/summarize a range of threat models and related assumptions. What if the hardware is compromised? A software download? What social, political, economic, and organizational factors and developments affect the nature of threats?

3. What are the characteristics of SaTC ideas/technologies that are ready for transition to practice, and what are the success paths and pitfalls for different approaches to transition?
Discussion/additional questions: start to establish a set of resources and examples available to help PIs mature their ideas and get them to the point where they make a difference to the cybersecurity infrastructure

4. What are the barriers to creating systems with security and privacy properties that users can understand and use?
Discussion/additional questions: Discussion of principles of user interface design, security/privacy policies, design/implementation issues; list of barriers, approaches to removing them.

5. What might a building code for critical infrastructure software/hardware look like?
Discussion/additional questions: Regulations are in place for software for some critical systems, such as systems for flight control and nuclear power safety systems. Some legislation debated in the US Congress this session included some regulations concerning software control of the US electric power grid. If the cybersecurity research community were to be consulted, what guidance would it give on the architectural principles and structures for critical infrastructure systems? Would it differ for different kinds of infrastructure? Is a "building code" for such software feasible or desirable?

6. What models are being used in cybersecurity research, and what models are needed?
Discussion/additional questions: One view of natural science is that it is an activity aimed at building descriptive and ultimately predictive models of the real world. Building better scientific foundations for cybersecurity means understanding the models we (sometimes implicitly) use in our research. These include models of components, protocols, access controls, games, user cognition and behavior, markets, organizations, complex systems.

7. Where does deconstructive security research belong in the research portfolio?
Discussion/additional questions: NSF and others have funded research that exposes flaws in current systems. Often the types of flaws found are not novel, although their context is. What does this type of research do to advance science or provide broad impact to society? What economic, political, and social impacts should be taken into account in determining whether to fund such research? Should NSF seek partner agencies in funding this kind of research?

8. What policies and norms should govern the Internet commons in an era of cyberwar?
Discussion/additional questions: Can we have governance of the "commons" of the Internet with the threat of warfare? What technical and social mechanisms might bring this about? For example, what are the prospects of identifying an attacker who aims to hide? What changes to computing and communication infrastructure might facilitate or inhibit the conduct of cyberwar? What is the scope of the "battlefield"? See Herb Lin column in June 2012 CACM encourages computer scientists to participate in discussions on this topic.

9. How do research methods vary across the disciplines involved in cybersecurity?
Discussion/additional questions: Cognitive science experiments may be able to handle only a relatively small number of subject or replications, while tools for monitoring computer systems can generate reams of data on a daily basis. What are the best ways to study cybersecurity issues? What guidance is available for experimenters and other researchers involved in cross-disciplinary studies?

10. What modeling techniques should we use to account for the role of humans in complex cyber systems?
Goal: Discuss and characterize alternative approaches to modeling the role of humans as elements of complex systems in which malicious behavior is a possibility.

11. Predicting the next "flash crash" or blackout: What methods are available for evaluating the stability/trustworthiness of complex digital infrastructure systems?
Discussion/additional questions: As a society, we are building more complex, more integrated digital/analog systems. Some of them are starting to show signs of instability occasionally. What tools are available to analyze their stability in the face of both natural fluctuations and malicious behavior?

12. Anonymity and accountability: how do we enable tradeoffs?
Discussion/additional questions: While security and privacy may sometimes be opposed, they often need not be. However, anonymity and accountability do seem to be directly opposite. At different times and in different contexts, either anonymity or accountability requirements may dominate, or some intermediate ground may be sought. What tools are available for stating the policies and requirements and building systems that can realize them?

13. What policies and technologies would be required to enforce the expiration of data?
Discussion/additional questions: It seems increasingly difficult to comprehend, much less control, the river of data that each of us creates in the course of a day, a week, or a month. Most of that data should probably disappear after some relatively short period of time, but how can this be accomplished? Technology is necessary but not sufficient; policy and non-technical enforcement is needed as well. The discussion should consider and develop combinations of policies and technologies that might be used to enforce varying requirements for assuring data intended to be of temporary use does not persist

14. How can we assure provenance, integrity, longevity of scientific records?
Discussion/additional questions: Scientific results depend critically on understanding data captured from experiments and from observations of the natural world. Very little of today's scientific data is captured or stored without the involvement of a computing system. Further there is increasing demand for data from publicly funded science to be made available to the public as soon as possible. This discussion should explore the policies, requirements, and mechanisms available for assuring provenance, integrity, and preservation of scientific data in the face of potentially malicious behavior.

15. Identity management: why don't we have it and do we actually need it?
Discussion/additional questions: authentication and identity management have been studied and in various forms implemented for many years, yet few of us have seen the hoped-for benefits of the work, such as simplified authentication across many diverse systems. This discussion will consider why identity management seems not to have transitioned into widespread use and whether it's really needed.

16. How can we leverage R&D work done to improve cybersecurity education?
Discussion/additional questions: How to identify key concepts during the research phase and incorporate those concepts in cybersecurity curricula? How to make developing educational materials an integral part of R&D activities? Discuss possible guidelines for PIs that could increase the overall educational/technology transfer of their research.

17. How can the nation best build and sustain an appropriately sized and qualified cybersecurity workforce?
Discussion/additional questions: Discuss the supply of cybersecurity professionals and options for growing the supply of talent. What is the knowledge base required of cybersecurity professionals and the implications for this knowledge base of emerging technology developments? What are the pros and cons of certification? How to assess the effectiveness of cybersecurity education? How cybersecurity professionals might be made more productive? Discuss barriers that stand in the way to broader use of processes and tools that afford greater productivity.

18. What issues are unique to cyber warrior education (compared to other members of the cyber workforce)?
Background: In 2012, the National Security Agency announced an academic program in Cyber Operations and four universities received this NSA's imprimatur. The Cyber Operations designation focuses on deep technical content and includes offensive, classified camps for students and faculty. Discussion/additional questions: Define the cyber warrior. What is the role of the cyber warrior as compared to other members of the cyber workforce? Compare the military and non-military cyber education. Discuss potential problems of exposing civilian students and faculty to advanced offensive techniques.

19. What incentives, norms, attitudes, habits, cognitive limits, or other mechanisms present the most important obstacles to cybersecurity, and how might such factors be utilized to benefit cybersecurity?
Discussion/Additional questions: #Individual-Level Cybersecurity Obstacles and Affordances: How might we best determine which obstacles or affordances are of greatest interest? Topics that might be considered here include the strengths and limitations of cybereconomic incentives, the role of human cognitive limits and strengths, the impact of situation, and security self-perception (responsibility to others, perceived capacity for action, security role, etc.).

20. What are the group, organizational, institutional, and policy obstacles to cybersecurity?
Discussion/additional questions: #Collective-Level Cybersecurity Obstacles and Affordances: How might these be utilized to benefit cybersecurity? How might we best determine which obstacles or affordances are of greatest interest? Topics that might be considered here include the public goods / public health model of cybersecurity as well as the community security model.