The Department of Defense has decided to give Carnegie Mellon University $35.5 million to help combat cyberterrorism.
But the tactics the university will develop to flummox al-Qaida and other terrorists really won't be much different than those needed to block garden-variety Internet crooks and snoops.
"These problems have always existed," said Pradeep Khosla, head of the university's electrical and computer engineering department and director of the newly formed Center for Computer and Communications Security. "Terrorism only increased the visibility of these problems."
With the world's electronic infrastructure expanding by leaps and bounds, it's essential to commerce, not just homeland security, that Internet users be able to verify that people on the Net are who they say they are and that computers and other components resist attacks by hackers, whether they are terrorists or pranksters, Khosla said.
Khosla and his colleagues at CMU and the CERT Coordination Center, which was created as the nation's first computer emergency response team, have been working for two years to establish a renowned computer security center.
"We want Carnegie Mellon to be the top player in this arena," Khosla said.
The new, five-year Defense Department grant will provide a major boost toward that goal. Combined with funding from the National Institute of Standards and Technology, the National Science Foundation, the state and private companies, the defense money will push the center's budget to $8 million this year.
Four new faculty members have been hired in the last 18 months to help with the workload, Khosla said; and Michael Reiter, formerly a security researcher at Bell Labs, has been hired as the center's associate director.
Stephen Cross, director of the Software Engineering Institute in Oakland, which includes CERT, said most of the incidents reported to CERT are not viruses or worms that can spread to computers around the globe, but specific attacks on the computer systems of particular companies or organizations.
Many software systems have internal flaws that can be exploited by hackers, so these systems must be protected by devices such as firewalls that try to block the flow of certain information into a computer, Cross said.
But security could be significantly improved by eliminating the software flaws in the first place. A center such as CMU's may be in an ideal position to make such improvements, he added, because researchers aren't tied to a particular product line or a need to answer to shareholders.
Research under way at the computer security center includes efforts to design artificial intelligence into individual computer components, such as disk drives or network cards, so that the components can sense if they are under attack and take countermeasures, such as shutting down or reporting the incident.
The ability to verify the identity of users and the veracity of information also is a major focus of the center, Khosla said. Biometric measures, such as fingerprints, iris patterns, signatures, face recognition and voice scans, have all been studied as possible means of verifying identity, but the ultimate solution likely will involve some combination of those measures.
"You may wear a mask so you look like me, but it's not likely that you're going to look like me, sign like me and sound like me," Khosla said. As the electronic network expands, such computer security measures could encompass many aspects of modern life, he said.
For example, the identity of airline pilots could be verified every five minutes in flight, and if the pilot seemed to be absent, the plane could be automatically placed on autopilot, he said.
The advent of "smart" buildings, which have sensors for detecting fires, intruders or other disruptions, will increase the need for computer security. "Sensor spoofing" -- tricking a sensor -- could become a major problem if the computer infrastructure is not designed so that each sensor can authenticate itself, he said.
Byron Spice can be reached at bspice@post-gazette.com or 412-263-1578.
