If you want to thwart thefts, you’ve got to think like a thief. Secure doors and windows with locks. Install and announce home security systems. Get a guard dog.
The same is true in cyberspace. But while it’s easy to test a lock on a door, how does a person or a company or a nation know if its cybersecurity efforts are, in fact, secure?
More than 4,400 cybersecurity researchers and students around the world call on USC and its partners for this assurance. The DEfense Technology Experimental Research laboratory (DETER) has a testbed of 500 connected computers that mimics the Internet and allows cyberwarriors to launch actual cyberattacks and create real defenses against them. It is, in essence, a cybersecurity researcher’s playground.
“It’s a research program about how do you do scientifically based cybersecurity testing. Most of what goes on out there still today, unfortunately, in cybersecurity is penetrate-and-patch…. Hack, hack, hack, it stood up to such hacking, it must be secure. But you don’t really know,” said Terry Benzel, deputy division director for Internet and networked systems at the USC Viterbi School of Engineering’s Information Sciences Institute (ISI). Benzel also leads DETER’s cybersecurity research and testbed project.
“So what we’re about,” Benzel continued, “is how can we scientifically say something is standing up to some security and how can we do it in a scientifically based way. That is, it has to be repeatable. It has to be analyzable. It has to be deterministic and the thing you want to test it in has to be representable in what the real world is. You’re not just testing it on one little computer. You’ve got to test it on something that looks like the real Internet or an enterprise.”
Testing the world’s cybersecurity efforts
The DETER Project, now in its 10th year, is based in Marina del Rey. A partnership between ISI, the University of California, Berkeley, and Sparta Inc., DETER is one of the largest facilities of its kind. Its work is funded in part by the Department of Homeland Security, the National Science Foundation and the Defense Advanced Research Projects Agency.
More than 600 research team members from academia, industry and government agencies have used DETER for cybersecurity research and testing. The researchers, who are based in 142 locations throughout the United States and around the world, have conducted 230 projects and published more than 100 papers on their work.
In order to be a good defender, you have to be a good attacker.
In addition, 67 educational institutions around the globe use DETER’s cybersecurity exercises in their classrooms, Benzel said, and more universities are joining in. This means that ISI, the place where the Internet was born, is also the place where more than 3,800 student-cyberwarriors learn, even as the next big threat — cyberphysical attacks — becomes more imminent.
“They are thinking about solutions to problems that are five years out,” Benzel said of the cyberwarriors. “In the old days, firewalls were the first thing. People were attacking you, you put a firewall up, and now you’ve stopped it and it can’t come through. Same thing with distributed denial of service. So now these researchers are looking at things that are a little bit farther out and coming up with ways to detect or prevent an attack happening in the future.”
Preparing for the next big threat
Adversaries aren’t just stealing credit card numbers from Target. Increasingly, they’re delving into cyberphysical attacks, those two-tiered threats that could, for example, poison a city’s water system and dupe the related computer system into believing that the drinking water is safe.
Even as cyberthieves get more sophisticated, so too does the dexterity of DETER’s cyberwarrior fleet. Thanks in large part to a grant from the National Science Foundation to develop education exercises, DETER is able to equip the next generation of cyberwarriors with the hands-on experience necessary to build a firewall, attack it, fortify it and start it up again.
DETER is accessed remotely around the world, including corporations such as Bell Labs, Aerospace Corp., FreeBSD Foundation and Intel Research Berkeley. It has also prepared a number of cybersecurity exercises for thousands of student users at universities around the globe, including Columbia University, Johns Hopkins University, Youngstown State University, Bar-Ilan University in Israel and Germany’s Technical University of Darmstadt.
“It’s really hard to teach cybersecurity,” Benzel said. “There’s ethical hacking issues and how do you give the kids hands-on without them breaking the university network or getting out into the real world.”
The hands-on learning experience that DETER students attain has made them very attractive in the job market, Benzel said. Many students have multiple job offers awaiting them before they graduate.
After completing an application process, cybersecurity researchers can observe cyberattack and cyberdefense technologies, scientifically test the innovations and even experiment with multiple defense approaches. With DETER at the epicenter, cyberwarriors around the world can replicate and validate their colleagues’ work.
Building a global community of cyberwarriors
“In order to be a good defender, you have to be a good attacker,” Benzel said. “One [approach] is to look at existing threats or previous set threats and see the evolution, what their genealogy is, in a sense. Most of the attacks you see today, you can kind of see the genealogy and trace it back somehow. The other one is to look at what parts — where do vulnerabilities exist. Because I don’t know what the threat is, but I now know that cyberphysical systems are vulnerable.”
Building a community of cyberwarriors, Benzel said, is key to countering attacks. Because adversaries are building their communities, too.
“The hackers, the bad guys, are not picking one problem at a time. In fact, what they’re doing is they’re finding the interconnect between different things and finding the vulnerabilities between different places,” Benzel said. “With DETER, somebody’s doing research on botnets and somebody’s doing research in Internet routing, and somebody who’s doing research in denial of service, they can come together and do a unified experiment that covers all of those.”