Protecting Cyberspace

Research institute helps to keep computer criminals at bay.

By Kathleen Kocks

On Feb. 15, 1946, the world’s first electronic computer, ENIAC, was dedicated at the University of Pennsylvania’s Moore School of Electrical Engineering. Built for the U.S. Army Ordnance Corps, ENIAC was only used for scientific purposes, like performing mathematical calculations for ballistic trajectories or atomic energy. ENIAC’s world was confined to a large room.

The world of today’s computers, known as cyberspace, is far vaster, spanning the globe and reaching beyond the solar system. Cyberspace brings people together, facilitates commerce, defends the country, and manages national infrastructures like power grids and communication systems. It is hard to imagine an area that cyberspace does not touch.

Cyberspace is also an ever-expanding frontier that lacks sufficient defenses and policies to prevent abuse of its enormous capability and power. Some of cyberspace’s vulnerabilities are increasingly apparent: hackers, worms, viruses, spyware, identity theft, invasion of personal privacy, and the potential for cyberterrorism attacks that could cripple our country in a matter of minutes.

To help bring order to this frontier, GW established in 1993 the Cyberspace Policy Institute, based in the School of Engineering and Applied Science’s Department of Computer Sciences. The institute was founded by Lance J. Hoffman, who is known for his pioneering research on computer security and risk analysis, and for his interdisciplinary work in computer privacy issues. He currently is a distinguished research professor in charge of the computer security and information assurance program in computer science, and he is often quoted in the media.

About five years ago, the institute added to its charter and became the Cyber Security and Policy Research Institute.

Lance J. Hoffman, founder of GW’s Cyberspace Policy Institute

Julie Woodford

“The institute originally focused on policy analysis, particularly concerning personal privacy. One of the biggest issues involved e-commerce and privacy policies addressing what companies could or could not do with personal information obtained during computer transactions,” explains Dianne Martin, CSPRI director, professor, and chair of the Department of Computer Sciences. “Then we had 9/11, the war with Iraq, the Patriot Act, and homeland security, so the focus at the institute shifted to include cyberspace security. The institute looks at pending government regulations and legislation related to cyber privacy and security. We also are involved in research to provide technical solutions to the problems.”

With the needs of cyberspace expanding beyond pure computer science, CSPRI serves as an umbrella organization for many disciplines within the University.

“It promotes an interdisciplinary approach to solving problems that require expertise in computer science, engineering management, the law, and ethics. We need people with different perspectives looking at these issues, and the institute brings together people who don’t normally talk. It allows us to look at things in a broader way, and it provides a more interdisciplinary research environment and application of that research,” Martin says.

What becomes of interest to the nation’s policymakers is what becomes of interest to the institute. Issues researched at CSPRI include identity theft, electronic commerce, electronic copyright policy, electronic voting, cyberterrorism, and open source software.

“In terms of our policy work, we look at how computer technology enables various capabilities, research how those capabilities are being exploited or could be exploited, then we look at creating policies that prevent those abuses. We have to have policies, because if you just let technology be the driving force, there is always the possibility of a host of unintended consequences.

“We also have to consider very carefully before establishing policies. There’s a delicate balance between creating policies that are truly needed versus being too heavy-handed with policymaking.”

Much of the research at CSPRI is related to cyber security and details are understandably kept under wraps. But an area that has received significant exposure is CSPRI’s recent focus on open source software.

Dianne Martin is the director of the Cyber Security Policy and Research Institute.

Julie Woodford

Open source software such as Linux allows users to have access to the software’s complete code, as opposed to proprietary software such as Microsoft that requires the manufacturer’s support. To assist the federal government as it began considering what kind of software it would use to improve cyber security, CSPRI held four conferences on open source software, inviting speakers from all sides of the table to facilitate full discussion.

“The issues surrounding this topic are all about security and control, as in who gets to controls your data,” explains Tony Stanco, CSPRI’s associate director. “When you are using a computer that runs proprietary software, you have no idea how it works or what the software might be doing in the background. It could be sending out your private data to the software’s manufacturer or another third party without you knowing it.

“With open source software, you can audit the code and see for yourself what is going on. You can make modifications, fine tune the applications and fix problems yourself, rather than having to wait for someone else to fix it. This is especially important for Department of Defense computers.

“One of the biggest issues for the U.S. government today is the existence of vulnerabilities in the computer infrastructure. They are trying to patch them up before we have a cyber 9/11. Open source software allows them to get more eyeballs on the problem faster, so you have a much quicker turnaround when it comes to fixing problems. You don’t have to wait for the software’s manufacturer to come help you.”

Funding for CSPRI’s conferences and research comes from various sources but primarily from the Department of Defense, the National Security Agency, and the National Science Foundation. Besides attracting research funding, the institute also obtained a significant grant from NSF to provide scholarships for GW students in computer science, engineering management, and forensics.

“Students who are U.S. citizens and are studying computer security can obtain a full-boat, two-year scholarship; in return they pay back the scholarship through two years of service at a U.S. government agency. The objective of the scholarship is to build the expertise needed to protect the nation’s infrastructure within the context of the government,” Martin says.

“If you ask what the tangible benefit of the institute is, I’d say it’s that we are educating students who are going to go out to protect our nation’s infrastructures. Our research is helping to find technological solutions to some heinous computer security problems and helping craft policies to prevent abuses.”

back to top

© 2005 The George Washington University
The George Washington University is an equal opportunity/affirmative action institution.