In the wake of the September 11 attacks, there was a flurry of initiatives aimed at securing airplanes and public buildings. Yet scant attention was paid to a significant though less tangible threat: that of an attack on a critical system, such as a financial network, the Internet, or the power grid.
Berkeley EECS Professor Shankar Sastry, who had just completed a stint as director of DARPA's Information Technology Office, grew concerned that even Defense Department officials were dismissing the threat of cyber terrorism. "They were too busy thinking about chemical, biological, and nuclear threats to pay attention to what I think is a more likely target," he says. At the same time, Sastry saw the potential to use emerging technologies—particularly wireless sensor networks (see A Tiny Revolution)—to protect physical infrastructure such as power plants, water systems, and natural gas pipelines.
So, Sastry decided to bring research universities and industry together to develop new approaches to securing computer networks and other critical systems. In 2005, his efforts paid off when the National Science Foundation awarded a $39 million, 10-year grant to create TRUST, an acronym for Team for Research in Ubiquitous Secure Technology. The TRUST grant was one of only two Science and Technology Center grants awarded by the NSF that year, and it will undoubtedly turn Berkeley and the other participating universities—which include Cornell, Carnegie Mellon, and Stanford—into the nation’s leading centers for computer security research.
Under Sastry's leadership, TRUST has taken a broad approach to computer security, touching on isssues of public policy and sociology in the effort to improve technology. "There are not going to be solely technological solutions to security problems," says Fred Schneider of Cornell, TRUST's chief scientist. "It’s going to be a melding of technical, legal, economic, and political solutions."
At Berkeley, more than a dozen faculty in EECS and other departments are working under the aegis of TRUST to address technical and social challenges in computer security. EECS Professor David Wagner is tackling the problem of pervasive security vulnerabilities in software code. Doug Tygar, who is affiliated both with the EECS department and Berkeley's multidisciplinary School of Information, is developing security software that even naive users can employ effectively. EECS Professor Vern Paxson is working on network intrusion detection and defenses against Internet worms.
In addition, faculty affiliated with TRUST and Berkeley's Center for Information Technology Research in the Interest of Society (CITRIS) have been looking at ways to protect and monitor physical infrastructure, which the Department of Homeland Security cites as particularly vulnerable. TRUST's premise is that secure wireless sensor networks will control the physical infrastructure of the future. "Fault detection in large-scale infrastructure is quite challenging, requiring complicated and expensive hardware," Sastry, now dean of Berkeley's College of Engineering, explains. "A distributed sensor network may be a more secure and cost-effective solution."