Phase II Research Projects

home > projects > Phase II Research Projects

The U.S. Department of Homeland Security recently approved an $11.7 million funding increase for Dartmouth's Cyber Security Collaboration and Information Sharing Project. To read more about the project, please see the recent press release Dartmouth gets award for cyber security studies. Below are the abstracts of I3P Consortium member institutions participating in each research project. You can also click on the title of each project to read each Project Fact Sheet and view presentations about the projects.

Business Rationale for Cyber Security:

Project Team Leader: University of Virginia

Institutional Participants:
University of Virginia
Rand Corporation
Tuck School of Business. Dartmouth College
School of Informatics. Indiana University
MIT Lincoln Laboratory

Abstract:
Organizations of all types (business, academia, government, etc.) are facing risks resulting from their ever-increasing reliance on the information infrastructure. Decision and policy makers managing these risks are challenged by a lack of information concerning the risks and consequences of cyber events and would benefit from an increased understanding of the implications of cyber security risks and solutions related to their information infrastructure and business. The proposed research project supports risk management efforts by studying essential components of risk management investment decisions: (i) what processes support a rational  approach to cyber risk management?, (ii) what data are needed to support rational decisions, and (iii) what are the  impacts to individual businesses and business sectors resulting from various investment alternatives? Sound, rational decisions require an understanding of IT risks and their impact on business events; this proposal supports these efforts via the development and refinement of decision support tools. To be of maximum utility, these tools require credible data of current and past situations, likely trends, and the impacts of current and past actions. Similarly, understanding the dynamics of cyber security is needed to help business decision makers understand the likely effects of cyber security choices.

The project will employ several techniques to explore and extend the state of the art: (1) analytical risk-based decision models, (2) computer-based collaborative decision aids, (3) field studies of industry practices, (4) case studies, and (5) identification and analysis of credible data sources to apply to decision support. Building on their past research of the economics of cyber security investment, team members will develop new understanding and new capabilities for more rational decisions for investments in information infrastructure security. The results of the project will be support tools, models and data useful to support InfoSec investment decision making across all of organizational levels that are engaged in such activities.. The methodology, body of data, and tools and techniques produced by the project will enable a widely applicable set of cyber security practices and tools that are informed by an empirical understanding of business processes, constraints, government policy, and cyber security risks. 

Safeguarding Digital Identity:

Project Team Leader: MITRE Corporation

Institutional Participants:
MITRE Corporation
Information Trust Institute. University of Illinois Urbana-Champaign
SRI International
Cornell University
SRI International
Center for Education and Research in Information Assurance and Security. Purdue University
Georgia Tech Information Security Center 

Abstract:
Identity theft has become a national problem due to the ease with which digital identities are compromised and to the ever-increasing demand for electronic access to information, goods, and services.  Capabilities to protect identity and privacy are critical to the various sectors of our national infrastructure, such as the financial sector and the health care sector.  This national issue is a multi-faceted problem; broad, holistic solutions that address and strategically balance technical requirements and business processes as well as policy, social, legal, and economic constraints are necessary for a successful approach to identity and privacy protection. Failing to address this national crisis threatens the nation’s economic well-being and individuals’ security and privacy.
The closely aligned problem domains of identity management (which includes defining and managing identity credentials) and privacy protection are large, and considerable effort is being applied to specific problems in those domains. Our objective is to enable enterprises in the critical infrastructure sectors of finance and healthcare to state requirements, implement solutions, and assess the relative benefits of alternative solutions, for handling digital credentials in Service Oriented Architectures.
To achieve our objectives, we will engage stakeholders and seek collaborative relationships with other research efforts to define a framework for describing digital credential requirements, comparing solutions, and identifying gaps.  We will also develop a proof-of-concept demonstration of the credentialing framework, in partnership with stakeholders, that demonstrates the ability to identify critical and relevant problems in this domain and solve them.By having a safe and acceptable way of exchanging credentials, we will have solved a large piece of the national identity and privacy protection problem.

Human Behavior, Insider Threat and Awareness:

Project Team Leader: RAND Corporation

Institutional Participants:
RAND Corporation
MITRE Corporation
Cornell University
Columbia University Department of Computer Science
Institute for Security Technology Studies. Dartmouth College
School of Informatics. Indiana University
Center for Education and Research in Information Assurance and Security. Purdue University

Abstract:
We propose to address the problem of insider threat by forming a collaboration of eight I3P member organizations:  Carnegie Mellon University, Columbia University, Cornell University, Dartmouth College, Indiana University, MITRE Corporation, Purdue University, and the RAND Corporation. Two primary objectives serve to focus and integrate the proposed research activities: technology exploration and environmental constraints. The first objective addresses the need for base technologies to monitor insider behavior, coupled with behavioral descriptions of suspicious inappropriate or illegitimate events or activities. In combination, the technology and monitoring will provide a lightweight, robust, and scalable event processing infrastructure that can be deployed in a range of at risk enterprises (e.g. the U.S. military, banks, chemical plants and refineries, and border and port security systems). The second objective addresses the need for a methodological framework for handling incipient and actual insider behavior once it is recognized.  Here, research efforts aim to characterize behaviors, determine risks, and understand the ethical, legal and policy choices available to technologists and policy-makers. Policy choices might include modifying institutional behavior, establishing clear policies, providing incentives for good behavior, and implementing training programs so that employees will better understand the risks and consequences of their actions. This information will inform decisions about preventing and dealing with insider threats. All of the research will be integrated with three workshops, intended to engage the stakeholders most affected by this work.

Survivability and Recovery of Process Control Systems:

Project Team Leader: MIT-Lincoln Labratory

Institutional Participants:
MIT-Lincoln Labratory
Information Technology and Operations Center. United Stated Military Academy
MITRE Corporation
Pacific Northwest National Laboratory
Sandia National Laboratory
SRI International
Information Trust Institute. University of Illinois Urbana-Champaign
Center for Information Security. University of Tulsa

Abstract:
This project is aimed at improving the survivability and recovery of process control systems (PCS) used in the oil and gas industry and other critical infrastructure sectors by ensuring that legacy and futuresystems are resilient against attacks. The project seeks to reduce the opportunity for an attack to be mounted against critical PCSs and their components, to increase the likelihood of detection if such an attack is made, and, if successful, operators can rapid recovery. Proposing members will accomplish this by methodically identifying critical PCS components, ensuring software is secure against attacks by design, by hosting, and by network configuration, and if the attacker is still successful, by ensuring recovery happens easily. Members will follow other related research, build and transition tools to industry, and participate in yearly workshops.