| Founded | 2001 |
|---|---|
| Location | Dartmouth College, Hanover, NH, USA |
| Key people | Martin N. Wybourne, I3P PI; Martha Austin, Executive Director; Shari Lawrence Pfleeger,Research Director, Heather Drinan, Associate Director for Research |
| Focus | Computer security Critical Infrastructure Protection |
| Members | 27 |
| Website | www.thei3p.org |
The Institute for Information Infrastructure Protection (I3P) is a consortium of national cyber security institutions, including academic research centers, government laboratories and non-profit organizations, all of which have long-standing, widely recognized expertise in cyber security research and development (R&D). The I3P is managed by Dartmouth College, which is home to a small administrative staff that oversees and helps direct consortium activities. [1]
The I3P coordinates and funds cyber security research in several areas related to critical infrastructure protection and hosts high-impact workshops that bring together thought leaders from both the public and private sectors.[2][3] The I3P brings a multi-disciplinary and multi-institutional perspective to complex and difficult problems, and works collaboratively with stakeholders in seeking solutions. Since its founding, in 2002[4], more than 100 researchers from a wide variety of disciplines and backgrounds have worked together to better understand and mitigate critical risks in the field of cyber security.
Contents |
History of the I3P The I3P came into existence following several government assessments of the U.S. information infrastructure’s susceptibility to catastrophic failure. The first study, published in 1998 by the United States President's Council of Advisors on Science and Technology (PCAST), recommended that a nongovernmental organization be formed to address national cyber security issues. Subsequent studies–by the Institute for Defense Analyses, as well as a white paper jointly produced by the National Security Council and the Office of Science and Technology Policy–agreed with the PCAST assessment, affirming the need for an organization dedicated to protecting the nation’s critical infrastructures. [5] In 2002, the I3P was founded at Dartmouth College, with a grant from the federal government. Since its inception, the I3P has:
Funding for the I3P has come from various sources, including the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST) and the National Science Foundation (NSF).[6]
An extensive list of I3P member institutions is as follows:[7]
Privacy in the Digital Era
Researchers from five I3P academic institutions are engaged in a sweeping effort to understand privacy in the digital era. Over the course of 18 months, this research project will take a multidisciplinary look at privacy, examining the roles of human behavior, data exposure, and policy expression on the way people understand and protect their privacy. [8]
Leveraging Human Behavior to Reduce Cyber Security Risk
This project brings a behavioral-sciences lens to security, examining the interface between human beings and computers through a set of rigorous empirical studies. The multi-disciplinary project draws together social scientists and information security professionals to illuminate the intricacies of human perceptions, cognitions, and biases, and how these impact computer security. The project’s goal is to leverage these new insights in a way that produces more secure systems and processes.[9]
Better Security Through Risk Pricing
I3P researchers on this project have examined ways to quantify cyber risk by exploring the potential for a multi-factor scoring system, analogous to risk scoring in the insurance sector. Overall, the work takes into account the two key determinants of cyber risk: technologies that reduce the likelihood of attack and internal capabilities to respond to successful or potential attacks.[10]
Survivability and Recovery of Process Control Systems Research
This project builds on an earlier I3P project in control-systems security to develop strategies for enhancing control-system resilience and allowing for rapid recovery in the event of a successful cyber attack.[11]
Business Rationale for Cyber Security
This project, an offshoot of an earlier study on the economics of security, addresses the challenge of corporate decision-making when it comes to investing in cyber security. It attempted to answer questions such as, “How much is needed?” “How much is enough?” “And how does one measure the return on investment?” The study includes an investigation of investment strategies, including risks and vulnerabilities, supply-chain interdependencies and technological fixes.[12]
Safeguarding Digital Identity
Multidisciplinary in scope, this project addresses the security of digital identities , emphasizing the development of technical approaches for managing digital identities that also meet political, social and legal needs. The work has focused primarily on the two sectors for which privacy and identity protection are paramount: financial services and healthcare.[13]
Insider Threat
This project addresses the need to detect, monitor and prevent insider attacks, which can inflict serious harm on an organization. The researchers have undertaken a systematic analysis of insider threat, one that addresses technical challenges but also takes into account ethical, legal and economic dimensions.[14]
The I3P delivered a report titled National Cyber Security Research and Development Challenges: An Industry, Academic and Government Perspective,[15] to U.S. Senators Joseph Lieberman and Susan Collins on February 18, 2009. The report reflects the finding of three forums hosted by the I3P in 2008[16][17] that brought together high-level experts from industry, government and academia to identify R&D opportunities that would advance cyber security research in the next five to 10 years. The report contains specific recommendations for technology and policy research that reflect the input of the participants and also the concerns of both the public and private sectors.
The I3P connects with and engages with stakeholders through workshops and other outreach activities that are often held in partnership with other organizations. The workshops encompass a range of topics, some directly related to I3P research projects; others that are intended to bring the right people together to probe a particularly difficult foundational challenge, such as secure systems engineering or workforce development.[18]
Since 2003, the I3P has sponsored a postdoctoral research fellowship program that provides funding for a year of research at an I3P member institution. These competitive awards are granted according the merit of the proposed work, the extent to which the proposed work explores creative and original concepts, and the potential impact of the topic on the U.S. information infrastructure. Prospective applicants are expected to address a core area of cyber security research, which might include—but is not limited to—trustworthy computing, enterprise security management, secure systems engineering, network response and recovery, identity management and forensics, wireless computing and metrics, as well as the legal, policy and economic dimensions of security.[19]