CyDentity Sandpit – June 29 – July 1, 2015

Hosted by The Command, Control, and Interoperability Center for Advanced Data Analysis – CCICADA

 Homeland-Security-Seal       Sponsored by

        The U.S. Department of Homeland Security (DHS)

        Science and Technology Directorate (S&T)

       Cyber Security Division (CSD)


Venue Information:

Rutgers University, Busch Campus 
7th Floor, CoRE Building, Room 701
96 Frelinghuysen Road
Piscataway, NJ 08854

Public Parking:

Please park in lot 64 located between the CoRE Building and the Werblin Recreation Center.  CoRE is a 7 story dark brown brick building adjacent to the lots.
Parking permits will be available at the registration table on the day of the workshop.


Cyber Security Division (CSD): CSD’s mission is to enhance the security and resilience of the nation’s critical information infrastructure and the Internet by (1) developing and delivering new technologies, tools and techniques to enable DHS and the US to defend, mitigate and secure current and future computer and information systems, networks and infrastructure against cyber attacks; (2) conduct and support technology transition; and (3) lead and coordinate research and development (R&D) among the R&D community, which includes department customers, government agencies, the private sector and international partners.

CCICADA: The Command, Control, and Interoperability Center for Advanced Data Analysis (CCICADA) is a DHS Center of Excellence, which investigates the uses for advanced data analysis and analytics systems to address natural and manmade threats to the safety and security of the American people. CCICADA’s work is carried out by researchers and students within 17 partner institutions. The lead university in the partnership is Rutgers, the State University of New Jersey.


The ever-expanding internet – with its ever-increasing interconnectedness of digital communities, activities, and interactions – introduces new challenges to securing critical infrastructures, networks, data, applications, as well as individual access from cyber threats, attacks, and misuse.  Fraud, terrorism, criminal activities, and hacking can compromise our digital world at multiple levels, from the individual device or computer to network nodes to database or application servers to entire critical cyberinfrastructures. At the same time, the number of smart devices that are networked (for example, phones or tablets, health monitors like the fitbit, the apple watch, and even artificial organs) and the amount of very private data that is available from them continues to explode. Similar to how the Internet was not designed nor built with an identity and security layer, these new devices and the software operating them were designed for simplicity and speed rather than security.


One possible approach to ensuring the safety of our complex, interconnected web of computing  and communications devices (the so-called Internet of Things)  is to  identify and dynamically monitor the actions of all actors and the provenance of all digital traffic on our cyberinfrastructures.  This in turn requires us to ascertain the identities of both people and “things” to a degree of confidence commensurate with the risk they pose. Cybersecurity, in this view, then entails making complex trade-offs between knowing enough to secure systems, thereby preventing compromise, and collecting too much information, giving rise to privacy concerns.

As more and higher value services are delivered online, identity proofing people is another critical first step in ensuring personalized and accurate data services. Identity proofing is a sequential process comprising identity resolution (uniquely distinguishing an individual from all other people), identity validation (ensuring that the information used to resolve the individual is accurate and related to a real person), and verification (ensuring that the accurate information is claimed by the rightful person).

What does it take to identify these actors, whether people or non-person entities, in a network environment? What information is needed to assign or even measure a degree of trust to each such object? Is this possible today? Could we develop schemes or methods that enable us to perform such digital identification in a real-time, digitally relevant manner? Ultimately, can we combine this approach with notions of physical cybersecurity and expressions of the value of our digital data or networks or infrastructures to develop realistic measures (or metrics) of cyber risk? How does this broad, yet very precise knowledge of digital identity affect our individual or collective conceptions of privacy? Furthermore, when bad things happen in a network, how do we recover from them and proactively take action to mitigate further damage?

The Cyber Identity (CyDentity) Sandpit will address these challenges by considering how identity, provenance, fraud analytics and network security in very broad terms, can be combined in a process that would secure cyber and critical infrastructure networks. The Sandpit will propose and evaluate new techniques that could complement current protection-focused cyber security measures being investigated in most CSD projects. This exploratory activity will develop various approaches for demonstrating a so-called CyDentity concept. The results will include proposed alternate approaches to cybersecurity from the teams formed during the CyDentity Sandpit, documentation in a final report, and a research roadmap with proposed initial research programs.


The main objectives of the CyDentity Sandpit are to:

  • Identify challenge areas within Cyber Identity – identity proofing, securing things, reacting to adverse incidents and metrics for trust – and ascertain research disciplines needed to address these challenges
  • Develop multi-disciplinary project proposals through breakout session discussions and researcher sidebars
  • Develop a meeting report outlining the execution process, discussions, and outcomes of the Sandpit

The Results of this Sandpit meeting will be used by DHS S&T CSD to target future investments in these technologies.


Theme 1:  Identity Proofing in the Era of Social Media and Data Breaches

What challenges exist in each of the identity proofing steps with respect to balancing privacy with the need for data collection, ability to validate information when source authorities are not available, and lack of confidence in verification that depends on knowledge based questions which can be answered by mining social media or bought in underground forums that sell data from breaches. Mobility in the era of ubiquitous smart, portable devices, requiring identity proofing anywhere and anytime, further complicates these steps. Furthermore, if the goal is truly real-time functionality, the usability of proofing methods becomes a major concern.

 Scenario:  Anywhere/everywhere, anytime/always-on social media; a constant stream of data breaches; and national ID or identity cards. These are just a few of the aspects of our cyber environment being discussed in national-level conversations.

 Key questions:

To what level does the first topic contribute to the second?

  • Is privacy possible or even desirable under such conditions? Or, is it even relevant?
  • And would the third topic be a realistic way to mitigate the potential damage caused by the second?
  • What should we know about the source or history of data to trust them?
  • How do you know you can trust where your data came from or who sent it to you?
  • What and how are decisions made regarding privacy within a network and information sharing systems?

Theme 2:  Provenance for the “Internet of Things”

Provenance here refers to a recorded history of a digital object, which captures that object’s point of creation and all subsequent transfers and transformations. Provenance must include the actions taken on or with an object and the actors who took them. Today, some type and level of provenance is available for some digital objects. The research challenge is expanding the notion of provenance such that it is universally available to ensure an acceptable level of trust in the identity of the objects.

 Scenario: Today’s critical infrastructures are often controlled by obsolete SCADA systems that were designed and built as closed ecosystems. None were meant to be interconnected nor connected to the chaotic world that is now represented by the Internet of Things.

Key questions:

  • What are the threats?
  • What challenges do infrastructures owners or providers face in protecting their systems and Interconnections?
  • How do we build smart cyber defenses useful for dumb Infrastructures?
  • How would we then measure the security of an individual component, of a sector’s  infrastructure, and of the interconnected cyber-physical world?
  • What do we protect and to what level and at what cost?
  • How can we model individual and societal responses to cyber failures?
  • How do people interact and react under various stress conditions?
  • What are the interdependencies of infrastructure protection and societal practices?
  • At what point does the system break down?
  • What can we measure and use as indictors?

Theme 3: Metrics for Trust

A third objective for the CyDentity program is to offer a method for quantifying and expressing the relative trust of our cyber infrastructures, digital objects, and cyber identities. Metrics and measurements could be helpful in specifying the level of security or trust attainable and in making decisions about how to select and allocate cyber defenses effectively. Metrics that involve the degree of expanded provenance and identity proofing attainable might need to be augmented with metrics for expressing the value of the data or information contained on networks.

Scenario:  Fraud is an ever-present reminder that we as individuals and our computer systems consistently mistake the identity of those individuals or systems with whom and with which we interact. Money or identities are lost; infrastructures are compromised and rendered inoperative; illicit or counterfeit goods are exchanged. We engage in risk-taking behaviors without ever knowing the extent of the risks involved, and without consideration of the potential secondary effects on our communities and social infrastructures.

Key questions:

  • Can we use risk as a proxy for trust in such situations?
  • What does preventing fraud teach us about security-proofing our cyber systems?
  • What types of tools are needed to communicate fraudulent access and activity?
  • What does risk mean in a cyber world?

Attendance and Participant Expectations:

This event is by invitation only.

Further Information:

Further information can be found  at the CyDentity Sandpit website.


Leave a comment

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.