Reflections on CATCH

I attended the Cybersecurity Applications and Technology Conference for Homeland Security conference on March 3-4, 2009 in Washington, DC. I had to leave on Sunday to escape the snowstorm but it was well worth the effort. The keynote speech American Crisis in Innovation by Pascal Levensohn was the most thought provoking presentation. (See related BusinessWeek blog.) Pascal articulated the broken ecosystem of innovation in USA, and argued forcefully about the need for promoting effective innovation partnerships between government and university research organizations, corporations, and entrepreneurs. Pascal quoted several statistics from Judy Estrin's book Closing the Innovation Gap. Estrin has empirically proven that America has relied too much on incremental innovation in recent years at the expense of the open-ended scientific research that eventually leads to truly breakthrough innovation. How true! NRL funded the development of GPS in 1970s when no one could foresee the applications it spawned today. How many American organizations are investing today in the GPSs of the future? More importantly, how many decision makers are heeding Levensohn's alarm? 

Another interesting session was the panel discussion on the second day. I was particularly impressed with the comments of DHS Cybersecurity Chief Rod Beckstrom, who called for the adoption of Web 2.0 platforms within the government and the development of a generalized model for sensorizing the Internet. I was sad to read that Rod Beckstrom resigned today. It's great loss for DHS.

Our presentation on Real-time Detection of Fast Flux Service Networks was received well. The presentation generated lots of questions, and considerable interest in our Fast Flux Monitor demo at the expo. Tina Williams of Unisys asked one of the more interesting questions: From the tens of thousands of IPs in your DB, what user segments (ISP, edu, enterprise...) have this problem? Is the solution policy or technology? There is no question that ISPs and universities in USA are most seriously inflicted with the fast flux problem. The enterprise has a botnet problem with its mobile workforce. The government has started doing a better job in protecting its machines being recruited into zombies. The solution is both technology and policy. You can't be aware of the problem without the technology. However, you still need to train your personnel for effective remedies.

One final note. Congratulations to Dr. Doug Maughan, who runs the cybersecurity R&D at DHS using a collaborative model. As Milcord, we have participated in this program for the last three years. Open collaboration did improve our botnet defense solution with the suggestions of our colleagues in this program. Collaborative research programs in information technology are rare within the government. I wish more Program Managers adopted such a philosophy.