Introduction to the 5 Hard Problems

The SoS 5 Hard Problems

SoS has 5 Hard Problems that we are trying to solve. The problems were developed in a joint effort between NSA and the leading researchers at our SoS Lablets. Lablets are our small labs at leading universities. The 5 Hard Problems are: 1) Resilient Architectures, 2) Scalability and Composability, 3) Secure Collaboration, 4) Metrics, and 5) Human Behavior.

Resilient Architectures

Resilient architectures are design systems and networks such that they can resist compromise and when they are compromised they can maintain some level of functionality. Think of it like your immune system. A virus or bacteria gets into your body. In a resilient body, the first infection does not kill the host. The body continues to function, breath, heart, brain, etc.. However, there may be some degradation of performance. Congestion for example. Eventually the body recovers and performance is restored. The goal is to have something simliar to that.

Scalability and Composability

This hard problem is solve that problem that many security solutions fail at solving the problem at scale. It only works for small situations. The second part is composability. Composability is about connecting small program pieces together and knowing what the resulting security properties are. Normally, you can combine two perfectly secure components together, but the combined solution is insecure. 

Secure Collaboration

How do you share information securely? You want to have mechanism to have that solution. Privacy is also a key component of that. 

Metrics

In the cyber world we need quantiative measures that mean something and just numbers. For example. If I say I stopped 80,000 cyber attacks. Is that good? bad? something else? You don't know. There is no context. Stopping 80,000 of 80,001 attacks would be great, right? how about is that 1 attack is really bad? This hard problem is about developing good measures that really explain.

Human Behavior

Human Behavior is about understanding how human behave on the internet and developing models of it and technologies that are incorporate that. For example, understanding how people choose passwords, often easily guessed such as birthdates, then developing technologies to help people choose better passwords.

For more details visit the SoS Page on the 5 Hard Problems