From Fear-Monger To Consensus-Builder

Vatis' new organization plans to offer a national research-and-development agenda, which will be assessed yearly, to help researchers decide where to concentrate their efforts.
Fear-monger. Chicken Little. That's the kind of criticism Michael Vatis took when, as founding director of the National Infrastructure Protection Center, he warned of potential hacking attacks with the arrival of the new millennium. After 2000 dawned without a single significant millennium cyberattack, he fell under attack himself, in the media. But Vatis, now director of the Institute for Security Technology Studies at Dartmouth College, isn't complaining. Because addressing national IT infrastructure security problems is a critical mission that's become only more important since Sept. 11.

Michael VatisFinding ways to secure IT infrastructure is the toughest shared challenge facing private business and government. There are problems in the design and programming of software, as well as in the ways various applications interact on a network. There are issues of how to convince business and government to share sensitive, closely held security information-and to spend on security initiatives without the promise of a direct return on investment. There's also the question of how laws will be enforced in a cyberworld that knows no geographical boundaries.

Vatis graduated from Harvard Law School in 1988 and clerked for Supreme Court Justice Thurgood Marshall and Judge Ruth Bader Ginsburg

As deputy director for the Executive Office for National Security, Vatis advised the attorney general on high-tech crime, terrorism, and defense

Vatis is an avid outdoorsman and white-water rafter

Arguably, no one in the country knows those problems more intimately than Vatis. After directing the NIPC for three years, Vatis, 38, decided earlier this year that he could address the information-security issue to greater effect as a cybersecurity evangelist and as head of security research at Dartmouth. The research under way at the Institute for Security Technology Studies includes the development of a system-security-evaluation simulator to help organizations understand the interplay of cybersecurity applications in complex networks, a monitoring system that would report the real-time health status of the Internet, and a warning mechanism to detect the early stages of cyberattacks.

The threats to business and critical infrastructure are profound: Telecommunications, energy, financial systems, and air-traffic control are all vulnerable to attack. That's why Vatis is establishing the Institute for Information Infrastructure Protection (I3P). Its mission: to develop a national R&D agenda for information-infrastructure protection that will identify and prioritize the top security needs. With a total of $6 million that Congress has appropriated for fiscal years 2001 and 2002, Vatis is approaching other academic research centers and leaders in business and government to participate.

As Vatis envisions the group's growth, the IT-security agenda would be reassessed annually to help researchers decide where to focus most of their efforts. "It could also be used as an assessment and measuring tool by government agencies that provide funding for cybersecurity research," he says. "Private companies also could use the agenda to develop ideas for their research."

It's his background of building a consensus around the importance of information security that positions Vatis to bring his vision for I3P to fruition. And it's the high stakes that make achieving the goal a must, says Michael Erbschloe, author of Information Warfare: How To Survive Cyber Attacks (McGraw Hill Professional Publishing, 2001). "It's a formidable task, but one that must be done," Erbschloe says. "You couldn't have picked a more prepared, dedicated person than Vatis to get this job done."

Peter Thiel, CEO of PayPal Inc. A World Of Opportunity
David Busser, CIO of the 2002 Winter Olympics Winter Olympics CIO's Winning IT Strategy: Play It Safe
Michael Robertson, founder of and Win In Hand, He Takes Aim At Windows
Carol Kovac, IBM's VP of life sciences A Recipe For Mixing Science And Business
Richard Clarke, chairman of the President's Critical Infrastructure Protection Board Tenacity Carries The Cybersecurity Message
Christopher Klaus & Thomas Noonan, Internet Security Systems Inc. Transparency Is Apparent In Duo's Vision For IT Security
Dr. Paul Tang, chief medical information officer at the Palo Alto Medical Foundation Patient-Privacy Issue Gets A Doctor's Care
Gene Tyndall, VP of global markets and E-commerce for Ryder He's Fixed On Keeping The Supply Chain Strong