Institute for Information Infrastructure Protection

Infobox Non-profit
Non-profit_name = The Institute for Information Infrastructure Protection
Non-profit_
Non-profit_type =
founded_date = 2001
founder =
location = Dartmouth College, Hanover, NH, USA
origins =
key_people = Martin N. Wybourne, I3P PI Charles C. Palmer, Chair and Director of Research
Martha Austin, Executive Director
Lauri Burnham, Communications Manager
Heather Drinan, Assistant Director for Research

area_served =
focus = Computer security Critical infrastructure protection
method =
revenue =
endowment =
num_volunteers =
num_employees =
num_members = 27
owner =
Non-profit_slogan =
homepage = [http://www.thei3p.org/ www.thei3p.org]
dissolved =
footnotes =

The Institute for Information Infrastructure Protection (I3P) is a consortium of national cyber security institutions, including academic research centers, government laboratories and non-profit organizations. It was founded in September 2001 to help meet a need for improved research and development (R&D) to protect the United States' information infrastructure against catastrophic failures. Its main role is to coordinate a national cyber security R&D program and help build bridges between academia, industry and government. It is funded by the US Department of Homeland Security and the National Institute for Standards and Technology.

Research Areas

The I3P coordinates and funds cyber security research to help secure US critical information infrastructures. In 2005 the Institute funded several multi-institutional research projects that targeted process control systems and the economics of cyber security. The research topics were selected through open dialogue within the Institute that considered gaps in national efforts, the criticality of the topic and the impact the I3P could have. Each project had a team leader with overall responsibility for the project, particularly for meeting milestones and producing deliverables.

urvivability and Recovery of Process Control Systems Research

The Survivability and Recovery of Process Control Systems Research Project, supported by the Institute for Information Infrastructure Protection (I3P), brings together cross-disciplinary research at leading national organizations to make the control systems used in critical national infrastructures more resilient, allowing for rapid recovery in case of successful cyber attacks. This project builds on the success of the I3P’s recently completed first project in control systems security and leverages tools, methodologies, and expertise that resulted from that project. By continuing to support research in this field, the I3P enables the joint capabilities of its member institutions to be focused on this problem that is so important to the safety and well-being of our modern society.

Business Rationale for Cyber Security

The Business Rationale for Cyber Security project, supported by the Institute for Information Infrastructure Protection (I3P), brings together cross-disciplinary research at leading national institutions to address the challenge of how organizations can make better cyber security investment decisions.

afeguarding Digital Identity

Safeguarding Digital Identity Research Project, supported by the Institute for Information Infrastructure Protection (I3P), brings together some leading research institutions to develop an analytical framework for identity and privacy protection focused on the finance and healthcare communities and to develop a set of identity and privacy protection capabilities that meet the needs of those communities.

Insider Threat

The Human Behavior, Insider Threat, and Awareness research project, supported by the Institute for Information Infrastructure Protection (I3P),brings together cross-disciplinary researchers at leading national facilities to develop a scalable infrastructure for detecting, monitoring, and preventing insider attacks with due regard for the ethical, legal, and economic needs of users and organizations. Much of the science for understanding insider threats is still immature, with results difficult to measure. This research project will provide a foundation both for understanding insider threats and for developing methods to protect critical infrastructures against insider attacks:

Past Projects:

Process Control Systems

The Process Control Systems Security Research Project focuses cyber security related research on improving the robustness of the information infrastructure in the oil and gas sector. Eleven institutions from across the country have joined forces to develop new solutions and demonstrate their effectiveness to the oil and gas sector owners, operators, and vendors.

Economics

The notion of levels of infrastructure guides the way the research is organized and coordinated. Information infrastructure security can be viewed from three perspectives: national, firm or enterprise, and technology. The national level views the information infrastructure as an element of national security, where cyber security incidents can disrupt, impair or destroy critical economic capabilities. The enterprise level considers the effects of degraded or destroyed infrastructure on the degree to which an enterprise can maintain its bottom line by developing and delivering products and services. The technology level addresses those technologies that protect the infrastructure, by deterring particular threats, preventing certain classes of attacks, or mitigating the consequences of attack.

Digital Commons

With funding from National Institute of Standards and Technology (NIST), the I3P began work on creating a digital commons of cyber security information, tools, and resources for researchers, librarians, students, and the public. The project, when completed, will identify resources in the broad area of information infrastructure protection. The suite of tools, services, and resources associated with the Digital Commons are free and open to the public. Some of the tools and services include: an international cyber security calendar, a cyber security organization directory and a cyber security glossary.

Members

*Center for Education and Research in Information Assurance and Security, Purdue University
*Center for Information Security, University of Tulsa
* [http://www.csds.uidaho.edu Center for Secure and Dependable Systems] , University of Idaho
*Columbia University Department of Computer Science
*Computer Security Research Laboratory, University of California at Davis
*Cornell University
*Critical Infrastructure Protection Program, George Mason University School of Law
*Georgia Tech Information Security Center, Georgia Institute of Technology
*H. John Heinz III School of Public Policy and Management, Carnegie Mellon University
*Information Security Institute, Johns Hopkins University
*Information Technology and Operations Center, United States Military Academy
*Information Trust Institute, University of Illinois Urbana-Champaign
*Institute for Civil Infrastructure Systems, New York University
*Institute for Security Technology Studies, Dartmouth College
*Lawrence Berkeley National Laboratory
*MIT Lincoln Laboratory
*MITRE Corporation
*Pacific Northwest National Laboratory
*RAND Corporation
*Sandia National Laboratories
*School of Informatics, Indiana University
*Software Engineering Institute (SEI), Carnegie Mellon University
*SRI International
*Stanford University Computer Science Department
*University of California at Berkeley
*University of Virginia
*University of Massachusetts at Amherst
*Idaho National Laboratory

External links

* [http://www.thei3p.org I3P Home Page]
* [http://www.thei3p.org/publications/ I3P Publications]