ATLANTA — Dr. John Copeland is one man cyberterrorists, hackers and crackers don’t want to cross.
After all, the National Security Agency has brought him and the company he founded, Lancope, onboard to develop a new generation of network defense with its “Therminator” program.
Now don’t expect Copeland, who also is technology transfer chair at the School of Electrical and Computer Engineering with the Georgia Institute of Technology, to show up in the “Terminator 3” movie with Arnold Schwarzenegger, even if Therminator is a great name.
The name has nothing to do with heat and detection, but the technology does measure the “many possible states” of a data stream “reminiscent of thermodynamic state parameters for warm matter, such as temperature and entropy,” Copeland said via e-mail.
He added that Therminator displays characteristics in bar charts, something network watchers can track easily.
Some of the programmers involved in the project talked about the thermodynamic process. And it is designed to detect and eliminate attacks before they begin. So when searching for a name, Therminator was a natural.
Real-time threat detection
The NSA has been working with Copeland and Lancope for two years to develop Therminator.
NSA wants to incorporate Lancope’s “StealthWatch” technology, which is an intrusion detection system for viruses, worms and hackers based on the characteristics of the programming. And the technology will be made available to private industry as well as the government.
NSA and Copeland believe they can develop a program that will present real-time graphical traffic details that permit security specialists and network administrators “to recognize and understand the impact of incoming and outgoing network attacks in real time,” they said in a joint statement.
“Armed with this enhanced network security technology, government agencies and private organizations can provide more proactive protection of sensitive and classified data.”
But because hackers are always coming up with new strategies and new attacks, such as the recent Slammer worm that hit networks and servers heavily around the world last month, the NSA and Copeland said Therminator will have to be cutting edge in order to be effective.
“The threat to computerized networks is growing — in sophistication, capability, and activity levels,” said Major General Dave Bryan, US Army, and commanding officer of the Joint Task Force for Computer Network Operations, in a statement. “Script-based intrusion detection systems do exactly what they are scripted to do and we must continue to employ them.
“The problem is that we must also expect the threat to know this and to do the unexpected. In other words, the sophisticated threat I am most concerned with is not going to behave in the expected way. Therefore, we must carefully script our systems to look for the unexpected because they are going to camouflage their malicious activity as otherwise normal activity.”
Dealing with the unexpected
A bit flummoxed, I readily admit, I asked Copeland how can you write a script to fight the unknown, the unexpected.
“You can only continually monitor what is going on and hope to notice unusual activity,” he said. “In this regard the human brain and visual sense may be more adaptable and reliable that any set of computer algorithms. This is why the defense agencies would like to see a data visualization technology in addition to the automatic alarms provided by StealthWatch and other systems.”
While terrorist threats just last week had the Department for Homeland Security increasing the threat level, people aren’t as focused on cyberterrorism that could be a weapon of mass destruction, or WMD, akin to chemical, biological or nuclear. How many networks could be “killed” and how many thousands or millions of people could be affected if a dam’s gates were opened or a power grid was shut down in the middle of a heat wave?
Men such as Copeland are concerned about such threats. Copeland said we probably have not seen the worst attacks yet.
Although Nimba, Code Red and others haven’t been directly linked to Al Qaeda or other terrorists, who is to say they didn’t launch Slammer?
Copeland certainly has the pedigree that would interest NSA. A graduate of Georgia Tech with BS, MS and Ph.D., he holds 38 patents and has a distinguished career in private industry as well as at Georgia Tech. He has worked on transmission of Internet Protocol data over high-speed networks, ran the Georgia Center for Advanced Telecommunications Technology, and has done extensive work on semiconductors, integrated circuits and much more.
He’s an entrepreneur as well, deciding to launch Lancope in 2000. Here’s how Lancope explains the firm’s creation and Copeland’s decision to focus on hackers:
“(Copeland) founded Lancope upon the discovery of ‘probing’ on his home computer through odd bursts of data in the fall of 1999. Recognizing that these data bursts had malicious intent, Dr. Copeland traced the probes back to the original sources using techniques to examine the listing of equipment that passed them along. Realizing the potential of the Internet and the damage hackers could inflict on businesses and government, he joined forces with John Jerrim (current vice president of engineering) to start Lancope and build StealthWatch.”
Teaming up with NSA is quit a boost to a corporate resume. But I also had to ask Copeland what it was like to work with the secretive government agency.
“The people at NSA and elsewhere in the defense community are very dedicated,” he said. “The Therminator technology has many fathers, but none of them want anything more than to see it place in time to mitigate a nation-scale cyber-attack, when and if one should occur. There is pressure to move quickly because of the uncertainty over how much time is left before it’s needed.”
I also asked Copeland to define hacker in his own terms. He didn’t stop there.
“A hacker can be someone who writes or modifies computer code rapidly, or an amateur tennis player or golfer. Some people claim to be ‘white hat’ hackers who are just interested in learning about networks and warning people of discovered vulnerabilities.
“The term ‘cracker’ is used to mean a network explorer who does damage, for fun or profit.
“A ‘cyberwarrior’ is someone defending us.
“A ‘cyberterrorist’ is someone attacking us.”
Unfortunately, there are too many of the latter out there seeking to do us harm.
(For a much more detailed explanation of the Therminator project and how Lancope technology works, be sure to read today’s Executive Q&A.)
Rick Smith is managing editor of Local Tech Wire.
Lancope: www.lancope.com
