MITRE CTO Dr. Stephen Huffman has built an impressive career at the corporation over the last two decades. He spoke with ExecutiveBiz about his and MITRE’s road to the present and what he wants to see from the firm in the coming months.
ExecutiveBiz: How have you see MITRE change over the last twenty-two years?
Huffman: MITRE, as you might be aware, is a not-for-profit corporation that manages federally funded research and development centers; one for the Department of Defense, one for the Department of Homeland Security, one of the Federal Aviation Administration and one that is co-sponsored by the Internal Revenue Service and the Department of Veterans Affairs. Over the last twenty-two years in my career at MITRE the biggest changes have been in response to the changes in the world environment since we are an organization that supports the government. The major problems that the government faces have moved from the Cold War when I first started at MITRE through the changes after the breakup of the Soviet Union and into today’s problems with counterterrorism and domestic issues. I think the basic problems that the government faces in acquiring systems and capabilities haven’t really changed; the major difference is the kinds of capabilities that they need to address new challenges. The second major change is in the area of technology. MITRE works primarily in the area of information-related technologies, and the emphasis has moved from developing custom-crafted applications for specific needs to selecting commercial products made available by the explosion in the commercial IT marketplace and finding ways to get those products to work together as part of a larger system. Today, in many cases the government is able to effectively integrate commercial products to deliver an information advantage rather than having to build unique capabilities to serve all of its needs. I think the capabilities in technology and problems that our customers face are really the two biggest areas of change that I have seen.
ExecutiveBiz: Could you talk a little bit about the goals that you have for research and development over the next 12 months?
Huffman: I think one of the big areas of concern across all government agencies is cyber security. A major focus area for our research is on how to protect information systems and information services from cyber attackers. Our goal is to develop technologies, tools, and techniques that enable systems to provide reliable and trustworthy information services even when they are under cyber attack. All information systems are built from components which are inherently untrustworthy—they are very complex systems that provide great capabilities but like all very complex systems they have flaws in their creation that cyber attackers can exploit. The industry works very hard to eliminate those vulnerabilities and flaws when they find them but it is really an arms’ race – the advantage is to the attackers because they only have to find a single vulnerability that they can exploit and the defenders have to try to eliminate all of them. Right now the cost to defend is very high and the cost to attack is very small. We would like to change that equation with technologies and operational approaches that level the playing field and require attackers to expend a lot of resources and have more expertise so that the cost of attacking outweighs the benefits.
ExecutiveBiz: Could you speak a little bit more specifically about some of the ways that that could be made possible?
Huffman: One of the key vulnerabilities that makes it harder to defend today is that virtually all of our information goes over internet protocol-based networks. The internet protocol was not designed with security in mind. One specific area which can be exploited is the fact that IP traffic has embedded within it the address of the sender of the information. However it is straight forward to change that address to whatever you want. It is impossible to ascertain where a particular piece of information came from or if it has been tampered with. We are working on techniques to try to change that; at least within the enterprise so that you can reliably identify the source of internet protocol packet traffic on your network and attribute it to the host in the network that originated it. Then you will be able to sort out the legitimate traffic on your networks from something that may have been sent by an attacker.
ExecutiveBiz: Can you talk a little bit more about the culture at MITRE and maybe what sets it apart from other firms?
Huffman: I think one of the things that people like about working at MITRE is our mission and purpose. Because we support the government in critical mission areas, we are working on things that are really important to the nation—national security, counterterrorism, and air traffic management for example. MITRE people take pride in our contributions to improving national security and the functioning of the government in general. Also, people who are intellectually curious enjoy working at MITRE. MITRE has a very diverse set of technical competencies represented in our staff. If you are interested in any particular area of information technology you can generally find an expert in that field somewhere in MITRE. We have a very collaborative culture and people are very willing to share their knowledge and understanding of particular topics. You can readily find people who can help you learn about something new, help you with a problem in an area that you haven’t encountered before, give you the benefit of their experience and do it in a very collegial way. I think the combination of having a mission to help our government do its job better as well as this collaborative information sharing culture are a couple of things that at least make me like working here.
ExecutiveBiz: What is a favorite hobby of yours or something that you spend a lot of your free time on?
Huffman: I enjoy woodworking. I have a small shop at home and I like to build furniture and things for the house—bookcases, cabinets, tables, structural woodworking and trim carpentry kinds of things.
ExecutiveBiz: Do you do that semi-professionally?
Huffman: No, just for my own personal enjoyment. It takes me far too long to finish a woodworking project in my spare time to even consider trying to create something for a customer.