Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Hard Problems Workshop(s) Summary Leonard Popyack, PhD Nov 12, 2014.

Published byAdan Thurmond Modified over 9 years ago

Similar presentations

Presentation on theme: "Cybersecurity Hard Problems Workshop(s) Summary Leonard Popyack, PhD Nov 12, 2014."— Presentation transcript:

1 Cybersecurity Hard Problems Workshop(s) Summary Leonard Popyack, PhD Nov 12, 2014

2 Two Multi-day workshops held March 2014 Cyber Security Hard Problem Workshop  Invited researchers (about 50)  Four focus groups  Identify Challenges, Hard Problems, and Research Challenges  Out briefings and Paper available (www.CyberRI.org)www.CyberRI.org July 2014 Cyber Security Hard Problem Workshop II  Focus on Financial Community, Defense, Medical Devices, Healthcare Information Systems, Industrial Control and SCADA systems, more  Day and half of Industry Expert presentations  101 Attended, Four focus groups, Industry Briefings, Out Briefings, Paper Available

3 Workshop I instructions Constrained hard problems to those that can be significantly advanced in 2-3 years Method  Brainstormed lots of cross-cutting ideas  Categorized them into major themes  Identified domains that would be most impacted Military Gov’t Intel Finance Health Power Transport

4 Application Domains Defense/Military Government Intelligence Financial Healthcare Transportation Power Others… Malware, cyber attacks, botnets, etc… SCADA/ICS Cloud computing BYOD Live forensics, incident diagnosis/analysis Mobile, wireless, etc… Data breaches Patching and upgrades Big data Anonymity Unmanned systems

5 Group Results - 1 Cyber Physical SmartGrid Cyber Education Authentication Unappreciated modes Resilience and Restoration Data at rest and in motion Medical Defense Against Zero Days

6 Group Results - 2 Ways to assess trust ways to minimize trust in service provider Security under constraints (bandwidth, computation, storage, latency, etc…) Information ownership and privacy (fine-grained distinctions and controls) Hardware root of trust (an ultimate base or turtles all the way down?) Software, hardware and humans… last are probably the weakest link Technology less of a barrier than economics… but user incentives may also help

7 Group Results - 3 Trusted Systems Privacy Human Element Quantifying the Value of Security Detection and Deterrence Automation Insider Threat Characterizing Security Goodness Science of Cybersecurity Modeling and Simulation Ensuring Security in Remote, Proprietary and/or Unfriendly Situations

8 Group Results - 4 Addressing Vulnerabilities of Trust Identification of System Behavior Cyber-Physical Systems Assuring Reliable Cloud Services Vulnerability of System Maintenance Procedures Complexity of the Hardware Security Problem Due to Increasing Complexity and Density of the Devices

9 Workshop II Subject Area Expert talks in  Cyber War 2008: Enduring Lessons from the Russian Attack on Georgia – David Smith  Air Force Research Laboratory: Overview, Cyber Community of Interest, Cyber Roadmap – Mr. Duchak, Dr.Rich Linderman, Mr. Scott Shyne  SCADA Cyber Security Issues-Mr. deSouza, Mr. Hoffman, JD David, R. Bearse  NYS Cyber Security-Dr. Peter Bloniarz  Financial Sector-BNY Mellon, Frank Perrelli  Power Authority-Ms. Lena Smart  SCADA Heartbleed-Mr. Chet Hosmer  Certified Security by Design-Dr. Shiu-Kai Chin  UAV Cyber Security-Dr. Victor Skormin  Medical Devices-Dr. Steven Baker  Biometrics-Dr. Stephanie Schuckers  Adaptive Malware- Dr. Bulent Yener  Invincible Automated Spear Phishing- Dr. Selmer Bringsjorf  Health Record Security-Dr. Linh Le, Dr. S. Marcinkowski, Dr. Murry  Computer Forensics-Mr. A. Martino

10 Workshop II – Group 1 Emerging field of medical device sensors Wireless data transfers that offer the freedom of movement Information security challenges  Authenticated association between the practitioner and device  Authenticated association between patient and device  Secure data on the device  Secure data in transit  Protection of personally identifiable information (PII).

11 Workshop II – Group 1 Challenge Problems foundational methods must be developed for trust associations  maintaining a “chain of attribution” bit for data  How to temporary use of PII  followed by a secure wipe, at the completion of transmission of patient data

12 Workshop II-Group 2 The lack of formal proofs, logical formulization, and mathematically- robust verification for the identification, verification, and measurement of a number of aspects of defense of cyberspace  (1) identification of each domain’s definition of security (i.e. not a “one-size-fits-all” approach);  (2) relevant security threat models;  (3) realistic cost vs. benefit analyses;  (4) levels of acceptable trust and resultant “secured” state; and  (5) the efficacy of analysis tools

13 Group 2 Internet of Things (IoT) and the vulnerabilities of fixed, centrally-controlled, physical systems Issues:  (1) how to effectively implement the technologies to secure components and their interaction with cyberspace in any industry  (2) the socio-political-economic issues that need to be addressed when utilizing these techniques Attack as Preemption  design techniques and components that are launched as a result of detection of specific triggers (data access, probing attack, behavior patterns, etc...) prior to an attack—hack back Movement/Mobility/Traps as Preemption  design techniques and software that enable mobility in currently static components.

14 Workshop II- Group 3 Authentication and authorization of users and devices  the foundation of trustworthy systems was also taken into consideration  hardware security primitives such as the Trusted Platform Modules (TPM), Physical Unclonabe Function (PUF), and True Random Number Generator (TRNG) require full verification and validation Assurance of embedded systems, cyber physical systems, and the IoT Cyber immune systems that could be used to protect software and hardware Identification of various dimensions of the costs and benefits of cybersecurity

15 Workshop II-Group 4 Metrics driven security is a very large obstacle  Lack of a tried and true model or process that supports decision making and resource allocation  The required number of employees and relevant skillsets to hire is at worst a random process and at best an educated guess by knowledgeable information security staff  Metrics-driven security program has the potential to revolutionize risk management and improve analysis  Metrics driven security solutions should be designed to identify risks, costs, and benefits associated with cybersecurity Trusted embedded systems  Moving portions of the operating system into silicon

16 Workshop II-Group 4 Transaction-based identity management  Layered Profiles  Data Evaporation  Automated Data Classification Identity management technologies  The goal is to strike a balance between the requirement for strong identity management and privacy considerations. Virtualization environments Anonymization technologies

17 Conclusions Full Papers and presentations available at www.CyberRI.orgwww.CyberRI.org

Download ppt "Cybersecurity Hard Problems Workshop(s) Summary Leonard Popyack, PhD Nov 12, 2014."

Similar presentations

ACHIEVING NETWORK LEVEL PRIVACY IN WIRELESS SENSOR NETWORKS.

ACHIEVING NETWORK LEVEL PRIVACY IN WIRELESS SENSOR NETWORKS.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.

 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.

4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D 202-254-5802.

Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
. Smart Cities and the Ageing Population Sustainable smart cities: from vision to reality 13 October 2014. ITU, Geneva Knud Erik Skouby, CMI/ Aalborg University-Cph.

. Smart Cities and the Ageing Population Sustainable smart cities: from vision to reality 13 October ITU, Geneva Knud Erik Skouby, CMI/ Aalborg University-Cph.
Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.

Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
PRIVACY, TRUST, and SECURITY Bharat Bhargava (moderator)

PRIVACY, TRUST, and SECURITY Bharat Bhargava (moderator)
Www.adira.org Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
SKA-cba-ase 031119 1 NSF and Science of Design Avogadro Scale Engineering Center for Bits & Atoms November 18-19, 2003 Kamal Abdali Computing & Communication.

SKA-cba-ase NSF and Science of Design Avogadro Scale Engineering Center for Bits & Atoms November 18-19, 2003 Kamal Abdali Computing & Communication.
By: Dr. Mohammed Alojail College of Computer Sciences & Information Technology 1.

By: Dr. Mohammed Alojail College of Computer Sciences & Information Technology 1.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google