Presented at
TROOPERS18 (2018),
March 12, 2018, 1:30 p.m.
(Unknown duration)
"When worlds collide!" is not just another random Seinfeld reference, it is the wake-up call for all security practitioners and cyber-savvy citizens to better understand Cyber-Physical Systems. Humans depend upon such systems in order to survive and yet the web of interdependencies that we spin up for more efficiency require us to depend upon such systems to understand our quickly-evolving cyber-physical environments. Although necessary, convenient, and less costly, the increase in general-purpose computational devices has the potential to introduce ‘weird machines' into our critical infrastructure as well as the systems used to make sense of their interdependencies.
"When worlds collide!" is not just another random Seinfeld reference, it is the wake-up call for all security practitioners and cyber-savvy citizens to better understand Cyber-Physical Systems. Humans depend upon such systems in order to survive and yet the web of interdependencies that we spin up for more efficiency require us to depend upon such systems to understand our quickly-evolving cyber-physical environments. Although necessary, convenient, and less costly, the increase in general-purpose computational devices has the potential to introduce ‘weird machines' into our critical infrastructure as well as the systems used to make sense of their interdependencies.
New threat catalogs are required to design systems that are safe, secure and resilient. No longer is it enough to understand that a threat exists, but the context in which that threat may exist can determine its potential impact. Our talk moves beyond the hype, and takes a "deep dive" into the maritime eco-system-a nexus of critical infrastructure and commerce upon which 21st century supply chains depend. Based on interactions with practitioners around the world, we will present a type system that captures cyber-physical dependencies within an artificial but realistic shipping port system. Although such a type system of Cyber-Physical modeling primitives-based on the principles of LangSec-is used in current academic research, in this talk we will demonstrate its use in the PacketWars cyber-simulation and gaming environment as a tool to evaluate risk assessment methodologies, CPS visualization, and the impact of threats based on actual intelligence.
We view this platform as a tool by which researchers can evaluate their analysis and response algorithms within the context of a realistic gaming environment. Furthermore, it is a platform for training others how to navigate an increasingly complex, interconnected environment; a web woven by the Internet of Invisible Things.
Presenters:
-
Bryan K. Fite
as Bryan K Fite
A committed security practitioner and entrepreneur, Bryan is currently a global account CISO at BT. Having spent over 25 years in mission-critical environments, Bryan is uniquely qualified to advise organizations on what works and what doesn't. Bryan has worked with organizations in every major vertical throughout the world and has established himself as a trusted advisor. "The challenges facing organizations today require a business reasonable approach to managing risk, trust and limited resources while protecting what matters."
-
Gabe Weaver
Gabriel Weaver is a Research Scientist at the Coordinated Science Laboratory at the University of Illinois at Urbana-Champaign. During his research career, Weaver has served at MIT's Lincoln Laboratory and as a non-residential fellow at Harvard where he designed an XML vocabulary to encode Ancient Greek Mathematical Diagrams. Currently, Weaver is PI on a project via the Critical Infrastructure Resilience Institute (CIRI) to look at the economic impacts of cascading disruptions to shipping port infrastructure. This project, in combination with his work as the Inaugural Dieckamp Postdoctoral Fellow at UIUC's Information Trust Institute, and in coordination with National Laboratories such as INL and PNNL, is being used to develop a Cyber-Physical Topology Language (CPTL) to encode and analyze interdependencies across critical infrastructure systems.
Weaver holds a Ph.D. from Dartmouth College, and a B.A. in Classics in Mathematics, with a minor in Computer Science from the College of the Holy Cross. He has been a long-time collaborator and contributor to concepts and code surrounding Canonical Text Services developed out of the Multitext of Homer Project at Harvard's Center for Hellenic Studies. For his dissertation at Dartmouth College, Weaver applied similar ideas to create eXtended Unix Tools (XUTools) to process a broader class of languages (in the language- theoretic sense) in which security policies are expressed. Throughout history, people have identified meaningful substrings of text and categorized them into groups for analysis such as sentences, pages, lines, function blocks, and books. Weaver's dissertation formalizes these structures via context-free languages by which practitioners can extract, count, and compare files in terms of high-level language structures. Articles on XUTools have been featured in news outlets such as ComputerWorld, CIO Magazine, Communications of the ACM, and Slashdot.
During his career at UIUC, he has co-advised 5 Ph.D students with Professor William H. Sanders, Department Head of ECE. Two of these students, co-authors with Sanders and Weaver, recently received best paper awards Weaver at highly-competitive conferences in systems security and resilience: QEST 2015 and DSN 2016. PI Weaver has a long history of educational outreach and mentoring including serving as a Lead Instructor for a Dartmouth Security Camp for 10 teenage students, to serving as a Resident Assistant (RA) for a hall of 60 Freshmen in college, to designing and teaching curriculum to roughly 16 incarcerated students with various mental disorders and criminal history.
Links:
Similar Presentations: