Summer 2019 Lablet Quarterly meeting focuses on Cyber-Physical Systems
Summer 2019 Lablet Quarterly meeting focuses on Cyber-Physical Systems
The Summer 2019 Science of Security and Privacy (SoS) Quarterly Lablet meeting was held at the University of Kansas (KU) in Lawrence, Kansas on 9-10 July 2019. This quarterly meeting focused on Cyber-Physical Systems. It was hosted by Perry Alexander, Principal Investigator (PI) at KU. The attendees were representatives from NSA, other Lablets Sub-Lablets and industry. In addition to presentations on Lablet research projects, the agenda included presentations from industry, a panel discussion and two NSA speakers.
The meeting with began with Dr. Deborah Frincke, NSA Director of Research, spoke on how to make innovation successful. She noted that lessons-learned from NSA research projects point to risk taking, teaming, budgeting, structure and training as critical components for innovation to work. Providing a different perspective, Mathew Kemph, Director of Intelligence Community Support at In-Q-Tel, focused on the challenge of connecting the three very different worlds of venture capital, government, and startups in order to deliver capabilities.
The Kansas Lablet has formed an Advisory Board whose members were recruited from a cross-section of industry and government (finance, healthcare, infrastructure, security, and manufacturing) that deal in CPS domains. The KU Lablet is the only SoS Lablet with an advisory board. Because of this uniqueness, a panel was held to discuss the board. Three KU AB members from Collins Aerospace, Nokia, and Sprint participated in a panel session where they provided their perspectives on their industries’ challenges and responses dealing with security and privacy of CPS.
Maurice (Mo) Bland, who has experience at both NSA and the ODNI in cybersecurity operations, expressed interest inemerging technologies and how they are going to be used, and is seeking to build partnerships with academia and industry to determine how academic research can be applied to IC challenges.
The first research presentation was from Ninghui Li of Purdue University, a Sub-Lablet of the North Carolina State University (NCSU) Lablet. Li spoke on the project “Principles of Secure Bootstrapping for IoTs,” addressing the motivations for the project, current research activities, and research directions that include identifying critical flaws in crypto design and implementations.
Nazli Choucri of MIT, a sub-Lablet of the Vanderbilt University (VU) Lablet presented an overview and Year 1 report on “Analytics for Cybersecurity of CPS”. The project is focused on introducing analytics for CPS cybersecurity to enhance value of guidelines and directives. Year 1 results included identifying the cybersecurity policy ecosystem and developing data extraction and linkage methods. Heechul Yun of KU spoke on “Micro-Architectural Attacks on Cyber-Physical Systems” and described the activities that had been undertaken to address the issue. The final research presentation on Day 1 was done by Xenofon Koutsoukos, PI at the Vanderbilt Lablet, entitled “A Game-Theoretic Framework for Security and Resilience of CPS”. Their research has enabled them to develop a game theoretic approach to detect attacks in CPS, while current and future work focuses on a game theoretic approach for randomized feature selection for anomaly detection and prediction using power and transportation systems in their case studies.
The first presentation on Day 2 was “Smart Speakers Today and Tomorrow: Privacy Attitudes and Research Opportunities” by Nathan Malkin of University of California, Berkeley, a Sub-Lablet of the International Computer Sciences Institute (ICSI) Lablet. The goal of the project is to develop privacy controls for always-listening devices using contextual integrity to evaluate flows and blocking inappropriate ones. Himanshu Neema, Vanderbilt, spoke on “Multi-Model Testbed for Deep Learning-Driven Resilient CPS” and described designing resilient CPS with integrated Machine Learning components. John Symons, KU, gave a presentation entitled “Resilient Institutions and Normativity: Privacy, Autonomy, and the Cyber-Nonphysical,” and noted that the research being done under this project proposes new research approaches and technologies with special focus on norms, institutions, and the protection of individual autonomy. Jonathan Aldrich, Carnegie Mellon University (CMU) Lablet, presented “Obsidian: A Secure, Usable Language for Smart Contracts” and described progress under this project. Sayan Mitra, University of Illinois at Urbana-Champaign (UIUC) Lablet, gave the final presentation, “Verification of Cyber-Physical Systems Through Learning”. The project addresses resiliency and risk-reduction in CPS through verification, going beyond purely model-based approaches with machine learning.
The complete agenda and selected presentations are available for viewing on the Science of Security Virtual Organization website.
The next meeting of the SoS Lablets will be the Fall Quarterly which will be held at Discovery Partners Institute (Chicago, IL), November 5-6.