National Cyber Leap Year Summit observations

August 17-19, the White Office of Science and Technology Policy (OSTP) and the National Coordination Office for Networking and Information Technology Research and Development (NITRD) held the National Cyber Leap Year Summit. Aneesh Chopra, President Obama’s CTO, gave the opening keynote. I had a chance to meet with him and he was definitely interested in what I had to say.

The Summit was a working meeting to identify “game-changing” ideas to revolutionize cyber security. Attendance was by invitation only. There were approximately 150 attendees that were leaders in their field. Attendees came from the following organizations:
- ORNL
- Carnegie-Mellon
- HP
- Unisys
- Pace University
- Penn
- Techniche Universitset – Germany
- Northrop Grumman
- WhiteNoise Labs
- Indiana Univ
- Boeing
- UC Santa Barbara
- AVI-Secure Decisions
- University of Memphis
- Intel
- Noblis
- UC Irvine
- BAE
- George Mason University
- UC Berkeley
- Lockheed Martin
- Accenture
- Naval Postgraduate School
- Iron Key
- CSC
- IBM
- Harvard
- Mandiant
- Princeton
- Visa
- MIT
- Oxford University
- Voltage Security
- MITRE
- Sonalysts
- PayPal
- GE
- Computer Measurement Laboratory
- Telcordia
- Minnesota
- BBN
- Gartner
- RAND
- ICANN
- John Marshall Law School
- Georgia Tech
- Cloud Security Alliance
- QinetiQ
- RTI International
- Verizon
- University of Illinois
- University College London
- Virginia Tech
- FSTC
- PriceWaterhouse Coopers
- BITS
- Purdue
- Sandia National Lab
- TechPar
- Symantec
- Cornell
- NYU
- Bit9
- Bank of America
- Value Media
- General Dynamics
- Internet Law Group
- Synaptic Labs
- Applied Control Solutions
- IARPA
- DARPA
- NIST
- National Science Foundation
- NITRD
- DOD
- NSA
- DNI

I was the only representative from the industrial control systems community. I suppose that is progress – at least we were there.

As would be expected, most of the game-changing ideas were focused on business IT. Many of those would not be useable in the control system environment. I think the following quote from a senior IT scientist at a major IT company will underscore my point:

“It was great meeting you this week at the National Cyber Leap Year Summit. I find it very interesting to hear your statements given the importance of control systems not only to our daily-life but also to the larger information infrastructure that depends on it for power, cooling, etc. It certainly sharpened my senses to look out for security requirements of control systems and not simply to consider them covered by the techniques the security community is developing for other areas such as cloud computing, data and computing centers, and client or mobile systems.”

I did take the opportunity at the final plenary session to speak on the need to address control systems and for IT and control systems to work together – this would certainly be a game-changer. I was encouraged by many people wanting to use the October Control System Cyber Security Conference as a vehicle to get the two communities talking.

Joe Weiss