Federal Cyber Security R&D project

I attended the National Coordination Office for Networking and Information Technology R&D (NITRD) in Oakland, CA, May 19th. The meeting was a follow-on to the August Cyber Leap Year Summit and had three “game-changing themes”. Once again, there was no one there besides me from the industrial control system community. The end state of this effort requires a dynamic understanding of the totality of its complexities and is meant to be game-changing - that is revolutionary not evolutionary. The approach used the following as examples – on-line banking, commerce, health care, and personal communications.  Notice the lack of industrial control systems.  The 1st theme was called “Moving Target” which will provide research into technologies that will enable us to create, evaluate, and deploy mechanisms and strategies that are diverse, and continually shift and change over time to confuse attackers. Can anyone imagine doing this with control systems???  The 2nd theme was Tailored Trustworthy Spaces which means that it provides a flexible, adaptive, distributed trust environment. This sounds interesting, but how does it apply to a control system environment?  The third theme was Cyber Economic Incentives. Again, it sounds interesting, but how does this apply in a control system environment.  After the program, I mentioned that a possible game changer for control systems would be to have some selected control systems experts identify what functionality would be needed for new control systems (step 0).  Then have the security community determine how they would secure those functions (step 1).  The DOE and DHS roadmaps assume step 0 is known and go directly to step 1. This approach did not seem to get much interest.

Joe Weiss