Computing Community Consortium Blog

The goal of the Computing Community Consortium (CCC) is to catalyze the computing research community to debate longer range, more audacious research challenges; to build consensus around research visions; to evolve the most promising visions toward clearly defined initiatives; and to work with the funding organizations to move challenges and visions toward funding initiatives. The purpose of this blog is to provide a more immediate, online mechanism for dissemination of visioning concepts and community discussion/debate about them.


Congressional Briefing on Cybersecurity for Manufacturers Recap

April 24th, 2017 / in Research News / by Khari Douglas

CCC Council Member Kevin Fu from the University of Michigan contributed to this post. 

On April 12th, the Computing Community Consortium (CCC) and MForesight: Alliance for Manufacturing Foresight (MForesight), in conjunction with the House Manufacturing Caucus, held a Congressional briefing on Cybersecurity for Manufacturers that highlighted the outcomes of the March workshop of the same name and discussed the challenges to cybersecurity and potential next steps for its improvement in the U.S. manufacturing space.

Mike Russo introduces the panel

Mike Russo introduces the panel

The briefing featured members of the CCC and MForesight, as well as experts from government, academia, and the private sector:

The panel stressed the need for a national initiative to address R&D challenges and opportunities, technology implementation across the supply chain, and policy considerations. The R&D section offers a research agenda to develop computational tools and testbeds for cyber security assessment, validation, verification and threat prevention in seven areas:

  1. Automated risk assessment and detection tools
  2. Robust part validation technology
  3. Tools to audit the extent of attack
  4. Testbeds to safely prototype and test new IT and OT
  5. Development of a reference architecture with cross-cutting applicability
  6. Cyber range to test component and system level vulnerabilities, train teams, act as a sandbox for new ideas and provide a “cyber autopsy” capability
  7. Decoys for intelligence gathering; Prioritizing and Sharing Intelligence
Kirk McConnell discusses the national security implications of cybersecurity.

Kirk McConnell discusses the national security implications of cybersecurity.

The NIST cybersecurity framework explains that one cannot effectively control cybersecurity risks until after establishing a way to safely assess risk and detect threats in an automated fashion. The old way of conducting assessment involves the art form of penetration testing. This does not scale, depends on human labor, and does not provide continuous assessment. Research and development is needed to create technology that can replace penetration testing with continuous, automated assessment that is safe when used on Operational Technology.

One of the greatest challenges to cybersecurity of manufacturing is the lack of testability. The problem is that many security issues arise at interfaces of interoperable components, often from different manufacturers. Whereas the National Highway Traffic Safety Administration (NHTSA) and the Nevada National Security Test Site have end-to-end facilities for testing crashworthiness of vehicles and survivability of systems, respectively, there is no analogue for cybersecurity of manufacturing. Large OEMs have the means to create entire test factory floors, but even such a facility will not suffice to gain reasonable cybersecurity assurance of the interoperable components in a realistic, messy environment. The federal government can play an important role in coordinating the construction of infrastructure for testing facilities that span multiple manufacturers and universities.

To learn more about the briefing, view the summary here. Video recordings coming soon!

 

 

Congressional Briefing on Cybersecurity for Manufacturers Recap

Comments are closed.