CYBER

Why cybersecurity needs a common vocabulary

Industry research group and a pair of universities join forces on taxonomy project

Before government, industry and academia can tackle the issue of cyber physical system security, they have to figure out how to talk about cyber physical system security.

The private, non-profit research consortium Cyber Security Research Alliance (CSRA) is looking to guide the nascent conversation.

“[Concerned parties] in government, industry and academia are all calling for a unified taxonomy, a unified way of looking at and talking about the problem space [within cyber physical system security],” said Ron Perez, CSRA Fellow and director of security architecture at Advanced Micro Devices.

In pursuit of a unified taxonomy, CSRA has partnered with Drexel University and George Mason University.

The pair of universities will participate in research, beginning with a survey and taxonomy, aimed at advancing cyber security in transportation vehicles, medical devices and the power grid.

The research is much-needed, said Lee Holcomb, CSRA president and director, engineering and technology, for Lockheed Martin Information Systems & Global Solutions.

“Cyber physical systems touch just about everything that we do,” Holcomb said, citing everything from smart power grids to aircraft guidance systems. “The security of those systems is really imperative.”

With connected systems moving from screens to appliances, automobiles and more – “The Internet of Things,” in popular parlance – potential threats proliferate.

“As Internet-connected systems move from the realm of, say, finance, into our day-to-day lives, in things like homes and automobiles,” Holcomb said, “we move from being at risk of losing money to the risk of losing life.”

Interconnected systems bring convenience, but “if you don’t architect the system correctly, adversaries could get in” – and they have, Holcomb said, noting that “breaches of security have become much more commonplace” over the past few years.

After kicking off cyber physical system security work last year with a “broad-ranging workshop,” CSRA solicited academic partners and received four applications, Holcomb said.

Drexel and GMU were chosen based on the individual strengths of each proposal and how the two complemented each other, Holcomb said.

The work will focus particularly on cyber physical systems security within the power grid, medical devices and transportation vehicles, due to the critical nature of those infrastructural assets, Holcomb said.

Calling the survey and taxonomy “Phase One of multi-phase efforts,” Holcomb said CSRA, GMU and Drexel are shooting to present some findings at a May 12 workshop, while the final report will come towards the end of June.

“The problem space goes beyond one company’s ability to address,” Holcomb said, saying that CSRA possesses a unique capacity to “bring all the stakeholders together.”

Lockheed Martin is one of the founding partners of the alliance along with Advanced Micro Devices, Honeywell, Intel Corp. and RSA.

The companies within CSRA “represent the breadth of the ecosystem,” Holcomb said, pointing to the varied interests of software-centered companies like RSA and Honeywell versus a systems integrator like Lockheed Martin.

“We welcome participation from additional members of the government contractor space,” he said, stressing the importance of engaging the private sector early on as the terms, relationships, common vocabulary and “roots of trust” in cyber physical systems security are established.

About the Author

Zach Noble is an editorial fellow for Washington Technology. You can contact him at znoble@1105media.com.

Reader Comments

Thu, Mar 27, 2014 Bill Australia

Interesting - and needed!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
 Top 100 Slideshow
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts