Event
INCOSE Critical Infrastructure Protection and Recovery Working Group (Mid-Year Meeting)
Thursday, August 12, 2021
12:00 p.m.-4:30 p.m.
Online presentation
https://incose-org.zoom.us/j/97794376540?pwd=ZGRGS29jdzgvVkMxTFBnRVNzdis3Zz09
INCOSE Critical Infrastructure Protection and Recovery
Working Group Mid-Year Virtual Meeting
Zoom info
https://incose-org.zoom.us/j/97794376540?pwd=ZGRGS29jdzgvVkMxTFBnRVNzdis3Zz09
Meeting ID: 977 9437 6540
Passcode: 165354
Invited Speaker Abstracts and Bios.
The Interdependent Nature of National Cyber Security: Motivating Private Action in the Defense Industrial Base for a Public Good. The federal government relies largely on voluntary actions by the private firms that comprise our nation’s critical infrastructure to secure their operations. The media continually highlights instances where cybersecurity externalities have been created when IT and control systems have not been adequately secured, the Colonial pipeline incident being just the most recent. However, it is very difficult to get an accurate measure of cybersecurity investments by private industry because of the incentives for them to keep the information close hold. My research employed an agent-based modeling technique to analyze the cybersecurity investment decision by actors in the defense industrial base. One of the recommendations made as a result of the findings made 10 years ago was to introduce clear language in weapon systems development contracts to improve cybersecurity spending and coordination in the industry. 10 years later on, the DoD has begun to implement such measures via the introduction of the Cybersecurity Maturity Model Certification (CMMC) requirements for the defense industrial base. In my talk, I will take a look at how this measure may alter the findings and provide recommendations for future research in the area.
Forrest B. Hare. Dr. Forrest Hare is a retired Colonel in the United States Air Force most recently assigned to the Defense Intelligence Agency as the Deputy for the Indo-Asia Pacific Regional Center. As a major, he commanded an information warfare detachment in the European Air Operations Center during Operation Enduring Freedom. While assigned to the Air Staff Operations Directorate in the Pentagon, Dr. Hare was chosen to be on the Chief’s Cyberspace Task Force to develop the vision for the Service’s operations in its newest warfighting domain. His work contributed to the stand-up of the 24th Air Force and the creation of new cyberspace doctrine. After this assignment, he served on the staff of the Office of the Secretary of Defense and was a drafter of the Department of Defense Cyber Security policy. Dr. Hare has also served at the National Security Agency and in numerous overseas postings and deployments. In his current role as a solution architect for SAIC, he is developing a knowledge model for defense intelligence to improve the integration of cyber threat intelligence with traditional intelligence information.
Cryptographic Implementation Vulnerabilities in the Internet of Things: Challenges and Points of Inflection. The Internet of Things (IoT) consists of billions of devices observing and controlling our surrounding environment, including home, medical, transportation, industrial, energy, and environmental infrastructure. Data in IoT devices often require protection through cryptographic services. While cryptographic algorithms are generally mathematically robust against compromise, they are subject to implementation vulnerabilities, such as side channel and fault injection attacks. While new countermeasures against side channel and fault injection attacks are constantly being developed, there are other trends running cross-current to implementation attacks, including post quantum cryptography and new families of privacy preserving encryption. While post quantum cryptography could forestall data compromise by quantum computing, its adaptation in ubiquitous information technology will be a complex process which could introduce new implementation vulnerabilities. Further, IoT devices could benefit from new privacy preserving encryption such as Fully Homomorphic Encryption, which will bring its own set of challenges and opportunities.
William Diehl. Dr. William Diehl is a researcher at the U.S. Army Combat Capabilities Development Command (DEVCOM) Army Research Laboratory (ARL), where he conducts foundational and applied research to improve U.S. Army and joint service electronic warfare and electromagnetic spectrum capabilities. He is a retired U.S. Navy Cryptologic Officer, and an alumnus of the Naval Postgraduate School, where he obtained an M.S. in Electrical Engineering and Space Systems Certificate. Dr. Diehl completed his Ph.D. degree from George Mason University in 2018 and is author of over 30 peer reviewed publications relating to secure and efficient cryptographic implementations.