censec homeland security conference 2018€¦ · censec homeland security conference 2018 the...
TRANSCRIPT
CenSec Homeland Security Conference 2018 The Energy Sector
Michael Lisanti
Where Industrial Control System (ICS)
Attacks are coming from
Breakdown of origin countries for non-critical and critical attacks from Trend Micro SCADA honeypot research
“Hacker” Management Interface (HMI)
and ICS Vulnerabilities
Alert (TA18-074A) Russian Government
Cyber Activity Targeting Energy and Other
Critical Infrastructure Sectors Original release date: March 15, 2018 | Last revised: March 16, 2018
Cybersecurity Capability Maturity Model (C2M2) US Department of Energy (DoE)
• Public-private partnership
• Improve Energy Sector capabilities,
bench marking, knowledge sharing
• IT and OT best practices
• Informed by CMU SEI CERT Resilience Maturity Model
(CERT-RMM)
Cybersecurity Capability Maturity Model (C2M2)
Electricity Subsector Cybersecurity Capability
Maturity Model (ES-C2M2
Oil and Natural Gas Subsector Cybersecurity
Capability Maturity Model (ONG-C2M2)
100+ Faculty | University-Wide | 200+ Students | 1 CMU
Creating a world where people can trust technology
100+ Faculty | University-Wide | 200+ Students | 1 CMU
Creating a world where people can trust technology
Addressing the Cybersecurity Workforce Crisis CMU picoCTF: Inspiring Students in STEM
• World’s largest online hacking competition
• 75,000+ students from 1000+ USA
middle/high schools and 154 countries
have competed
• Supported by global sponsors
Norway classroom
CyLab Brings Together CMU’s Research Foundations in Security and Privacy
Network security
Computing
Policy People
Software security
Cyber physical systems and IoT
Hardware security
Language-based security and verification
Cryptography & Blockchain App
Trustworthy computing
Usable privacy and security
Behavioral science
Security Economics
Risk analysis & management
Adversary and threat modeling
Privacy engineering
Data Security & privacy regulation
Biometrics and authentication
Mobile security and privacy
Web and application
security
Systems security
Decision science
AI & Machine Learning
Privacy & Compliance
Uptime & Reliability
Scalability Safety & Security
Why is Securing IoT Challenging?
Speed & Cost
&
Secure and Private IoT Vision
OPERATE
DEPLOY
BUILD
Detect & Remediate (Months to Years)
TRUST
AUTONOMOUS HEALING
ACCOUNTABILITY
Detect & Remediate
(Milliseconds to Seconds)
Autonomous Software Defined
Networks (SDN)
Secure and Private IoT
Privacy-Respecting AI Reporting
Autonomous Healing
1
Trust 2
Accountability 3
Secure Primitives
City-Scale IoT
Progressive Strategy
Principles: Advancing IoT Security Research
Security is a Team Sport. Solve hard problems.
Sponsors participate, influence, integrate personnel throughout research lifecycle
Supports 8-10 graduate students, 1-2 professional developers
Build relationships with students, faculty, other sponsors
Make it Tangible. Build actual systems & software.
Annual Call for Proposal seeds innovation projects
Integrated IoT reference stack, incrementally refine
Living lab testbed extended to smart cities, other verticals
Open source, permissive license. Take research in-house
Amplify Investment. Make bigger impact.
$30MM+ in government funding
Sponsor funds pooled: $1M+/yr research funded (>5x amp.)
Goal: Develop IoT Reference Research Stack
Secure and Privacy-Respecting IoT
Open source end-to-end architecture, artifacts, platform for creating autonomous healing, trusted, accountable Internet of Things
Multiyear project and living lab testbed, deploying into smart cities, building on Carnegie Mellon CyLab security and privacy heritage
Partnering with a limited number of technology leader companies
#1 Competitive Computer Hacking Team (DefCon CTF competition)
#1 DARPA Cyber Grand Challenge Winner (Mayhem)
#1 World’s First Computer Emergency Response Team (CERT®)
#1 Cyber Security Graduate Programs (Universities.com)
#1 School of Computer Science (U.S. News & World Report)
#1 Artificial Intelligence (U.S. News & World Report)
100+ Faculty 200+ Graduate students
100+ security/privacy courses 25,000 ft2 of collaborative research space
1442 Faculty 14,528 Students
111 countries represented 7 colleges, global presence
Why Partner With Us?
#1 Startups Per Research Dollar (Association of University Technology Managers)
#1 Information & Technology Management (U.S. News & World Report)
#4 Computer Engineering (U.S. News & World Report)
#10 Best for New Hires (Wall Street Journal)
27,000 participants in world’s largest hacking contest (picoCTF)
215,000+ professionals trained in cybersecurity
Accolades
How would you like to collaborate on cybersecurity research and education?
Michael Lisanti Director of Partnerships
+1 412-268-1870 [email protected] www.cylab.cmu.edu