I participated in the Cyber Security Research Alliance (CSRA) and National Institute of Standards and Technology (NIST) two-day workshop in early April, “Designed-in Cybersecurity for Cyber-Physical Systems”, which explored emerging research needs for cybersecurity in cyber-physical systems within the diverse cyber-physical community.

During the workshop it was pointed out that much of the threat assessment in cyber-physical systems to-date has been accomplished using reliability models, without appropriate consideration for adaptations that are necessary when factoring in intelligent adversaries. A methodology that combines both reliability and traditionally used models to assess infrastructure, with the most commonly used adversarial models in cyber security, is what we need. The problem is that we assess security at one level of abstraction and then use those “secure” components to implement a higher-level system. As a consequence, our overall system is insecure if the logic used to construct the higher-level system is flawed.

We must keep security in mind when constructing underlying components, especially at the higher-levels, if we are to successfully adapt and thwart intelligent adversaries in cyber-physical systems.

Support for experimentation with cyber-physical systems is an increasing area of research in the DETER Project.

A link to the workshop, with agenda, is located at: http://www.nist.gov/itl/csd/cyberphysical-systems-2013-workshop.cfm

An article about the workshop is located at: http://www.bloomberg.com/article/2013-04-09/a2zZV3zjUY2c.html