Cybersecurity and Smart Infrastructure: Ensuring Resilience and Deterrence
Congressional Briefing brought to you by
ACS Science & the Congress Project
Rep. Michael McCaul (R-TX) and Rep. Jim Langevin (D-RI),
Co-Chairs of the Cyber Security Caucus
The internet, or cyberspace, has brought the reality of remote automated control of many systems including those vital to daily activities including traffic systems, water works, and electricity distribution. Two-way communication abilities and datastreams promise the rise of “smart” systems that can minimize energy and material waste by making the system efficient in real time. However, the paradox of such adaptability opens the system up to the specter of remote manipulation which could have lethal results. As analog and manually-controlled systems become increasingly smart, how should policymakers direct computer engineering and infrastructural modernization to ensure resilient networks equipped with algorithmic deterrence? This panel will inform as to what pace cybersecurity research and implementation should occur to prevent catastrophic scenarios.
- Glenn Ruskin
American Chemical Society
- The Honorable Jim Langevin (D-RI)
U.S. House of Representatives
- Herb Lin
National Research Council
- Stacy Prowell
Oak Ridge National Laboratory
- Sunil Cherian
- Marianne Swanson
National Institute of Standards and Technology
- William Sanders
University of Illinois at Urbana-Champaign
- Q&A Session
Herb S. Lin, Ph.D. is chief scientist at the Computer Science and Telecommunications Board, National Research Council of the National Academies, where he has been study director of major projects on public policy and information technology. These studies include a 2007 study on cybersecurity research (Toward a Safer and More Secure Cyberspace), a 2009 study on offensive information warfare (Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities), and a 2010 study on cyber deterrence (Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy). Prior to his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986–1990), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from MIT.
Stacy Prowell, Ph.D., is the Chief Cyber Security Research Scientist for the Computational Sciences and Engineering Division at Oak Ridge National Laboratory, where he directs the lab’s research efforts in cyber and cyber-physical security. His research targets applying high-performance computing to automated reverse engineering of computer software and digital hardware for detection of vulnerabilities and system assurance. Dr. Prowell is an associate professor (joint appointment with ORNL) in the Electrical Engineering and Computer Science Department of the University of Tennessee, focusing on automated methods for high-quality software assurance through statistical testing, uncertainty quantification, and automated reasoning. Prior to joining ORNL, Dr. Prowell was the Chief Scientist for Carnegie Mellon University’s CERT STAR*Lab program, developing automated solutions to challenge problems in cyber security. Over the past decade Dr. Prowell has managed commercial development projects and consulted on the design, development, and testing of applications ranging from medical scanners to large, real-time distributed systems.
Sunil Cherian, Ph.D., is the Founder and CEO of Spirae. Since its 2002 founding, Dr. Cherian has built Spirae into profitability with an emphasis on strong customer relationships and a growing intellectual property portfolio with a highly skilled team of power systems and software development professionals. Spirae currently has operations in North America, Europe and India. Dr. Cherian currently serves on the Boards of the Colorado Clean Energy Cluster and Colorado Cleantech Industry Association. Prior to Spirae, Dr. Cherian founded Sixth Dimension, Inc. for providing networking technologies for the energy industry and served as its CEO from 1997 until 2002. Before founding Sixth Dimension, Dr. Cherian served as Acting Director for the Colorado Manufacturing Extension Center and as Product Realization specialist for the Mid America Manufacturing Extension Center, both at Colorado State University (CSU). Dr. Cherian has extensive experience in distributed energy applications including distributed control systems, renewable energy integration, and distributed energy resources management for network operations, power management, and energy services delivery. He is a frequent speaker at industry events and has over 35 technical presentations and multiple publications in books, journals, conferences, symposia, and tradeshows. He earned his M.S. and Ph.D. degrees in Mechanical Engineering from CSU.
Marianne Swanson, is a senior advisor for information technology security management in the Computer Security Division at the National Institute of Standards and Technology (NIST). She is the Chair of the Smart Grid Interoperability Panel - Cyber Security Work Group. Prior to accepting that position she was the Co-Chair of the Working Group on Lifecycle and Standards established under Comprehensive National Cyber Initiative 11, “Develop Multi-Pronged Approach for Global Supply Chain Risk Management,” and for more than a decade served as the Chair of the Federal Computer Security Program Managers' Forum. She has authored or co-authored over twenty NIST Publications, including foundational computer security documents used throughout industry, and in state, local, and foreign governments. Ms. Swanson was selected by GovInfoSecurity.com as one of the ten most influential individuals in government IT security in 2011. In 2011 and 2010, Ms. Swanson received the Department of Commerce Gold Medal Award. Ms. Swanson has over twenty-five years of computer security experience. Prior to joining NIST, she worked as a Systems Security Specialist with the Nuclear Regulatory Commission and as a Program Analyst with the Internal Revenue Service.
William Sanders, Ph.D., is a Donald Biggar Willett Professor of Engineering and the Director of the Coordinated Science Laboratory at the University of Illinois at Urbana-Champaign. He is a professor in the Department of Electrical and Computer Engineering and Affiliate Professor in the Department of Computer Science. He is a Fellow of the IEEE and the ACM, a past Chair of the IEEE Technical Committee on Fault-Tolerant Computing, and past Vice-Chair of the International Federation for Information Processing (IFIP) Working Group 10.4 on Dependable Computing. Dr. Sanders was the founding Director of the Information Trust Institute (www.iti.illinois.edu) at UIUC. He has published over 200 technical papers on secure and dependable computing, metrics thereof, and critical infrastructures. He is currently the Director and PI of the DOE/DHS Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) Center. Dr. Sanders co-developed of tools for assessing computer-based systems including METASAN, UltraSAN, and Möbius, of which the latter two have been distributed widely to industry, academia, and NASA to evaluate performance, dependability, and security of various systems. He garnered his three degrees in computer science and/or engineering from University of Michigan including a Ph.D. in 1988.
National Academies / National Research Council
- Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy (2010); http://www.nap.edu/catalog.php?record_id=12997
- Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities (2009); http://www.nap.edu/catalog.php?record_id=12651
- Toward a Safer and More Secure Cyberspace (2007); http://www.nap.edu/catalog.php?record_id=11925
Coordinated Science Laboratory (University of Illinois at Urbana-Champaign)
Department of Energy
- Cyberspace Sciences and Information Intelligence Research Group, Oak Ridge National Laboratory; http://www.ioc.ornl.gov/index.html
- DRAFT Electricity Subsector Cybersecurity Risk Management Process (March 2012); http://energy.gov/sites/prod/files/RMP%20Guideline%20Second%20Draft%20for%20Public%20Comment%20-%20March%202012.pdf
- Roadmap to Achieve Energy Delivery Systems Cybersecurity (September 2011); http://energy.gov/sites/prod/files/Energy%20Delivery%20Systems%20Cybersecurity%20Roadmap_finalweb.pdf
National Institute of Standards and Technology
- SmartGrid; http://www.nist.gov/smartgrid/
- Automating Smart Grid Security: Applications of the Security Content Automation Protocol to the Smart Grid for Risk Management Activities (December 2011); http://collaborate.nist.gov/twiki-sggrid/pub/SmartGrid/CyberSecurityCTG/Automating_Smart_Grid_Security_v1_4.pdf
- Guidelines for Smart Grid Cyber Security; http://csrc.nist.gov/publications/nistir/ir7628/introduction-to-nistir-7628.pdf
Congressional Research Service
- Cybersecurity: Selected Legal Issues (March 14, 2012); http://www.fas.org/sgp/crs/misc/R42409.pdf
- Smart Meter Data: Privacy and Cybersecurity (February 3, 2012); http://www.fas.org/sgp/crs/misc/R42338.pdf
- Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions (December 22, 2011); http://www.fas.org/sgp/crs/natsec/R42114.pdf
- The Smart Grid and Cybersecurity – Regulatory Policy and Issues (June 15, 2011); http://www.fas.org/sgp/crs/misc/R41886.pdf
Center for Strategic & International Studies
- Significant Cyber Events (since 2006), by James Andrew Lewis; http://csis.org/publication/cyber-events-2006
Trustworthy Cyber Infrastructure for the Power Grid
Chemical & Engineering News (A Publication of the American Chemical Society)
- Firing Up The $1 Trillion Network, by Jeff Johnson. Chemical & Engineering News, 2011, 89 (1), 17-19; http://cen.acs.org/articles/89/i1/Firing-1Trillion-Network.html
- Exclusive: Comedy of Errors Led to False ‘Water-Pump Hack’ Report, by Kim Zetter. Wired “Threat Level” Blog, November 30, 2011; http://www.wired.com/threatlevel/2011/11/water-pump-hack-mystery-solved/