1 / 9

Jackson Mayo February 24, 2010

DOE Cybersecurity Grassroots Roundtable: Scientific Evaluation Ingredients for Presentation to DOE/Laboratory Management. Jackson Mayo February 24, 2010. What is the cyber problem?. Cybersecurity is currently a practice, not a science

nuru
Download Presentation

Jackson Mayo February 24, 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DOE Cybersecurity Grassroots Roundtable: Scientific EvaluationIngredients for Presentation toDOE/Laboratory Management Jackson Mayo February 24, 2010

  2. What is the cyber problem? • Cybersecurity is currently a practice, not a science • National cyber funding is overwhelmingly operational; little fundamental understanding • That’s why we keep failing • Despite huge effort, we’re stuck playing catch-up with cyber threats • Let’s make it a science and start succeeding • As in other fields, scientific foundations will ultimately transform our capabilities

  3. How does the cyber problemimpact DOE? • DOE has critical information to protect • DoD/Intel Community have inaccessible (classified) cybersecurity infrastructure • NSF performs long-term theoretical (unclassified) research • DOE needs to fill this gap to protect sensitive unclassified information and critical power & nuclear infrastructure

  4. Why science? • Why is a scientific approach needed to solve this problem? • Current approaches are reactive, and don’t address the larger problem • Breaches in information security reveal an underlying gap in understanding • Technology is evolving so quickly that without a fundamental understanding, we will never get ahead of the threat

  5. Why science? • Current reactive approaches • Drain unpredictable amounts of resources • Result in decisions made based on potential dead-end (incomplete) approaches • Identify only “circumstantial” truths rather than the intrinsic truths

  6. Why science: Why DOE? • DOE is the nationally acknowledged leading expert in modeling & simulation • National benefit if DOE can use scientific methods, similar to those used to confirm the reliability of the nuclear stockpile (UQ/V&V), to make confident assertions about the cyber environment to national leaders

  7. National cyber research portfolio should be diversified • Short-term: Necessary operational response to current threats • Medium-term: Scientific concepts to design and evaluate critical cyber infrastructure • Power grid (can be extended other critical national infrastructure such as water, etc.) • All things nuclear • Long-term: Principled understanding of complex cyber systems in general

  8. Tasks that DOE can accomplish • Define scope of this new science • Develop needed vocabulary • Explore the range of scientific modes (theory to experiment) for use in cybersecurity • Develop appropriate measurement tools • Develop cyber-specific epistemology, axioms, etc. • Develop framework for consistent design of cyber experiments

  9. Recap of three questions • 1. What can the community provide? • Scientific expertise in variety of disciplines to develop “science of cybersecurity” • 2. How can the community benefit? • Greater credibility and confidence in analyses • 3. Relevance to DOE Mission • Protect critical nuclear and power grid infrastructure • Provide assurance against future information security breaches

More Related