Workshop Probes Future of Cyber-physical Security

As technology evolves and becomes more sophisticated, interconnecting more and more of the world we live in, so do the threats to those interconnected systems.
Where cyber systems meet physical systems – an area called cyber-physical systems (CPS) – there may be no greater area to shore up our defenses. That’s because CPS are prevalent in almost every critical infrastructure sector in the US, including electricity, water, gas, transportation, chemical, health care, banking and finance, the defense industrial base, emergency services and nuclear reactors. It’s vital to not only boost our cyber and physical security, but our CPS security as well.
In essence, if our CPS strength and security are not up to par, that could spell catastrophe.
“Our lives depend on them [CPS] and our lives will depend on them more and more in the future,” Jeannette Wing, assistant director at the National Science Foundation, said during a DHS-sponsored CPS workshop Wednesday. “How can we build intelligent … and safe digital systems that interact with the physical world?”
A CPS is a system of systems that require tight conjoining of and coordination between the computer portions of systems and the physical realms, underlying processes, and policies governing the systems. Put simply, they are "smart," life-transforming technologies that can be applied to critical infrastructures. An example of a CPS may be smart cars that drive themselves, smart home appliances, and earthquake resistant buildings and bridges.
The so-called “Smart Grid” is a prime example of where we are headed in this arena. The Smart Grid is the plan to overhaul and modernize the nation’s electrical grid – think of it as the Internet brought to our electrical system. The hope is that one day, few will remember life without the Smart Grid, much like many of us can’t seem to remember life before email.
A smart grid delivers electricity from suppliers to consumers using digital technology to save energy, reduce cost and increase reliability and transparency. It will be able to function more efficiently, intelligently, and on its own, while leaving less of a negative footprint on our environment.
Several government officials lauded the Obama administration for its commitment to science and technology research, and its interest in CPS. That commitment can be seen in budget numbers. For example, the National Protection Programs Directorate at DHS had a $12 million budget in fiscal year 2008, compared to a budget of $22 million in fiscal year 2009. That money will be needed to secure cyber and physical structures, and everything in between.
“We’re connecting in increasingly complex ways more technological devices that defy mathematical understanding,” said Philip Reitinger, deputy undersecretary of the National Protection Programs Directorate. “We are depending more and more on this technology every day … we’re going to have a greater threat environment and a greater risk going forward.”
Although the Smart Grid is an opportunity to modernize the security of the grid with new technology, it also offers more opportunity for vulnerabilities. Potential threats to the grid could come from disgruntled employees, hackers, denial-of-service attacks, industrial espionage, terrorists, electromagnetic pulse (EMP) or hostile states. It could also fall victim to inadvertent threats like equipment failures and user error, or natural disasters. Any of these disturbances could cause massive failures of the grid if they’re not properly defended.
The fact that this workshop was held in Newark, New Jersey was symbolic. Within a five mile radius of Exit 14 of the New Jersey Turnpike lies 85 percent of the nation’s critical infrastructures – chemical facilities, bridges and tunnels, even ports and airports.
“The No. 1 threat to this country is this region up here,” explained Richard Canas, director of the New Jersey Office of Homeland Security and Preparedness. This is an area “that any terrorist would want to destroy and would have a heyday [with]. It is a terrorist’s dream if they want to come up here. You want to do a lot of damage, this is where you come.”
Tom Malec, a counterintelligence and cyber security official at the Department of Energy, noted that his agency also is a “huge juicy target” for nefarious cyber hacker types. It has recorded network disturbances or unusual activity of some sort of in the billions per month. Threats can even come in the form of a simple email.
“All it takes is one from who you think is a friend … click, you’re toast,” Malec said. “You don’t own your computer anymore and your computer is going out looking for other ones to take over. It’s just that easy. This scares me.”
It is scary because what begins as an Internet attack on a CPS could actually result in lives being lost. For example, if a hacker or other nefarious individual or group did damage to a regional electric or gas system, causing an outage, air conditioners may not work in the summer, or heaters in the winter – both the young and old would be at risk of death.
“We are experiencing consistent, persistent, hostile Internet-based activity … In cyberspace, the psychology is very different because attribution is very difficult. Consider a world where you can behave any way you want, any time you want, without consequence,” Malec said.
“This is serious stuff. We’ve got to get it right.”
Liza Viana is the New York-area correspondent for HSToday.us.

(Visited 21 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply