CybersecurityRoots of Trust research focuses on protecting cyber physical systems

The Cyber Security Research Alliance (CSRA) the other day announced that it will prioritize research in “Roots of Trust” for cyber physical systems (CPS), to help address growing cyber security threats to public and private critical infrastructure. With this confirmation of the CSRA’s research direction, CSRA is now seeking additional industry participation in CSRA to bring industry perspectives and insights to the early stages of research, and later to leverage industry strengths for the transition from research to practice.

The CSRA is a non-profit consortium founded as a forum for public-private partnerships to address cyber security research and development. Roots of Trust refers to a set of security functions in a device or system, which are implicitly trusted by the device’s operating system and applications, and which constitute the foundation for security.

The announcement follows a 12 May workshop hosted by CSRA founding member Lockheed Martin in Arlington, Virginia. Researchers gathered to consider cyber security threats and hear progress reports from Drexel University and George Mason University on the CSRA’s first research project, “Survey and Taxonomy of Roots of Trust for Cyber Physical Systems.”

The workshop featured two keynote addresses:

• Victoria Yan Pillitteri of NIST spoke about the activity of the Cyber Physical Systems Public Working Group, emphasizing the need for consensus in the definition and reference architecture for cyber physical systems
• Michael Pozmantier of DHS presented the views of DHS on what research is needed in this area in the short and long term, as well as on the process of transitioning from research to practice

“The CRSA workshop was an excellent opportunity for NIST to share plans for a cyber physical systems, or CPS, public working group that is open to everyone, whether from industry, academia, or government,” said Chris Greer, NIST Senior Executive for Cyberphysical Systems.

“The working group will enable progress by developing a common language and a shared understanding of the fundamental elements of cyber physical systems, including a reference architecture that provides for designed-in cybersecurity. We are pleased that CSRA will be one of the key industry leads for the CPS Public Working Group.”

Participants in the workshop agreed that substantive research is needed relating to hardware roots of trust, especially in the areas where the CSRA’s research partners are initially focused: transportation vehicles, medical devices and the power grid. 

“We believe our research priorities are well aligned with the threats facing cyber physical systems,” said Ron Perez, Senior Fellow and Senior Director, AMD Security Architecture, and founding member of CSRA. “As we execute research agendas in key technical areas, conduct larger-scale R&D activities and contribute to the national strategy in cybersecurity, public-private partnerships are crucial. To that end, the CSRA says it seeks to engage a broad range of partners, and we invite interested parties to join us, for the benefit of all.”

“Research and industry collaboration play an important role in identifying and mitigating the most critical threats facing organizations today,” said Bill Billings, Chief Information Security Officer, Federal, Enterprise Security Products, HP. “Alliance workshops like this are extremely insightful, and as the newest CSRA member, we look forward to joining other cybersecurity stakeholders in supporting the organization’s critical mission.”

Workshop attendees included representatives of government agencies, related non-profit organizations and academic institutions, CSRA partner institutions and CSRA members. The participants concluded that:

• Risk management is critically important in cybersecurity; the challenge of communication between different stakeholders, and the need to find ways to be proactive in risk management and risk-based testing in CPS initiatives remain critical for success
• It is necessary to engage practitioners early on in the research phase, as understanding market drivers early will be a key to success in transition from research to practice
• Connecting stakeholders at the early stages of research, identifying organizations and their business needs at the planning stages, helps transition from an R&D model to a commercialization model.