For Immediate Release
Cyber Security Research Alliance Workshop Pursuing "Roots of Trust" Research Focus to Protect Cyber Physical Systems
Mid-project Workshop with Participation from NIST, Department of Homeland Security, Industry and Academia Sets Priority Research Area to Help Secure Critical Infrastructure
WAKEFIELD, Mass., June 2, 2014 – The Cyber Security Research Alliance (CSRA) today announced that it will prioritize research in “Roots of Trust” for cyber physical systems (CPS), to help address growing cyber security threats to public and private critical infrastructure. With this affirmation of the CSRA's research direction, additional industry participation in CSRA is now sought, to bring industry perspectives and insights to the early stages of research, and later to leverage industry strengths for the transition from research to practice.
The CSRA is a non-profit consortium founded as a forum for public-private partnerships to address cyber security research and development. "Roots of Trust" refers to a set of security functions in a device or system, which are implicitly trusted by the device's operating system and applications, and which constitute the foundation for security.
The announcement follows a May 12 workshop hosted by CSRA founding member Lockheed Martin in Arlington, Virginia. Researchers gathered to consider cyber security threats and hear progress reports from Drexel University and George Mason University on the CSRA's first research project, “Survey and Taxonomy of Roots of Trust for Cyber Physical Systems.”
The workshop featured two keynote addresses:
- Victoria Yan Pillitteri of NIST spoke about the activity of the Cyber Physical Systems Public Working Group, emphasizing the need for consensus in the definition and reference architecture for cyber physical systems.
- Michael Pozmantier of the Department of Homeland Security (DHS) presented the views of the DHS on what research is needed in this area in the short and long term, as well as on the process of transitioning from research to practice.
"The CRSA workshop was an excellent opportunity for NIST to share plans for a cyber physical systems, or CPS, public working group that is open to everyone, whether from industry, academia, or government," said Chris Greer, NIST Senior Executive for Cyberphysical Systems. "The working group will enable progress by developing a common language and a shared understanding of the fundamental elements of cyber physical systems, including a reference architecture that provides for designed-in cybersecurity. We are pleased that CSRA will be one of the key industry leads for the CPS Public Working Group."
Participants in the workshop agreed that substantive research is needed relating to hardware "roots of trust," especially in the areas where the CSRA's research partners are initially focused: transportation vehicles, medical devices and the power grid.
"We believe our research priorities are well aligned with the threats facing cyber physical systems,” said Ron Perez, Senior Fellow and Senior Director, AMD Security Architecture, and founding member of CSRA. As we execute research agendas in key technical areas, conduct larger-scale R&D activities and contribute to the national strategy in cybersecurity, public-private partnerships are crucial. To that end, the CSRA seeks to engage a broad range of partners, and we invite interested parties to join us, for the benefit of all."
"Research and industry collaboration play an important role in identifying and mitigating the most critical threats facing organizations today," said Bill Billings, Chief Information Security Officer, Federal, Enterprise Security Products, HP. "Alliance workshops like this are extremely insightful, and as the newest CSRA member, we look forward to joining other cybersecurity stakeholders in supporting the organization's critical mission."
Workshop attendees included representatives of government agencies, related non-profit organizations and academic institutions, CSRA partner institutions and CSRA members. The participants concluded that:
- Risk management is critically important in cybersecurity; the challenge of communication between different stakeholders, and the need to find ways to be proactive in risk management and risk-based testing in CPS initiatives remain critical for success.
- It is necessary to engage practitioners early on in the research phase, as understanding market drivers early will be a key to success in transition from research to practice.
- Connecting stakeholders at the early stages of research, identifying organizations and their business needs at the planning stages, helps transition from an R&D model to a commercialization model.
About the CSRA
The CSRA is a private, non-profit research consortium formed in response to the growing need for increased public-private collaboration to address complex problems in cyber security. The founding members of the CSRA are Advanced Micro Devices (AMD), Honeywell, Intel Corporation, Lockheed Martin, and RSA, The Security Division of EMC. The CSRA seeks to achieve coordinated industry participation to address national cyber security research and development (R&D) imperatives and bridge the gap between government-funded R&D and commercially available products and solutions in cyber security. More information about the CSRA can be found at www.cybersecurityresearch.org.
Ryan Zimmerman, 202.336.7962, ext 7962; Cell: 202.560.8230