Page 138 - Cyber Defense eMagazine December 2023
P. 138
Such risks are becoming especially concerning due to increasing attempts to compromise the nation’s
large and strategic systems, and loss of trust in digital systems due to disinformation, fraud, and lack of
digital safety. The resilience and trustworthiness of CHPS that provision critical societal services is now
a top national security concern. How should policymakers address this fact?
Resources for new R&D is one answer. But R&D needs both resources and one or more pathways that
are ambitious yet viable in a multi-stakeholder and highly uncertain environment. Hence if decision-
makers in government and industry want to overcome our asymmetrical cyber challenge, they need
diverse, committed subject matter expertise to chart the right course and create a broad, long-term picture
of future global risks and opportunities that captures the needs of all stakeholders of CPHS.
Identifying research priorities for R&D is the function of the Engineering Research Visioning Alliance
(ERVA), an initiative funded by the U.S. National Science Foundation (NSF). In August 2022, ERVA held
one of its visioning events on the theme of “unhackable infrastructure,” convening dozens of the top
experts in cybersecurity in the nation. The experts arrived at a consensus about the requirements that
future resilient infrastructure must satisfy. These include the ability of CHPS to ensure safety, security,
and trust in essential systems and services, while maintaining practical usability; and the capacity to
adapt to unexpected changes while maintaining robustness and trustworthiness in a range of situations,
including actively resisting adversaries (both known and unknown). The group identified gaps in today’s
security technologies and formulated new ideas and visions that will be instrumental in steering future
research toward areas of much-needed innovation to ensure resilient and trustworthy CPHS.
The resulting report identified research directions within five concrete areas for R&D efforts with the goal
of addressing the thorniest challenges in security engineering. Each area produced an array of specific
engineering topics to catalyze engineering research for a more secure and resilient world. The experts
highlighted ways in which these topics should be contextualized in various domains (e.g., energy,
transportation, supply chains, health care systems), considering domain-specific design and functional
requirements of CPHS, and unambiguous specification of safety, security, and resiliency requirements
for all stakeholders.
1. Human-Technology Interface Considerations: The visioning event report emphasized a crucial
insight: humans are both the weakest link and biggest opportunity in cybersecurity. Modeling to
counteract cyberthreats must consider the human element more comprehensively, from
motivating incentives and economics of security in asymmetric information environments as well
as usability in engineered infrastructures. (This is why we expanded the concept of cyber-physical
systems (CPS) to cyber-physical-human systems—to accentuate the essential human aspect.)
The assembled experts also recommended more R&D to integrate frontier technologies like
augmented and virtual reality into security interfaces, as well as greater use of immersive human-
computer environments. These would simultaneously improve usability of security systems for
human operators and allow greater understanding of what motivates humans to act in particular
ways—knowledge that can be applied to the way adversaries think and act as well.
2. Measuring and Verifying Security: CPHS operate in highly complex and constantly changing
environments, making it hard to determine how secure they are at any given time. We recommend
development of new quantitative metrics for determining system safety as well as advanced
Cyber Defense eMagazine – December 2023 Edition 138
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.