Page 138 - Cyber Defense eMagazine December 2023
P. 138

Such risks are becoming especially concerning due to increasing attempts to compromise the nation’s
            large and strategic systems, and loss of trust in digital systems due to disinformation, fraud, and lack of
            digital safety. The resilience and trustworthiness of CHPS that provision critical societal services is now
            a top national security concern. How should policymakers address this fact?

            Resources for new R&D is one answer. But R&D needs both resources and one or more pathways that
            are  ambitious yet viable  in a  multi-stakeholder and  highly uncertain environment.  Hence  if  decision-
            makers in government and industry want to overcome our asymmetrical cyber challenge, they need
            diverse, committed subject matter expertise to chart the right course and create a broad, long-term picture
            of future global risks and opportunities that captures the needs of all stakeholders of CPHS.

            Identifying research priorities for R&D is the function of the  Engineering Research Visioning Alliance
            (ERVA), an initiative funded by the U.S. National Science Foundation (NSF). In August 2022, ERVA held
            one of its visioning events on the theme of “unhackable infrastructure,” convening dozens of the top
            experts in cybersecurity in the nation. The experts arrived at a consensus about the requirements that
            future resilient infrastructure must satisfy. These include the ability of CHPS to ensure safety, security,
            and trust in essential systems and services, while maintaining practical usability; and the capacity to
            adapt to unexpected changes while maintaining robustness and trustworthiness in a range of situations,
            including actively resisting adversaries (both known and unknown). The group identified gaps in today’s
            security technologies and formulated new ideas and visions that will be instrumental in steering future
            research toward areas of much-needed innovation to ensure resilient and trustworthy CPHS.

            The resulting report identified research directions within five concrete areas for R&D efforts with the goal
            of addressing the thorniest challenges in security engineering. Each area produced an array of specific
            engineering topics to catalyze engineering research for a more secure and resilient world. The experts
            highlighted  ways  in  which  these  topics  should  be  contextualized  in  various  domains  (e.g.,  energy,
            transportation, supply chains, health care systems), considering domain-specific design and functional
            requirements of CPHS, and unambiguous specification of safety, security, and resiliency requirements
            for all stakeholders.

               1.  Human-Technology Interface Considerations: The visioning event report emphasized a crucial
                   insight: humans are both the weakest link and biggest opportunity in cybersecurity. Modeling to
                   counteract  cyberthreats  must  consider  the  human  element  more  comprehensively,  from
                   motivating incentives and economics of security in asymmetric information environments as well
                   as usability in engineered infrastructures. (This is why we expanded the concept of cyber-physical
                   systems (CPS) to cyber-physical-human systems—to accentuate the essential human aspect.)
                   The  assembled  experts  also  recommended  more  R&D  to  integrate  frontier  technologies  like
                   augmented and virtual reality into security interfaces, as well as greater use of immersive human-
                   computer environments. These would simultaneously improve usability of security systems for
                   human operators and allow greater understanding of what motivates humans to act in particular
                   ways—knowledge that can be applied to the way adversaries think and act as well.
               2.  Measuring  and  Verifying  Security:  CPHS  operate  in  highly  complex  and  constantly  changing
                   environments, making it hard to determine how secure they are at any given time. We recommend
                   development  of  new  quantitative  metrics  for  determining  system  safety  as  well  as  advanced






            Cyber Defense eMagazine – December 2023 Edition                                                                                                                                                                                                          138
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   133   134   135   136   137   138   139   140   141   142   143