How To Understand And Understand Cyber Security

Transcription

1 Special Sessions on Cybersecurity Research for Critical Infrastructure Thursday, February 12, 2015 In Oceans 12 Session 1, 8:30 10:00, Oceans 12 Michael Siegel Principal Research Scientist, and Associate Director MIT (IC)3 Qi Van Elkema Hommes Lecturer and Research Affiliate MIT (IC)3 and Engineering Systems Division Industry Panel Moderator: Sid Snitkin New Cyber Security Approaches for ICS/IIoT Resilience and Cyber safety Advancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching, and Software Development Cyber Safety: A Systems Thinking and Systems Theory Approach to Managing Cyber Security Applied to TJX Case and Stuxnet Panelists: Ibrahim Hamadi, Dolphin Energy William Cotter, 3M Eric Cosman, ARC Advisory Group (Dow Retired) 1

2 Special Sessions on Cybersecurity Research for Critical Infrastructure Thursday, February 12, 2015 In Oceans 12 Session 2, 10:30 12:00, Oceans 12 James Houghton Research Scientist, MIT (IC)3 and MIT Sloan School of Management Developing Cyber Security Metrics and Disrupting the Vulnerability Ecosystem Advancing Cyber Security Using System Dynamics Simulation Modeling for Analyzing and Disrupting Cybercrime Ecosystem and Vulnerability Markets Michael Coden Vice President, NextNine and Associate Director MIT (IC)3. MIT House of Security: Techniques to Quantify Metrics and Other Cultural Aspects of Cyber Security Industry Panel Moderator: Sid Snitkin Panelists: William Cotter, 3M Gary Williams, Schneider Electric Jeff Melrose, Yokogawa Electric Corporation 2

3 DRAFT PROSPECTUS V12.5 For discussion purposes only TM Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity TM I See Cube (IC) 3 TM (IC) DRAFT, Copyright (IC) 3 3, 2014

4 Filling a Critical Need for Critical Infrastructure Security of conventional information systems is recognized as important But still not fully effective (e.g., Target, Heartbleed, etc.) Security of our Cyber Physical Infrastructure E.g., computer controlled utilities, oil & gas sites, chemical, water, financial services, telecom, infrastructure, etc. is even more important, but much less research has been done. Critical needs for Critical Infrastructure: (1) Justify top management attention & adoption (2) Define actions that can be effective & measured (3) Define a culture of Cyber Safety (4) Create a forum for CSO/CISO s to advance Cybersecurity 4

5 Interdisciplinary Approach (IC) 3 will apply expertise from multiple disciplines in its research on Cybersecurity issues of Critical Infrastructure. Faculty from MIT Sloan School of Management, MIT School of Engineering, and MIT School of Humanities (Political Science) (IC) 3 will address complex Cybersecurity issues using techniques such as: Multi dimensional data aggregation & quality System Dynamics, Modeling and Simulation Internet, Network, and Communication Architecture Applying Accident and Safety Theory to Cybersecurity Cross border and international policy & implications Control point analysis Risk analysis and liability modeling People and process modeling: Users and operators as well as Cyber criminals 5

6 Sample Research MIT House of Security: MIT has developed techniques to measure perceptions of security in an organization Accident and Safety research: MIT can extend its research on accident prevention to preventing cyber events. Control Points: MIT has studied best choke points to interrupt a criminal enterprise. Improving CERTs: MIT has studied and suggested ways to improve and better coordinate the CERTs. Bug Bounty: MIT has studied crowd source methods of bug detection, such as bug bounty programs. Tipping Point Analysis: MIT has used System Dynamics to understand what will make complex systems unstable. Simulation of Systems: MIT has a rich history in simulation of complex systems under a wide variety of circumstances. 6

7 New Power Grid Project Risk Mapping for an electric operator 1. Sensor Ecosystem THREAT detection 2. Translate into EQUIPMENT risk mapping 3. Provide OPERATIONAL MITIGATION strategy

8 anagement Proposed Initial Interdisciplinary MIT Team Members Stuart Madnick Director Professor of Information Technologies, MIT Sloan School of Management & Professor of Engineering Systems, MIT School of Engineering Michael Siegel Associate Director, Principal Research Scientist, MIT Sloan School of Management Michael Coden Associate Director, Research Affiliate, MIT Sloan School Nazli Choucri Professor of Political Science, MIT School of Humanities and Social Sciences David Clark Senior Research Scientist in Computer Science Michael Coden Research Affiliate (former member of White House cyber study) Jerrold Grochow Research Affiliate (former MIT CIO and member of MITei cyber study) Qi Hommes Lecturer, MIT Engineering Systems Division, MIT School of Engineering Nancy Leveson Professor of Aeronautics and Engineering Systems, MIT Andrew Lo Professor of Financial Engineering, MIT Sloan School of Management Allen Moulton Research Scientist, MIT School of Engineering Richard Wang Principal Research Scientist, MIT School of Engineering John Williams Professor of Civil and Environment Engineering Raphael Yahalom Research Affiliate, MIT Sloan School of Management 8