Autonomous Systems Sensors Fusion

Cyber Security Guidelines

ACAMP seminar

Oct 25th, 2016

Marius Ghinescu

Topics - Focus

• Alberta Innovates Overview• Digital Economies – Autonomous Systems

– From Digital Battlefield to Digital Everything

• Sensor Fusion - Industrial Internet of Things (IIoT) – includes Operational Technology

• Cyber Security Frameworks and References• Cyber Security Guidelines Summary• BACK-UP SLIDES

– Advanced Monitoring Systems Timelines– Data Science, Machine Learning, Artificial Intelligence,– Autonomous Systems for Mobility

Alberta’s Innovation System

The Government of Alberta is consolidating existing agencies (Bio Solutions, Energy and Environment Solutions, Health Solutions and Technology Futures) into one corporation called Alberta Innovates that will fund and drive innovations. A new wholly-owned subsidiary corporation that provides specialized applied research services will also be created. Alberta Innovates offers post-secondary research support, applied research and commercialization services

650 staff $160M budget

7 locationshttp://www.albertainnovates.ca/

Digital Battlefield – Network Centric Operations

OODA Loop – ACT

Autonomous Cyber Defense Systems

• Stanley - the self-driving car that won the 2005 DARPA Grand Challenge

• 2013 - DARPA Launches Competition to Create Autonomous Cyber Defense Systems

• “The Cyber Grand Challenge featured never-before-seen autonomous systems and highly trained experts, many of whom compete regularly on a global “Capture the Flag” tournament circuit. In the end, CGC validated the concept of automated cyber defense,bridging the gap between the best security software and cutting-edge program analysis research.”

• References: http://www.defense.gov/News/Article/Article/907045/darpa-autonomous-bug-hunting-bots-will-lead-to-improved-cybersecurity

DARPA Director Arati Prabhakar speaks during the award ceremony after the world’s first all-machine hacking tournament Aug. 4, 2016, in Las Vegas. Seven teams competed in the capture-the-flag event and three of them won cash prizes. DoD photo by Cheryl Pellerin

The winning computer system, dubbed Mayhem, was created by a team known as ForAllSecure

Hype

https://www.iiconsortium.org/IISF.htm Systems engineering primer

Guideline 1 – System Requirements and Use Cases

Digital OilField Graphical Illustration (to be added)

10

Source: Digital Oilfield Outlook Report, Opportunities &Challenges for Digital Oilfield Transformation, JWN Energy/GE/Accenture Oct. 2015

Industrial Internet Security Framework*

*One of many that seems to gain adoption – defined by Industrial Internet Consortium

Should AI sponsor and provide AB based SMEs with access to some IIoT platforms?

Trade off risk assumption – Pay now or pay later; Security “smeared on” to get to market => can you survive making the news?

Example IIoT platforms (e.g. GE Predix, Accelerite, Inductive Automation, Samsung Artik)

Guideline 2: “Baked-in” versus “Bolt-on”

Assurance - IoT Security Testing and Certification Labs

The ICSA Labs Product Assurance Report found the majority of security devices fail to perform as intended*

*Validation vs Verification, Qualification, Certification

Risk Management

*https://www.ncoic.org/images/technology/whitepapers/NCOIC_Cybersecurity_Landscape_WhitePaper_v1.0.pdf

MIP Information Model

The Joint Command, Control and Consultation Information Exchange Data Model (JC3IEDM) is first and foremost an information exchange data model

@MIP Public Home https://mipsite.lsec.dnd.ca/Pages/Default.aspx

• Engage and leverage third party capabilities –time to market, standards based certifications– For example: GrammaTech Inc. (a developer of software

assurance tools and advanced cybersecurity solutions)

• Leverage modeling, simulations, training and certification capacity within AB (incl campus AB)

• Conduct Sensor Fusion Interoperability testing– Leverage Nano/Micro Centre – ACAMP plus partners

• Should Alberta Innovates provide AB SMEs with access to an interoperability lab and/or program?

Guideline 3: Solution assurance

Sensor Fusion for Autonomous Systems Cyber Security Summary

1. Elicit requirements at the system level:a) Appropriate system design trade offs and deployment scenarios

b) align to Customers/Market operational requirements

2. “Bake-in” development approach: a) Structure system development to include cyber security expertize and

timely inclusion

b) Procurement process to include cyber security reviews of components, open-source and sub-systems;

3. Solution assurance: a) Validation and Verification using sector specific cyber security frameworks

with clear Measures of Effectiveness (MoE)

Truth leads to enlightenment,which compels action

Bliss fosters naiveté,

which leads to status quo

23

Cyber Security – Reality Check