Monday, February 7, 2011

A Look at Cyber Defense in Depth

The National Science Foundation (NSF) has an interesting notice in Monday’s Federal Register (available on the internet on Saturday) for a March 22nd workshop that is intending to look at the basic assumption that a cyber ‘defense in depth’ strategy is the best way to protect information systems. This is intended to be the first in a series of ‘Assumption Buster’ workshops.

There are a number of things that set this Federal Register Notice apart from the mainstream notice. First this isn’t the normal meeting notice where some organization is publishing a required meeting notice. It reads like more of a solicitation to form an organization. NSF is asking people to apply to participate in the workshop; requiring a resume/CV and a one-page opinion paper on the topic of defense-in-depth.

Another unusual aspect of this workshop is that NSF’s National Coordination Office (NCO) for the Networking and Information Technology Research and Development (NITRD) Program will be paying travel expenses for the selected participants. Most public meetings reported in the Federal Register expect public participants to pay their own expenses.

Of course, the most unusual aspect of this workshop is that it is intended to be an adversarial type of environment. The notice states that:

“The goal is to engage in robust debate of topics generally believed to be true to determine to what extent that claim is warranted. The adversarial nature of these debates is meant to ensure the threat environment is reflected in the discussion in order to elicit innovative research concepts that will have a greater chance of having a sustained positive impact on our cyber security posture.”
It’s nice to see that some people are interested in the competition of ideas. The confrontation of ideas is an important part of the scientific process. It is always a good idea to stop and question basic assumptions that we make about the use of technology from time to time.

This will be focusing on information systems, but I think it will be interesting for the control system community to take a look at the results from this workshop

No comments:

/* Use this with templates/template-twocol.html */