SERC TALKS: “What are the Top Ten Software Security Flaws?”
Speaker: Gary McGraw, Synopsys | CONTACT
SERC TALKS: “How Do We Prepare the People Who Will Need to Manage the Real-time Responses to Cyber Attacks on Physical Systems?”
ABSTRACT:
As part of an ongoing multi-year SERC Research Task led by University of Virginia, the research effort focuses on development of cyber attack resilience concepts for cyber-physical systems, an experimentally-based set of activities have been focused on exploring human factors issues. In particular, situations involving human operators have been simulated where cyber attacks have been detected by a dedicated monitoring sub-system (referred to as a Sentinel), and a system operator is alerted and provided with relevant system reconfiguration advisories. The simulated attack scenarios include possibilities for extreme events, including possibilities for killing or seriously injuring people. The research effort has focused on operator responses to the detections and advisories, including a collaboration project with the MITRE Corporation in a simulation activity at Creech Air Force Base involving pilots remotely controlling attacked unmanned aerial vehicles (UAVs), and a collaboration project at Wright-Patterson Air Force Base (WPAFB) with the Air Force Institute of Technology involving experiments with 32 airmen remotely controlling attacked unmanned ground vehicles. The Creech Air Force Base effort raised a number of significant human factors questions that are especially pertinent to system reconfiguration responses to cyber attacks, while the more focused WPAFB experiments addressed the relationship between a particular operator behavioral characteristic (level of suspicion) and operator responses. The Talk provides the results from these efforts and their implications on operator selection and training, including identifying a broader set of needed integrated human factors and system design research activities focused on cyber attack resiliency.