CERIAS Weekly Security Seminar - Purdue University artwork

Ron Ross, "Pushing Computers to the Edge: Next Generation Security and Privacy Controls for Systems and IoT Devices"

CERIAS Weekly Security Seminar - Purdue University

English - April 19, 2017 20:30 - 624 MB Video - ★★★★ - 6 ratings
Technology Education Courses infosec security video seminar cerias purdue information sfs research education Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Limin Jia, "Information Flow Security in Practical Systems"
Next Episode: Adam Bates, "Enabling Trust and Efficiency in Provenance-Aware Systems"

As we push computers to “the edge” building an increasingly complex
world of interconnected systems and devices, security and privacy
continue to dominate the national conversation. The Defense Science
Board in its 2017 report, Task Force on Cyber Defense, provides a
sobering assessment of the current vulnerabilities in the U.S.
critical infrastructure and the systems that support the mission
essential operations and assets in the public and private
sectors.



“…The Task Force notes that the cyber threat to U.S. critical
infrastructure is outpacing efforts to reduce pervasive
vulnerabilities, so that for the next decade at least the United
States must lean significantly on deterrence to address the cyber
threat posed by the most capable U.S. adversaries. It is clear that
a more proactive and systematic approach to U.S. cyber deterrence
is urgently needed…”



There is an urgent need to further strengthen the underlying
systems, component products, and services that we depend on in
every sector of the critical infrastructure—ensuring those systems,
components, and services are sufficiently trustworthy and provide
the necessary resilience to support the economic and national
security interests of the United States. NIST Special Publication
800-53 (Revision 5) responds to the call by the Defense Science
Board by embarking on a proactive and systemic approach to develop
and make available to a broad base of public and private sector
organizations, a comprehensive set of safeguarding measures for all
types of systems, including general purpose computing systems,
cyber-physical systems, cloud and mobile systems,
industrial/process control systems, and IoT devices. Those
safeguarding measures include security and privacy controls to
protect the critical and essential operations and assets of
organizations and the personal privacy of individuals. The ultimate
objective is to make the systems we depend on more penetration
resistant to attacks; limit the damage from attacks when they
occur; and make the systems resilient and survivable.