[I’m heading up for bidders’ conference for the DHS Science & Technology (S&T) control system security research opportunity in DC tomorrow. It will be interesting to see if they provide any more detail than in the announcement on the applied research they would like to see.
Any great ideas out there?
UPDATE at the event:
About 160 people here at the event chasing $4.5M in research money. I have been so focused on the control systems security world that I didn’t even consider that it is a small percentage of what DHS worries about related to cyber security. Of the nine technical topic areas (TTA to throw another USG acronym out there), only one is specifically related to control systems and two others are closely related. Of course, since IT impacts control systems all areas will have some impact.
- TTA 1 – Detecting and Mitigating Botnets (more interesting given what happened to Estonia. What about a botnet aimed at the bulk electric asset owners?)
- TTA 2 – Composable and Scalable Secure Systems (how do a set of secure of secure devices create a secure and highly available system?)
- TTA 3 – Cyber Security Metrics (what is the risk? a big problem in the control system community, but the TTA is much broader)
- TTA 4 – Network Data Visualization
- TTA 5 – Internet Topography
- TTA 6 – Routing Security Management Tool (Secure alternatives to BGP for Internet routing)
- TTA 7 – Process Control Security (Obviously TTA 7 is aimed at control system. There are two sub-topics: Secure and Reliable Wireless and Real-Time Security Event Assessment and Mitigation.)
- TTA 8 – Data Anonymization (Big issue in information sharing in control systems)
- TTA 9 – Insider Threat Detection and Mitigation (A sophisticated attack designed to misuse or mislead a control system would require specialized knowledge so insiders are one of the serious threat agents.)
UPDATE – It appears likely that more than $4.5M will be available, but it is all based on future year funding which is not yet determined. FY 2008 is not far away so this could go up before the first awards under this BAA.