Computing Community Consortium Blog

The goal of the Computing Community Consortium (CCC) is to catalyze the computing research community to debate longer range, more audacious research challenges; to build consensus around research visions; to evolve the most promising visions toward clearly defined initiatives; and to work with the funding organizations to move challenges and visions toward funding initiatives. The purpose of this blog is to provide a more immediate, online mechanism for dissemination of visioning concepts and community discussion/debate about them.


Safety and Security for Intelligent Infrastructure

June 13th, 2017 / in Announcements, CCC, policy, research horizons, Research News / by Helen Wright

As we start to embed sensing, computing, and communication into previously “dumb” infrastructure, there are clear benefits but it also creates new and challenging threats to safety, security, and privacy. How we address these threats is critical because, with cyber-physical systems, security vulnerabilities can translate directly to public safety hazards.

Recently, the Computing Community Consortium (CCC) in collaboration with the Electrical and Computer Engineering Department Heads Association (ECEDHA) released white papers describing a collective research agenda for intelligent infrastructure. We will be blogging about each paper over the next few weeks.

Today, we highlight the Safety and Security for Intelligent Infrastructure white paper.

These threats occur in multiple forms (from information leakage to petty cybercrime to cyberwar) and at multiple scales (issues with individual devices, issues with a single device networked to a server in the cloud, and emerging issues with large collections of devices coordinated for a specific purpose).

A list of threats and the necessary research needed to address them include[1]:

  • Threats against individual devices: Attacks against individual devices might include customers physically or electronically hacking their meter to cheat the power company or a cyber criminal turning off power in a house as a form of physical ransomware.
    • Research needed: Programs such as DARPA HACMS, where drone software created using formal methods was shown to be difficult to hack, are showing promise. While progress has been made, it’s clear from global headlines that improvements in individual device security are still sorely needed.
  • Threats from the network: Because smart devices are networked, the opportunity exists for attackers to interpose themselves between your device and the legitimate servers they communicate with.
    • Research needed: First, establishing a strong understanding of identity using cryptography can allow two parties (e.g., client and server) to interact with greater confidence. In addition, techniques that allow verified computation on the device (where data is never sent over the network) can prevent intruders from eavesdropping on private information.
  • Emerging threats from collections of devices: Because smart devices are deployed at scale, there are often hundreds of thousands of devices deployed and network connected running similar or identical hardware and software.
    • Research needed: New techniques are required to reduce the burden of understanding the current state of large collections of devices and manage them as a unit.

Please read the paper for other research investments needed for Safety and Security for Intelligent Infrastructure.

Stay tuned to learn more about the other intelligent infrastructure papers!

[1]  List of threats and research is not comprehensive but an indication of the breadth of challenges that need attention.

Safety and Security for Intelligent Infrastructure