Cybersecurity Hard Problems Spring 2014 Workshop
The Cyber Research Institute with support and participation from the Griffiss Institute and the Air Force
Research Laboratory Information Institute is sponsoring a leading edge workshop on “Cybersecurity Hard
Problems.” The purpose of this workshop is to bring together distinguished researchers and domain experts for
a two-day period to examine, discuss, and propose solutions to the most pressing issues in cybersecurity today.
The two-day workshop will be held at the Griffiss Institute in Rome, New York on March 19th and 20th, 2014.
Cybersecurity is a dynamic and ever changing field. In today’s information intensive environment,
cyber-related incidents are on the rise. Our national security, personal safety, and economic health are at risk.
The cyber threat that exists today is highly sophisticated and quite capable. Whether it’s hacking, white collar
crime, fraud, identity theft, or stealing proprietary information, today’s threat is very serious. This threat ranges
from basic hackers to organized cybercrime groups to terrorists to well-funded nation state actors.
So many cybersecurity challenges exist today that must be solved. New connected technologies present
unique challenges for the security sector. Recently, we have seen a proliferation of Internet connected devices
such as automobiles, set-top boxes, home appliances, and energy consuming devices on a smart-grid. These
devices pose quite a challenge to the cybersecurity community. Likewise, the finance and service sectors have
new challenges such as big data protection, on-line currency, and mobile application security. Even
manufacturing products have unique challenges today in trusting the source of the components. Securing the
supply chain is critical for so many reasons.
Another interesting aspect of cybersecurity is that cyber-based attacks, using malicious computer
software, can do physical damage in the real world. National critical infrastructure systems, including the
electric power grid, oil and gas plants, water treatment facilities, and nuclear systems are run by supervisory
control and data acquisition (SCADA) systems. SCADA systems control complex critical infrastructure
functions like detecting current flow and line voltage, opening and closing valves, regulating traffic lights, and
monitoring and regulating water flow. Stuxnet is a recent worked example of what is now possible in the realm
of cyberspace; the ability to use software to create damaging real-world effects.
Each of the above challenges has an impact on Department of Defense technology and programs. This
invitation-only workshop brings together the some of the best minds to identify some of the hardest
cybersecurity challenge problems that intersect Department of Defense interests with those of industry, critical
infrastructures, and academia.
During the workshop, participants will be assigned to groups to address cybersecurity needs for the following
domains and areas:



Military (including defense and intelligence)
Law enforcement
Industrial control systems and SCADA



Transportation (including air, rail and automotive)
Financial
Healthcare
The tentative structure of the workshop is as follows:
DAY 1:
8:00: Registration
Attendees will check in and have the opportunity to briefly introduce themselves to other attendees and
individuals associated with the Griffiss Institute and AFRL.
8:30 – 11:30: Opening Keynote Addresses
During this beginning half of day 1, several cyber leaders will be introduced and will speak on behalf of
the Cyber Research Institute, Griffiss Institute, and Information Institute. These cyber leaders will
address cybersecurity needs in the following domains and will familiarize attendees with the
organization and hard problems.
•Military (including defense and intelligence)
•Law enforcement
•Industrial control systems and SCADA
•Transportation (including air, rail and automotive)
•Financial
•Healthcare
11:30-12:30: Break for Lunch
Attendees will break for lunch.
12:30- 3:30: Group Work
The second half of the day will be allotted to break attendees into the groups based on the previously
chosen domain topics listed above. Members of each group will examine their assigned area from a
technological perspective. They will also be encouraged to discuss what threats and vulnerabilities are
within the specific topic areas and to identify what hard problems each area faces in both the present
and future.
DAY 2:
8:30- 9:45 Group work wrap-up
Before the groups are to present their findings to the rest of the attendees, they will briefly wrap up what
was discussed and assessed on day 1 and will organize a 30 minute presentation reflecting on their
priority issues of interest recommended for future research.
9:45-10:00 Short Break
10:00-11:30 Group Presentations
10:00-10:30 Group 1 Presentation
10:30-11:00 Group 2 Presentation
11:00-11:30 Group 3 Presentation
11:30-12:30: Break for lunch
12:30-2:00 Group Presentations
12:30-1:00 Group 4 Presentation
1:00-1:30 Group 5 Presentation
1:30-2:00 Group 6 Presentation
2:00-2:15 Short Break
2:15 -3:00 Conclusions and Closeout
The last remarks will be given summarizing key topics and recommendations discussed on both day 1
and 2 of the cybersecurity hard problem workshop.
If you are able to attend the workshop, please contact the workshop organizer at [email protected].
Also, please cc Ms. Kelly Boek at [email protected] .When you reply please let us know the top two areas that
you have interest in. When you show up to the workshop, we’ll do our best to assign you to one of the groups
that you have chosen.
It is anticipated that the output of the workshop will be a report that will be used to drive future funded
research and development activities in this critically important area. The Cyber Research Institute intends to
fund a few teams to continue investigating critical cyber problems. This may include an intense summer
research program with CRI, AFRL and academic and industry researchers.
If you have any questions please feel free to contact me.
Sincerely,
Joe Giordano
Workshop Organizer