Safe and Secure Computer Control Systems? The devil is in the details...

Abstract

In modern societies, there is an accelerated convergence of information technology (IT) like the internet-cloud-web complex, with operational technology (OT) like cyber-physical systems (CPS) control, complemented by Internet-of-Things fabrics (IoT). 
However, the opening of new threat surfaces both to occasional accidents or malfunctions and to targeted attacks, is often ignored in system design or evolution. The recent mishaps of the Boeing 737 MAX are one example. One other particular issue that I discuss in the talk is the current safety-security gap we observe in several CPS: apparently well-designed systems from the safety viewpoint are easy prey to hackers. One striking example is the automotive area (ADAS, V2X).
These problems are hard to address and we claim they cannot be solved for CPS with classic techniques, requiring instead forms of cyber resilience, achieving defenses that are automatic, incremental, dynamically adaptive, and sustainable. Paradigms and techniques of resilient computing (RC) are key here, drawing from the fusion between dependability, security, and AI/ML. I will provide several examples of RC at work mitigating the safety-security gap, for distributed CPS systems (with a slant in the autonomous vehicles area).
These matters are addressed in detail in my course on Resilient Computing Systems - CS 394T, and explored in the research and advanced teaching I propose to foster in RC3@KAUST /(https://rc3.kaust.edu.sa/).
 

Brief Biography

Paulo Esteves-Veríssimo is a professor at the KAUST University (KSA), and Director of the Resilient Computing and Cybersecurity Center (RC3 - https://rc3.kaust.edu.sa/). He was a member of the Sci&Tech. Comm. of ECSO EU Cyber Security Organisation, Chair of IFIP WG 10.4 on Dependable Comp. and F/T, and vice-Chair of the Steer. Comm. of the DSN conference. He is Fellow of IEEE and of ACM, and associate editor of the IEEE TETC journal, author of over 200 peer-refereed publications and co-author of 5 books. He is currently interested in resilient computing, and its potential to improve classic cybersecurity techniques, in: SDN-based infrastructures; autonomous vehicles from earth to space; distributed control systems; digital health and genomics; or blockchain and cryptocurrencies.