Rita Foster - Idaho National Laboratory
Cyber defender's plead - If it's not codified – Please go away
Sep 06, 2023
Download: MP4 Video Size: 237.4MBWatch on YouTube
Abstract
Problem: Cyber threat information is rarely codified and never connected to actual infrastructure that needs cyber protections since infrastructure is also not codified.
Solution: Infrastructure [removed]IX) – Five use cases for the IX tools with methods using graph theoretics and machine learning will be presented. A full scenario on recent malware binary analysis will be presented highlighting applicability to infrastructure, creation of context specific indicators, cyber observables, and courses of actions for better cyber defenses.
Background: The Idaho National Laboratory (INL) has been creating tools, methods and cyber defense capabilities using Structured Threat Information [removed]STIX) and graph database technology since 2015. INL's internal Laboratory Directed Research and Development (LDRD) project – IX - created the first codified infrastructure models in STIX. INL has open sourced these tools and uses advanced graph and machine learning methods and techniques to support critical infrastructure cyber defenses for many USG sponsors and stakeholders.
About the Speaker
These partnerships include asset owner utilities, technology providers, DOE, DHS, DOD and other government entities. Her efforts resulted in research proposals awarded ranging from creation of automated response mitigating cyber threats, applying machine learning to firmware and malware binary code, impact analysis with physics-based modeling, asset owner consumable threat analysis and characterizations of vulnerabilities and exploits in various control systems and components. She has over 33 years of experience in computer integration focusing on control systems applications, real-time simulations and for critical life safety related applications.
Her current role at INL includes over 18 years of experience in cyber security of critical infrastructure identifying research gaps aligned with strategic direction, creating partnerships,providing capstone analysis, and thought leadership in areas of protection and defense in the energy sector. She has mentored over 50 interns ranging from high schoolers to Ph.D. candidates using her project data and tools for dissertations. She provides outreach and education to a wide range of stakeholders and has participated in numerous exercises to identify gaps in roles and responsibilities between private industry and government. She has managed multi-discipline teams bringing together controls system engineers, network engineers, cyber security researchers and subject matter experts for infrastructure security. She has served as the technical lead providing initial direction and requirements for programs essential to INL's success. Her early career at INL included over 15 years of experience in independent verification and validation of large military networks for performance and security, validating of physics-based code for nuclear repositories, programming real time training simulators for nuclear operations, programming life safety systems for nuclear repositories, validated energy transmission and distribution systems and integrated divergent control systems creating supervisory control and data acquisition platforms. Prior to INL, she obtained over 8 years of experience in computer operations,programming, and data networking.