作为一名现役空军土木工程师,他总共有近25年的经验, Air Force Civil Servant, and project manager for Tetra Tech. 他的专长是高可用性关键基础设施系统,在担任了8年负责生存能力的工程师之后, endurability, 以及夏延山太空部队基地(CMSFS)地下综合体基础设施的可用性.
Jason是CMSFS目前正在建设的网络强化弹性工业基础设施-系统平台(CRIISP)概念的首席全球最大体育平台工程师. 这是美国空军的首个同类系统,包含一个标准化的网络交换机组件, resilient network topology, and machine learning/artificial intelligence (AI)-based security overwatch. 该系统允许对工业控制系统(ICS)/设施相关控制系统(FRCS)/操作技术(OT)网络进行近乎实时的威胁检测和警报.
他拥有the United States Air Force Academy的工程力学学士学位和the Air Force Institute of Technology的工程管理硕士学位.
What experiences led you to your work in ICS networks and cybersecurity?
我在CMSFS担任了近8年的作战飞行主任和副基地土木工程师——想想北美防空司令部和军演, or maybe Stargate SG-1, if CMSFS doesn’t ring a bell. 该综合大楼有参谋长联席会议主席指令(CJCSI)授权的基础设施可用性,因为它与设在那里的许多机密任务有关. So over time, I became an expert in designing, operating, and maintaining highly available critical infrastructure. 我的职责包括作为唯一的生存能力系统和关键基础设施可用性的负责工程师.5-acre underground complex at CMSFS.
ICS网络是独一无二的,因为它用于操作复杂的生存能力系统和关键基础设施. 全球最大体育平台力的减少使得自动化和增强ICS网络的功能成为满足综合体任务要求的唯一途径. I took an interest in the security of our network as it related to my responsibilities, 它成为了我的个全球最大体育平台兴趣,因为我看到了自动化的潜力和风险.
When I left government service and joined Tetra Tech, I wanted to expand my expertise in highly available infrastructure. 为了扩展我的知识和能力,我参加了Uptime Institute认可的Tier全球最大体育平台师认证考试. As part of the certification, 您将进一步探索ICS与关键基础设施和数据中心(或国防部(DoD)术语中的关键任务)之间的关系. 我意识到我需要扩展我的ICS全球最大体育平台和网络安全知识和能力,以便为我的客户提供有效的服务. Since then, 我与IT安装和ICS网络安全专家建立了一些战略合作伙伴关系,以帮助提高我的个全球最大体育平台能力,并带来全面的服务, turn-key solution to the Air Force (now United States Space Force).
Why do defense clients care about ICS cybersecurity?
与传统IT相关的风险很容易理解:丢失机密或敏感信息,或将我们的计划泄露给敌全球最大体育平台. Those associated with your building’s lighting control system are not. When I talk about ICS, I am talking about all automation systems. You will hear the terms operational technology (OT), FRCS, and ICS, often interchangeably. Generally, I’m referring to OT as non-information technology (IT) computing and communication systems.
Like all systems, you have to understand the true impact and consequences of a compromise. Rarely do we have a single purpose with our OT network, 你的照明控制系统的漏洞可能会被利用来进入其他系统,比如供暖和制冷系统. 也许攻击者可以在不发出警报的情况下提高计算机机房的温度,并关闭所有关键任务,因为失败而对您的照明控制采取最低限度的安全措施. Unfortunately, 国防部的大部分OT基础设施早在关注网络安全之前就已经投入使用了. 现在,我们正在努力追赶IT世界,试图在保卫我们的网络方面达到同样的能力水平. 国防客户关心ICS网络安全,因为它影响他们保护和执行任务的能力.
What makes cybersecurity for OT different from standard IT network security?
An OT network still runs on a Windows-based computer, 因此,我们在国防通信网络上采用的IT网络安全可以也应该应用于我们的OT工作站.
However, our traditional IT approach to detecting threats is generally signature-based. In simplified terms, we find a new virus, identify its signature, update our databases with the information, and then push these updates out to every workstation through antivirus software. 对于国防IT网络来说,所有网络都运行在同一操作系统上,使用相同的批准软件, keeping pace to threats to this environment is possible, and the signature-based approach works. We need a different approach when the OT networks are not standardized, do not have the same workstation setup, and contain thousands of options for devices and software employed.
We can employ machine learning/AI to bridge the gap. As of 2019, the average time to detect a network intrusion for OT was over 180 days. 也就是说,对手在六个月的时间里已经获得了对您的设置的完全访问权限,并计划了通过更改您的OT网络来影响您的任务的最佳方法. Using AI, 我们可以监控网络上的数据,识别行为和配置的变化——无论是设备还是使用网络的全球最大体育平台——在入侵发生后几秒钟内检测到入侵,并在不久后识别出攻击的来源. Using AI as a security overwatch for the network, 国防客户可以用检测攻击所需的工具和信息武装他们的网络防御团队, minimize the impact of the attack, and then counterattack as needed.
What tools and approaches should defense agencies consider as they address OT cybersecurity?
Defense clients need to avail themselves of all the options available for OT cybersecurity, commensurate with the risks and consequences of attacks. Employing a risk management approach, perhaps lower risk systems need only adopt a compliance-based approach to policy, such as ensuring passwords are changed frequently and patches applied. However, 高风险系统应该有工具和能力来处理增加的风险. 这就是我作为CMSFS crisp项目的首席工程师参与其中的原因. The location came up with the concept, 它采用了一种基于全球最大体育平台工智能的安全监控系统,可以近乎实时地检测到攻击, including insider threats. 根据我过去的经验,我知道ICS网络对于在地下建筑群中工作的任务至关重要. Like all defense agencies, the DoD needs enhanced cybersecurity, especially for its Defense Critical Infrastructure Program (DCIP) critical assets. I think this new design approach fills a critical gap in capability for OT cybersecurity needs.