WEST LAFAYETTE, Ind. — Cybersecurity in defense can be summed up in one word: trust. This is a fireside chat guest at the annual Center for Information Assurance and Security Education and Research (CERIAS) Security Symposium, held April 2 at Purdue University's Stewart Center, by Heidi Shu, Under Secretary of Defense for Research and Engineering. It was a message from.
“Cybersecurity is the same in everything we do,” Shu told Eugene Spafford, CERIAS executive director emeritus and the organization's founder, who led the discussion. “If you don’t trust the system, you don’t want it.”
This is also her message to companies considering working with the Department of Defense, Shu said, noting that despite the rise of artificial intelligence's influence across computing, traditional cybersecurity efforts pointed out that it continues.
Trustworthy AI and autonomy are among the key technology areas she oversees in her role, and she said these technologies are frequently linked. But “if a user uses the system for the first time and it behaves unexpectedly, they lose trust in the system,” Shu said. “I ask researchers: How can we test this potential pathway? How can we trust the model?”
Shu said the Pentagon is looking at what it can do to take advantage of AI, as many other countries are also experimenting with AI and autonomy. “What we're interested in is that we're using a military system, so the system needs additional assurance, and there's no way to hack the system and change its behavior, including sensor attacks. is.”
Sensor attacks were one of many issues discussed among more than 300 participants at the April 2-3 symposium. This is his 25th annual event, which brings together top experts from academia, government, and industry to discuss the latest advances and challenges facing cybersecurity. This event was established by Purdue's Information Assurance and Security Education and Research Center.
CERIAS is considered the world's leading multidisciplinary academic society on the security of cyber and cyber-physical systems. Spafford said one of CERIAS' strengths is that it is interdisciplinary. “If we didn't have computers, computer abuse wouldn't happen,” he said. “But the same is true without people. To truly tackle difficult problems, we need to consider a variety of issues.”
As you might imagine, the focus of CERIAS research has changed over the years, as has the term “cybersecurity.”
“Cyber risks and vulnerabilities are very different today than they were 25 years ago,” said Joel Rasmus, Managing Director of CERIAS. When the event started, “we weren't even calling it cybersecurity. It was 'information assurance,' protecting the information on your computer,” he said.
Today, cybersecurity is more than just protecting information. “It's about connecting systems together and forcing them to do things they weren't designed to do,” Rasmus said, “injecting vulnerabilities into manufactured components, shutting down the power grid, or disrupting the country's agricultural system.” “This could include shutting down the supply chain,” he said.
Indeed, these and other subjects made up the agenda for this year's event. Drones are a notable example. At the end of 2023, there were more than 800,000 drones in use in the United States for a myriad of purposes, according to Ashok Raja, assistant professor of cybersecurity and computer information technology and graphics at Purdue University. However, he noted that sensor attacks can exploit them, and stealth attacks on the perception-based control of unmanned aircraft can reduce its performance while remaining undetected.
“UAVs can be misunderstood through a series of steps, which can ultimately lead to a crash,” says Raja. “Sensory sensors can be used by malicious entities as a channel to attack AI algorithms,” he said, adding that drones can be made to withstand attacks to protect UAVs used for things like bridge inspections. Said that adversarial samples can be used for training.
Chris Cleary, vice president of global cyber solutions at Mantech and former chief cyber advisor to the Navy, says cyber is now a warfighting domain. Up until now, officials haven't discussed cyber because it's classified, but in the defense community, “we talk about cyber all the time,” he said.
“This is no secret to anyone. Some of our adversaries are intentionally building weapons to penetrate parts of our infrastructure through environmental preparation and the deterioration of our ability to use our capabilities. ,” Cleary said.
“We need to be careful about cyber right now,” he says. In both cases, he said, the possibility of a cyberattack must be investigated and eliminated “because the enemy has the right to vote.” When exploiting a vulnerability or technology, “adversaries can find a way around it.”
In addition to their presentations, students presented approximately 60 posters highlighting some of the current cybersecurity research projects being conducted under CERIAS.
“Over the life of CERIAS, we have produced 300 PhDs in cybersecurity and helped produce thousands of undergraduate and master’s degrees,” Spafford said. says. “Our industry and government partners are excited to support our research as well as our broader educational mission. We know that it takes not only the application of , but also the hard work of talented people.”
“One thing that has remained consistent over the past 25 years is that Purdue University's CERIAS has been at the forefront of identifying and mitigating these risks and vulnerabilities,” Rasmus said. “We’re also educating the next generation of the workforce.
“There's something big going on here,” he said. “This is not your typical cybersecurity conference” because many people from the government and commercial sectors will attend and speak. From the beginning, we had a fundamental motivation to solve real problems.
“Academia cannot stand in an ivory tower,” he said. “To change the world, we need to involve industry.”
Writer/Media Contact: Evamarie Socha, ecsocha@purdue.edu
