Non-Traditional Attack Surfaces to CIP and IIOT networks

July 20, 2018
ME Auditorium
1300

Mr. Aaron A. D. Fansler

Founder, AMPEX Information Systems

Abstract

Mr. Fansler presentation will discuss the use of machine learning in cyber security.  Some significant steps have been made in the I.T. world but not in the O.T. world.  The only advances come from the attacker’s side where they are now getting smarter and faster.  Their success is accomplished by implementing machine learning algorithms.
Machine learning is a branch of computer science aimed at enabling computers to learn new behaviors based on empirical data. The goal is to design algorithms that allow a computer to display behavior learned from past experience, rather than human interaction. Machine learning is a rapidly developing field at the intersection of statistics, computer science, and applied mathematics, and it is having transformative impact across the engineering and natural sciences. 

In the past, Machine Learning has not had as much success in cyber security as in other fields. Many early attempts struggled with problems such as generating too many false positives, which resulted in mixed attitudes towards it.  Some have argued that that while machine learning is very good at finding similarities, it is less successful at finding anomalies and therefore not suited to Cyber Security. On the other side, cybersecurity is “basically broken” and machine learning is one of the few ‘beacons of hope.’  Mr. Fansler will present his opinion of the latter.

Machine learning will enable 24/7/365 monitoring of larger data loads. It will still require human interaction and intervention. Machine learning will require tuning and lots of learning in order to accurately filter real attacks from what appear suspicious but are actually benign activity.  It will complement traditional defenses to create a more multi-layered defense.  It is inevitable that this is where the future of cyber security is.  

Ampex’s objective is to design, develop, and demonstrate the use of distributed machine learning techniques in a mesh network to optimize sharing of Graphics Processing Units (GPUs) across platforms which will will provide a cyber-capability created specifically for control systems in the form of a high speed, high capacity, rugged computer devices, which, can detect, define, analyze, and mitigate cyber threats and vulnerabilities.

Biography

Mr. Aaron A.D. Fansler is the Chief Technologist for Cyber and ISR for AMPEX Information Systems (AIS) in addition to being the founder and serves Industrial Control Systems (ICS) Subject Matter Expert (SME) for OTB Security.
Aaron specialties is studying and evaluating critical infrastructures such as the electric power grid, water and POL pipelines for potential vulnerabilities and critical interdependencies. Since 2002, Aaron has worked in the arena of assessing and exploiting potential vulnerabilities with Industrial Control Systems (ICS), Smart Grids, and Microgrids. From 2006 to 2008, while working at the US Department of Energy’s (DOE) Pacific Northwest National Laboratory (PNNL) Aaron developed and established a methodology to bring together different types of assessments (i.e., physical, pen?testing, insider threats, etc.) and created CIIVA (Critical Infrastructure Interdependencies Vulnerability Assessment). The end result was a methodology that assessed not only the potential network vulnerabilities with control systems but also showed the correlations/interdependencies between the various critical infrastructures.
Recently, Aaron has developed and received a provision patent for his SCADA Network Independent Endpoint Protection (SNIEPR) tool which is a first of its kind ICS defensive capability. Another specialty of Aaron is end?to?end test and evaluation support of offensive, defensive, and intelligence?related hardware and software systems and capabilities. Everything from initial test concept development, through post?test results analysis and reporting, Aaron’s experience with test and evaluation spans the entire spectrum of capability maturity, from Advanced Technology Demonstrations (ATD) through Operational Tests and Evaluations (OT&E). Aaron has also substantial experience with GNSS systems specifically with R&D efforts to find vulnerabilities and works to create defensive solutions. Aaron was a co-author on a paper published in GPSWorld “Going up against time” Aug 2012 with Dr. Todd Humphreys.
Aaron has extensive working experience and business relationships with DARPA, DOE, AFRL, NGB ARPA; NSA, and other US intelligence organizations; DHS; U.S. Army; U.S. Air Force; and commercial organizations such as Areva, Lubbock Power & Light, Florida Power & Light, Siemens, Kinder Morgan, Electric Reliability Council of Texas (ERCOT), and Saudi Aramco and the country of Kuwait. Aaron has been called on to provide subject matter expert testimony and guidance to senior?level policymakers in U.S. Congress and also at the State, and local levels.
Prior to becoming the Chief Technologist for AIS, Aaron worked for Northrop Grumman Aerospace Systems as a Program Manager where he led Research and Development (R&D) efforts on cyber network operations (CNO) capabilities for ICS devices. Before that, Aaron was a member of the Technical Staff in the National Security Division at the Pacific Northwest National Laboratory (PNNL), where he was a member of the Department of Energy’s Field Intelligence Element (FIE). Aaron also worked for AT&T Government Solutions where he supported the USAF with their offensive cyber efforts for Computer Network Operations. Prior to that Aaron served 9 ½ years in both the Air Force and Army.
Aaron earned his Bachelor’s degree in Applied Mathematics from the University of Colorado; and two Master’s degrees, one from Capitol College in Information Assurance and Computer Security, and the other from the University of Texas. He is currently working on his Ph.D., in Information Assurance. Aaron also holds Certified Ethical Hacker (CEH), Certified SCADA Security Architect (CSSA), and Certified Hacking Forensics Investigator (CHFI), Certified Penetration Tester certifications.

POC

Dr. Daniel A. Nussbaum
Naval Postgraduate School 
Principal, Energy Academic Group
Monterey CA 93943
Phone: 831-656-2387
Mobile: 831-324-3228
Email: dnussbaum@nps.edu