IEEE

Jeff Hughes

Tenet3

Track: Cyber Security and Trusted Systems I
Talk Title: Cyber Resilience Through Strategic Analysis

 
 
 
 
Biography:
Jeff A. Hughes is the President of TENET3. TENET3 is a Dayton, Ohio cyber technology company specializing in complex system analysis, cyber security economics, and value driven risk mitigation investments. TENET3 employs quantitative cyber security metrics to clarify risks when employing complex cyber-physical systems. Previously, Mr. Hughes was the Strategic Advisor to the Director, Sensors Directorate, Air Force Research Laboratory (AFRL). He was Division Chief, Aerospace Components & Subsystems Technology Division, Sensors Directorate, where he led research into advanced techniques for developing & screening trustworthy microelectronic components. Mr. Hughes was selected in 2009 as a member of both the Cyber and Cross Domain working groups that supported the AF Chief Scientist in formulating AF Tech Horizons, where he advocated for machine augmentation of human performance and trustworthy autonomous systems, two major findings of AF Tech Horizons. Mr. Hughes was the founding chief of the Anti-Tamper Software Protection Initiative (ATSPI) Technology Office, Air Force Research Laboratory (AFRL) and led research into complex system vulnerability and risk analysis for trusted cyber systems. Jeff has a MS in Electrical Engineering from the Ohio State University and has completed graduate work towards a Ph.D. at the Air Force Institute of Technology.
 
Abstract:
Cyber-physical system insecurity is expressible as information arbitrage practiced by the attacker (i.e. the attacker knows something the defender doesn’t and profits by it). The adversary gains this knowledge by both observing the defender’s system over time and practicing their attacks on similar systems or components that are often commercially available. The attacker typically has a limited set of objectives which aids in focused application of his resources. The defender has multiple competing requirements to satisfy. First, the system cannot be hamstrung by security and must support the mission by providing a useful capability (where usefulness is often characterized by availability, adaptability, and extensibility). Second, the defender must protect the system (and hence the mission) against multiple adversaries. The defender’s resources are spread amongst these competing objectives with the hope that defenses have been optimally applied. The defender only becomes aware that an attacker/defender information differential existed when a system vulnerability is internally discovered, published by others, or worse yet, demonstrated by the adversary. Hope is not a defensive strategy …identifying, tracking, and mitigating opportunities for information arbitrage is. This talk examines application of strategic analysis to mitigate opportunities for information arbitrage and provide for cyber physical system resiliency to threats.