Critical systems should be resilient against attempts to compromise them, cradle to grave
To establish the safety and security of a given technology — as well as its ability to achieve new mission capabilities — the U.S. government calls for repeated demonstration
However, increasing dependence on commercial technologies may expose critical government systems to potential malicious alterations during their life cycle. Can these systems be trusted to perform their intended function when called upon?
When the complexities of the development environment elude conventional analysis, a new approach is needed to ensure highly reliable, critical systems.
At the forefront of creating such an approach, Sandia has initiated cross-discipline research and development that addresses the complete spectrum of life cycle threats — including insider and supply chain threats — to the integrity and performance of critical systems.
In this quest, Sandia is partnering with federal agencies, other Department of Energy laboratories and plants, and universities to bring strength and focus to the challenge. Also key is engaging with researchers who reflect the breadth, depth and cross-cutting emphasis
- Designing for trustworthy/self-auditable systems: What technologies in the design can increase the resiliency of critical systems to compromise and also monitor the health of the system throughout its lifecycle? Can we design for simplicity to reduce the risk space?
- Threat discovery/analysis technologies: Can we apply what we learn about threats to critical systems to recognize and understand previously unknown threats?
- Managing risk: How can technology help decision makers manage the risks associated with untrustworthy content? Is it possible to quantify trustworthiness?
The Trusted Systems and Communications Research Challenge is using quantifiable engineering-based approaches to evaluate and improve trustworthiness. As part of this project, Sandia is launching two efforts focused on:
- Foundational techniques to support analysis of trustworthiness: Sandia is leveraging existing research in areas such as game theory, supply chain
analyticsand risk assessment to develop approaches for analyzing trust.
- Use of diversification to improve trust: Sandia is developing verification-based analysis techniques to identify ways to create diversification within systems to increase the difficulty the
attackerfaces and minimize the impacts of successful attacks.