Speaker:
Rita Foster
Idaho National Laboratory

Abstract:

Problem: Cyber threat information is rarely codified and never connected to actual infrastructure that needs cyber protections since infrastructure is also not codified.

Solution: Infrastructure Expression (IX) – Five use cases for the IX tools with methods using graph theoretics and machine learning will be presented. A full scenario on recent malware binary analysis will be presented highlighting applicability to infrastructure, creation of context specific indicators, cyber observables, and courses of actions for better cyber defenses.

Background: The Idaho National Laboratory (INL) has been creating tools, methods and cyber defense capabilities using Structured Threat Information Expression (STIX) and graph database technology since 2015. INL's internal Laboratory Directed Research and Development (LDRD) project – IX - created the first codified infrastructure models in STIX. INL has open sourced these tools and uses advanced graph and machine learning methods and techniques to support critical infrastructure cyber defenses for many USG sponsors and stakeholders.

About: Rita Foster is recognized nationally for research leadership in control system cyber security, briefing numerous committees in the United States Senate and House, appointed by cabinet level secretaries to serve on advisory councils and is frequently requested to provide analysis on emerging threats and impacts to critical infrastructure. She currently leads the innovation development for the infrastructure security areas: identifying research gaps that align to our agile and resilient strategies, creating partnerships, building proposals, and analyzing risk components for cyber-physical infrastructure security.

These partnerships include asset owner utilities, technology providers, DOE, DHS, DOD and other government entities.  Her efforts resulted in research proposals awarded ranging from creation of automated response mitigating cyber threats, applying machine learning to firmware and malware binary code, impact analysis with physics-based modeling, asset owner consumable threat analysis and characterizations of vulnerabilities and exploits in various control systems and components.  She has over 33 years of experience in computer integration focusing on control systems applications, real-time simulations and for critical life safety related applications.

Her current role at INL includes over 18 years of experience in cyber security of critical infrastructure identifying research gaps aligned with strategic direction, creating partnerships,providing capstone analysis, and thought leadership in areas of protection and defense in the energy sector.  She has mentored over 50 interns ranging from high schoolers to Ph.D. candidates using her project data and tools for dissertations. She provides outreach and education to a wide range of stakeholders and has participated in numerous exercises to identify gaps in roles and responsibilities between private industry and government.  She has managed multi-discipline teams bringing together controls system engineers, network engineers, cyber security researchers and subject matter experts for infrastructure security.  She has served as the technical lead providing initial direction and requirements for programs essential to INL's success. Her early career at INL included over 15 years of experience in independent verification and validation of large military networks for performance and security, validating of physics-based code for nuclear repositories, programming real time training simulators for nuclear operations, programming life safety systems for nuclear repositories, validated energy transmission and distribution systems and integrated divergent control systems creating supervisory control and data acquisition platforms. Prior to INL, she obtained over 8 years of experience in computer operations,programming, and data networking.

The weekly security seminar has been held every semester since spring of 1992. We invite personnel at Purdue and visitors from outside to present on topics of particular interest to them in the areas of computer and network security, computer crime investigation, information warfare, information ethics, public policy for computing and security, the computing "underground," and other related topics. More info