The
objective of the Tuesday session of the RTES Forum was to explore
developing a Cyber Security Solution based on a MILS Architecture to
include considerations related to: component integration, compositional
certification, automated evaluation/certification tools, and a
commercial approach to evaluation and certification. An additional
objective was to explore how to test for the key types of errors that
are most exploited during cyber attacks.
Summary
The
RTES Forum held a full-day session with very interesting presentations
on what needs to be considered when developing Cyber Security Solutions.The following focus areas were addressed:
How
to test for the key types of errors that are most exploited during
Cyber Attacks (Rich Barry, Kestrel Technology)
Component
Integration with defined interfaces (interfaces to be standardized)
Assurance
level as required resulting in a Protection Profile (PP). The PP
will be based on an enterprise (domain) requirements; for example,
Medical, SCADA, Avionics, or a segment of the GIG (logistics,
sensors, intelligence, C2, etc.).
Potential
use of Compositional Certification.
Outputs
Not
applicable.
Next Steps
The
RTES Forum will continue to look at Cyber Security as it applies to a
solution based on the MILS Architecture and will also investigate the
need and determine the prioritization for creating a Protection Profile
based on enterprise domain requirements; in particular they will be
looking at the medical areas such as the operating room of the future (ORF).
Links
We
are still gathering all of the presentations. Links will be provided
next week.
