Cyber-Physical Systems Security: Washington D.C Chamber of Commerce Thermostat Attacked

A Risks mailing list post "Internet of things" by David Magda points to a December 21, 2011 Wall Street Journal article "China Hackers Hit U.S. Chamber"

The Chamber continues to see suspicious activity, they say. A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an Internet address in China, they say, and, in March, a printer used by Chamber executives spontaneously started printing pages with Chinese characters.

News sources do not suggest that there is any strategic value in having a thermostat sending data to China. Perhaps once the servers were breached, other systems on the networks started sending traffic as well?

The incident does point out an obvious potential pitfall of having embedded systems on a public-facing internet.

Dataflow machines help J.P. Morgan reduce end of day risk calculations from 8 hours to 238 seconds

The Wall Street Journal blog entry "Maxeler Makes Waves With Dataflow Design" discusses Maxeler, who make FPGA-based dataflow machines/

Apparently, J.P. Morgan is using Maxeler machines for end of day risk calculations. The time needed for the calculation dropped from 8 hours to 238 seconds. See "JP Morgan expands deployment of FPGA-based supercomputer".

Our group has a long history with dataflow, so it is gratifying to see a real-world dataflow solution.

"Distinguished lecture series to focus on cyber-physical systems "

Washington University in St. Louis will be hosting a "Distinguished lecture series to focus on cyber-physical systems" that includes Edward A. Lee's talk:

"Nov. 12. Edward A. Lee, PhD, the Robert S. Pepper Distinguished Professor of computer science at the University of California, Berkeley and director of Chess (Center for Hybrid and Embedded Software Systems), raises an even deeper problem in a talk titled “Computing Needs Time.” He asks whether today’s computing technologies provide an adequate foundation for cyber-physical systems because time and timing play such an important role in physical systems, while software takes account of the passage of time, but only very indirectly."

NY Times Magazine indirectly mentions CHESS sponsored research

The February 10, 2010 NY Times Magazine article "Do-It-Yourself Genetic Engineering" indirectly mentions Dr. Doug Densmore's International Genetically Engineered Machine competition (iGEM) Berkeley iGEM Software Team. The article states:

"Across the bay from City College, a University of California, Berkeley iGEM team was building a piece of computer software that allowed it to design genetic parts by dragging and dropping DNA sequences together on the screen. Then, with the click of a button, the software fed instructions to a liquid-handling robot in their lab that executed various reactions and assembled each genetic part they needed. It was like when you line up songs on iTunes and burn the playlist on a CD. “We’re making way more DNA’s than we ever have before, and we couldn’t have done it without the robot,” the
Berkeley team’s adviser told me. "

The City College instructor, Dirk VandePol, was on the Berkeley wet team in 2008.

Nonprofit for collecting info on SCADA & PCS security incidents

The Risks Digest has an item that refers to Stephanie Neil's article in "Managing Automation", 12 Sep 2009 that discusses the http://www.securityincidents.org, "a newly formed non-profit group that provides public access to its Repository of Industrial Security Incidents (RISI)". This group is targeted towards SCADA and process control security incidents that occur in many systems, including Cyber-Physical Systems.

Cyber-enabled Discovery and Innovation FY10 Information

The NSF announced: Information for the research community in advance of release of the FY10 solicitation for Cyber-enabled Discovery and Innovation (CDI).

The NSF website says:

It is anticipated that an official solicitation for the FY 2010 CDI competition will be posted in the coming weeks. For the information of the research community, the following statements highlight important items and expected changes from the previous FY 2009 solicitation. This is subject to change until the FY 2010 solicitation is officially approved and posted.

• No Type III: As in FY 2009, there will be no Type III competition in FY 2010.
  
• No pre-proposals: Preliminary proposals will be eliminated – PIs will be asked to submit full proposals only.
  
• Deadlines: Type I and Type II will continue to be independent competitions in FY 2010. The new deadlines will be February 4, 2010, for Type I full proposals and February 5, 2010, for Type II full proposals.
  
• The paragraphs on societal impact of CDI, in the synopsis and description sections, will be expanded to address national grand challenges and presidential initiatives (e.g., see http://www.ostp.gov/galleries/press_release_files/Final%20Signed%20OMB-OSTP%20Memo%20-%20ST%20Priorities.pdf).
  
• The section on virtual organizations will be revised to more strongly emphasize research, in contrast to only building infrastructure.
  

July 23, 2009 DHS Cyber-physical Systems Conference

The Homeland Security Today website has an article, "Workshop Probes Future of Cyber-physical Security" that discusses a July 23 DHS sponsored CPS conference. At that conference, Jeannette Wing (assistant director at the NSF) is quoted as saying “Our lives depend on them [CPS] and our lives will depend on them more and more in the future,” and “How can we build intelligent … and safe digital systems that interact with the physical world?"