The integration of computing, networking, mobile devices, and “BYOD” introduces new attack vectors as well as huge opportunities for improved operations and management of critical infrastructure. This includes the energy and chemical sectors and advanced manufacturing. Research and development in this area focuses on understanding the threat landscape, emerging zero-day threats, a better design and protection of complex data center and computer-network-operations infrastructure, including active defense, digital forensics, machine-learning and data-analysis-based threat detection.
The smart grid is all about saving energy, flexibility, and the integration of multiple sources of renewable and fossil energy production with local systems and individual energy use and conservation. The complexity of the smart grid introduces potential cyber threats as it offers new and better ways to provide resilient, efficient energy supply to consumers, industry and government. Smart grid research and development addresses design, implementation, optimization, and resilient operation of such infrastructures under normal operation, and under threats arising from cyber threats, routine failures and natural disasters.
The McCrary Institute carries state-of-the-art, peer-reviewed research and outreach toward advancing responsible natural resource development and conservation. Our focus will be on conservation and management of forested landscapes and wildlife habitat for socioeconomic and environmental benefits. Given the economic importance of wildlife in Alabama and elsewhere, it is critical we gain the capability to maintain populations as habitats are threatened by urban expansion and shifts in climate. Similarly, rural economies and community well-being are often dependent on forest resources for income, health and water protection and recreation. These services are jeopardized by the same factors that threaten wildlife habitat but must be sustained to ensure the highest possible living standard in rural areas.
It is far better to design systems for resilience than to bolt it on later. Secure systems engineering conflates with hardware and software engineering with the added concerns of cyber security throughout the life cycle, as well as the engineering approaches used to create, deploy and maintain such systems with assurance. Research and development includes understanding the ability to design systems that have measurable degrees of operational readiness and can perform limited tasks correctly even when partially compromised.
Building on secure system engineering foundations, research in tactical systems cyber security considers the architecture, design and re-architecture of defense systems to include cyber security concerns, as well as life cycle management of the supply chain and the overall bill of materials (components) including hardware and software comprising such tactical systems. In addition, operational readiness in the face of persistent and endemic threats and partial compromise are key research themes.
People are part of all cyber-related systems and organizations. They comprise a majority of the threats within organizations. The design of organizational approaches to cyber security cannot ignore the human element. The research and development in this area focuses on building systems, processes, human interactions, motivations and strategies that lead to organizations that are resilient to many kind of human-related attacks including, but not limited to, social engineering.
Industrial control systems, Internet of Things devices and their convergence in the industrial Internet of Things is a major transformation ongoing in society, industry and government. The integration of cloud computing with “IoT devices,” smart phones, and wearables is changing the landscape of information technology. Understanding how to architect, manage, control and secure such systems is the principle research and development focus of this area, with emphasis on forensics, continuous monitoring, scalability and co-design of such systems in the face of faults and cyber threats.