Policy Issues Regarding Implementations of Cyber Attack  93


              system (e.g., key stroke monitoring). If, when a change in a waypoint is
              detected on the aircraft, there is no corresponding pilot data input, then a
              cyber attack is a possible cause. In response, the aircraft could transmit infor-
              mation to designated personnel who could then take actions to confirm and
              address the cyber-attack possibility. This example highlights the fact that cer-
              tain attack detections require coordinating information retrieved from mul-
              tiple subsystems at different locations. If one considers air traffic control
              systems, a parallel set of circumstances can occur involving ground-based
              subsystems (e.g., surveillance, communications, navigation, air traffic con-
              troller support systems) and corresponding airborne subsystems. Implemen-
              tation of solutions would require decisions regarding the perceived level of
              risk, solution costs, the allocation of costs to subsystems, and decisions
              regarding the sources for paying for the solutions. Furthermore, for certain
              attacks that can create the same outcomes through different points of inser-
              tion, our technology-focused research efforts have shown that the ease of
              attack on one subsystem can be very different from that of another subsys-
              tem, providing opportunities to address the minimization of total costs when
              dealing with high-priority targets. However, lowering total costs can be
              accompanied by controversial cost-allocation issues, requiring policies that
              manage such situations. As stated earlier, without prior data that provides
              evidence that relevant cyber attacks are actually occurring, it will take very
              strong leadership to address the issues of anticipating safety-related outcomes
              and cost allocation for the implementation of solutions.


              5.2.3 Education of Engineers and Policy-Makers

              The discussions presented above do not address what may be the most crit-
              ical issue in implementing cyber security for physical systems, namely the
              education of both our engineering and policy-making communities. Teams
              that include mechanical, electrical, and system engineers design physical sys-
              tems. Engineering schools do not integrate computer security courses into
              the individual curriculums of these engineering disciplines. As a result, there
              are a very limited number of physical system–design engineers who have the
              requisite knowledge to design systems that better account for cyber-security
              considerations. Furthermore, educators in these areas of engineering have no
              historic basis for engaging in the cyber security–related aspects of their fields.
              As a result, our colleges and universities need to consider this emergent need
              and develop cross-department programs that are responsive to this new,
              important requirement. Development of new programs can be influenced