94    Artificial Intelligence for the Internet of Everything


          by industry taking a strong position in calling upon the education system to
          provide such programs, including providing financial support for the devel-
          opment of new integrated programs, student internships, and professional-
          education programs that support their current workforce. Similar to the
          issues discussed earlier, it will take strong industry leadership to support such
          programs without prior data providing evidence that cyber attacks on phys-
          ical systems are occurring.
             A similar situation faces the policy-making community. As part of struc-
          turing resilience-related prototyping efforts, researchers have to address
          project-specific safety issues associated with conducting experiments. This
          requirement calls for interactions with a variety of policy organizations. Based
          on such interactions it became clear to the author that the imagination of pol-
          icy makers with regards to what cyber attacks could potentially accomplish far
          exceeded reality. Furthermore, discussions surrounding particular cyber
          attacks and their consequences, as well as the solutions to be evaluated, made
          it clear that the requisite technology-related knowledge became an issue in
          deriving safety controls. Interestingly, in some cases, the policy outcomes
          could have been unnecessarily conservative and in others, not conservative
          enough. Another important finding was that the policy community found that
          the security community was greatly steeped in specialized technical jargon,
          providing a barrier to beneficial discussions regarding solutions and policies.
             Of course, addressing this particular issue would require an education
          element for both policy makers and cyber-security engineers who engage
          in policy matters.
             Perhaps a side issue, but one that could greatly influence matters, is that
          the demonstrations of cyber attacks on physical systems and their impacts can
          be interpreted as a consequence of the manufacturers or industrial users of
          those physical systems not being sufficiently sensitive to cyber security/
          safety-related outcomes in their products and system designs. As a result,
          in carrying out projects, the issue arises regarding reporting on the cyberse-
          curity risks of current systems and the undue reputation impact it could have
          on the companies whose systems are being used for experimentation. It is
          not generally understood that the risks are emergent and that the nature
          of these findings would be expected across all current software-controlled
          physical systems that have safety-related outcome potentials. A need exists
          to address this topic, including defining professional behavior for engineers
          regarding reporting on the results of their work involving current commer-
          cial systems and cyber attacks, and its relationship to the related companies’
          reputations.