 Hi, my name is Chris Assie. I'm the director of the Georgia Cyber Range at the Georgia Cyber Center in Augusta, Georgia. Today I'm going to talk about operational technology and OpenStack. And why I believe that OpenStack is the perfect operational technologies through the research platform. The first question we have to ask is, what actually is operational technology? In a nutshell, it's planes, trains, and automobiles. So when you think about OT, I want you to think about everything that isn't IT. So it's not your computer. It's not your laptop. It's not a server. It's not your web app. It's not routers. It's not switches. It's all the other things that make life possible. Now I mentioned I work at the Georgia Cyber Center. So in the state of Georgia, we actually have the Port of Savannah, which is the third busiest airport in the United States, and then Hartfield Traction Airport, which is the busiest airport in the world. But those in mind, it's really important to the state of Georgia to really understand what OT is and how it can make it more secure. So a core feature of OT is that it's generally not using the X86 on micro architecture. It's using Spark, eTracks, Chris, NIPPS, PowerPC, ARM in some cases, basically everything that isn't X86. The challenge is, for researchers, that as we look at these systems, most of the IT in the world is focused on X86 architecture. And so, emulating an OT system is really, really difficult. The only thing out there that can do it is Kimu, and Kimu can be really slow. And if you want to do it in a big manner, it's almost impossible. So now that I'm going to kind of know what OT is, let's talk about why we should care about it. So a little bit of psychology lesson here for you. What you're looking at right now is called Maslow's Hierarchy of Means. What it basically means is that in order for humans to be fulfilled, they have to meet each individual need in this platform. There's five levels. There's a physiological level, safety, love and belonging, esteem and self-actualization. The lower levels have to be satisfied before the upper levels can be satisfied. So you need to have your physiological needs met before your safety means met, and so on and so forth. When we say physiological needs, we're really talking about food, water, warmth. The kind of things that humans need to physically function on a data-based basis. So we've talked about safety, which is electricity, freedom from harm, place to sleep at night, et cetera, et cetera, et cetera. And so we think about kind of the dichotomy between IT and OT. OT is really focused on those bottom two layers, whereas IT is focused on that top three layers. So your distribution chain that gets you power in your house, that's clearly OT and partly physiological and safety layers. Whereas your email and things like Teams and Netflix and web apps, those are all part of the upper layers. And while those are conveniences in modern and modern life, they don't really matter too much. If you think about your email, which is kind of the upper layer of level and belonging section where you can talk to other people, if your email goes down, does it really matter? At the end of the day, no one's going to die probably if August 365 goes out, but some people might actually die if the power goes out or your heater doesn't work or roads don't function or there's no food in the supermarket, right? And so with that in mind, understanding that OT makes society function is critically important. On the other hand, OT is notoriously poorly defended. And so we have to take that into account. So now that we know what OT is and why it matters to us, what can we do about it, right? We know that it's very poorly secured for various reasons. So to fix this, we're going to do a couple of things. One is we're going to make it easier for researchers to investigate these type of systems. By doing that, we're going to take three specific actions. One is improve multi-hertz support and open-stack to include per-emulation. When I say that, I mean, you shouldn't have to have actual physical hardware of a certain architecture in order to run a workload on it. Can you support pure emulation modes? You can run a PowerPC guest on the next of these six hosts with a performance penalty, but it can still function. Open-stack should absolutely take advantage of functionality in order to make that more accessible to the researcher. Two, we're going to add support for other protocols to Neutron. So Neutron, obviously, focuses on just normal TCPIP, but we wanted to be able to do things like use Modbus and SCB and all these other protocols that make OT function because we want to be able to fully emulate these systems inside of Open-stack. Third is we're going to write Cyborg drivers. Lots of these systems have hardware components and Cyborg is the perfect mechanism to connect these hardware components to an Open-stack cloud for researchers to poke at. The second thing we're going to do is encourage manufacturers to be more open. OT manufacturers are notoriously cagey and they're unwilling to share their IP. They are unwilling to let researchers poke at their stuff and they just generally don't want to play along with the security community and for generally good reason. The reality is that we need them to be more open for systems to become more secure. And so we're going to do this via having a bug that encroaches, which we'll get into a little bit more about later. Thirdly, we're going to connect researchers to manufacturers, right? So assuming we can get these manufacturers to be more open, we're going to actually have security researchers look at their products in our control Open-stack cloud with all these extra features that I just talked about inside of it. So that way researchers can determine whether or not OT is vulnerable and fix it accordingly. What are our current efforts? We've recently got a grant from the RB Cyber Institute to make three specific improvements inside Open-stack, hopefully for the Wallaby cycle. One, we're going to allow Nova to schedule emulated workloads when KBM extensions aren't available for certain micro-architectures. Two, we're going to make sure that Liver correctly understands requests when guest architecture doesn't equate to host architecture. And third, we're going to make adjustments in placement to ensure that if there is KBM acceleration available as well as un-accelerated pure emulation available, that chooses the correct one depending on the user actually wants. Also I mentioned briefly, it's our bug-banning program. Hopefully within about six months, we're going to have a formal program where manufacturers can host and provide copies of firmware, software, and hardware on our control Open-stack cloud and researchers can log into that cloud and poke at this hardware to look for bugs. If they find a bug, they can sell a bug to the manufacturer after which the manufacturer can patch that system as appropriate. And the future, something that we really notice is that there's a distinct lack of OT security researchers for various reasons but really want to get after that problem. So we're going to start publishing curriculum focused on getting people into OT security research. Namely, we're going to help people with understanding how to reverse engineer arm binaries and TPC binaries and MIPS binaries. We're going to make them understand how to reverse engineer undocumented networking protocols. All that kind of stuff that'll make people more effective in this space. Also, we're going to make more contributions to Open-stack. So those things I mentioned earlier are just kind of the beginning what I think is a really critical period of growth for Open-stack in this particular space. We have lots more ideas. We just need more time to implement them. And finally, we're hiring. Any of this stuff that I mentioned to you today sounds interesting to you. Please send me an email. My address is right on the screen. Again, my name is Chris Apsey, Director of the Georgia Cyber Range in Augusta, Georgia. And thank you for listening.