Fixing the Impossible
24/7 (202) 973-1300   

What is Project Gryphon-X? And Why Is It So Cool (if it’s true)?

Share on facebook
Share on twitter
Share on linkedin

A very recent white paper came out by the Institute for Critical Infrastructure Technology (ICIT) called, “America Is Under Siege: Now is the Time for NASA to Unleash Gryphon-X.” It was written by a Fellow at the ICIT, along with a Visiting Scholar from Carnegie University. Both writers seem to have significant pedigrees and have experience writing other papers on cybersecurity attacks. To be clear, this white paper details an unfunded critical infrastructure project of epic proportions: a one stop-shopping network for the cybersecurity needs of NASA to protect its critical infrastructure. To repeat, the project is unfunded, and given recent legislative efforts in the cybersecurity realm, may never be funded.

But what if it were to be funded? The white paper describes one single location for a “Cybersecurity Fusion and Training Center” facilitated and managed by the Ames Research Center in Silicon Valley, California.  The facility would, in one giant breath, “manage security risk across NASA™’s critical infrastructure and to improve the resiliency of its network…and to provide a collaborative environment that focuses on the security, stability, and performance of the critical infrastructure and cyber-physical systems upon which the federal government, private organizations, academic institutions, and military agencies depend.” The center would focus on the continuous monitoring of critical infrastructure of these organizations and would help aggregate threat information in a way that allows incident responders to almost instantaneously respond to incursions and, hopefully, defend such infrastructure from attacks before the damage is done.

On a standalone basis, the private sector has developed cybersecurity automation and orchestration tools to help “single” company networks, with the help of cyber threat intelligence feeds, defend themselves from cyber incursions and hopefully break the cyber kill chain before it “kills” the company being attacked. The technology is new but it does, and can, work. We suspect in some cases government regulators will in fact mandate its use in many cases where critical infrastructure is involved. 

To our knowledge this concept has never been used over multiple independent networks, involving multiple facilities housing critical infrastructure crossing a wide swath of territory.But technically speaking, Project Gryphon might be achievable and certainly when and where aging critical infrastructure is involved, might be a welcome blessing to all.

Paul Ferrillo is counsel in Weil, Gotshal & Manges’ Litigation Department.

More Posts

Real People Histiry

The Real People of History

“Lather was thirty years old today.They took away all of his toys.His mother sent newspaper clippings to him,About his old friends who’d stopped being boys.”

Richard Levick on PRWeek

Richard Levick joins PRWeek for their weekly podcast to discuss the latest PR trends, recent crises and what it’s like working with foreign governments during

The Middle Road

“I was lyin’ with my mess-mates on the cold and rocky ground When across the lines of battle came a most peculiar sound Says I

A Gift for the New Year

Celebrate the new year by watching this TED talk on finding happiness through gratitude. Want to be Happy? Be Grateful The one thing all humans