Embed Size (px)
Citation preview
Sponsors of Research Projects National Science FoundationNorthrop Grumman CorporationAmerican Electric PowerAlstom Wind PowerBall Aerospace Corporation
Networked Infrastructure SystemsObjectives To develop real-time
capabilities to detect, assess, analyze and mitigate cyber threats
To enhance resilient dynamics in networked systems for natural or man made disasters.
To develop decentralized security for complex systems
Infrastructure Systems Smart Grid Energy Systems Oil and Gas Pipeline
Systems Critical Manufacturing
Systems Intelligent Transportation
Systems Military Systems Communication Systems
Background Information• Protection of critical physical infrastructure from cyber threats
presents different challenges than standard cyber security practices. Conversely, while reliability and fault tolerance are well-developed areas of traditional systems engineering, probabilistic failure models do not suffice to capture the complexity of intelligent adversaries with undetermined capabilities and motives. However, critical physical infrastructure systems offer opportunities for powerful approaches to security, since they include a major physical component that must obey natural laws.
• It is well known that standard cybersecurity practices developed by the information technology (IT) communities are inadequate to the challenges of networked engineering systems, due to real-time performance and uninterrupted service requirements, direct impact on human health and safety, a large base of vulnerable legacy hardware and software, and the culture gap between the engineering and IT communities.
Background Information (continued)
• Referring to the fact that physical systems can be modeled using well-understood physical laws, Department of Homeland Security (DHS) Best Practices state that “The deterministic nature of the engineering systems can greatly improve the granularity of the signatures, because rogue or malicious behavior from an attacker may require actions that would be well beyond expected behavior levels.” The active cyber defense of engineering systems can be enhanced using the power of dynamical models of networked systems.
Information SecurityKey Concepts:(1) The CIA triad (confidentiality, integrity and availability)(2) Risk Management: Risk management is the process of identifying
vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.Vulnerability: is a weakness that could be used to endanger or cause harm to an informational asset.Threat: is anything (manmade or act of nature) that has the potential to cause harm.Impact: is a loss of availability, integrity, and confidentiality, other losses (lost income, loss of life, loss of real property)Mitigation of Risks: Administrative controls, logical controls, Physical controls
7
Differences
IT Security
Highest priority: Confidentiality
Information Assurance Architecture and Design for
Security Access Control Network Security
Infrastructure Security
Highest priority: Real-time performance
Legacy Systems High Availability Dynamic deployment and
control of sensors Ability to detect attacks and
provide attribution based on physical models
Threats Against Cyber Physical Systems
Denial of service (DoS) attacks
Attacks against open ports and services
Attempt to change device settings
Attempt to inject malicious data
Attempt to change control settings
Attempt to place a man-in-the-middle(MITM) between
physical systems.
9
Cyber Security of Critical Infrastructures
• Assessment and monitoring of risk• Development and integration of protective
measures• Detection of intrusion and implementation of
response strategies• Enhancement of security methods
Intro-Efforts for securing SCADA systems
• IT perspective: “Obscurity Principle”.
• Control Engineering perspective:“reliability” .
• Very few researchers have investigated how
malicious attacks affect the estimation and
control algorithms, and ultimately, how
attacks affect the physical world
Smart Grid Energy Systems
• Integration of ‘Electrical Infrastructure’ with ‘Intelligence Infrastructure’
• Smart Sensors, Protective Relays and Control Devices
• On-Line Equipment Monitoring• Communications Infrastructure• New Operating Models and Algorithms• Real-Time Simulation and Contingency Analysis• Improved Operator Visualization Techniques• Interconnection Codes and Standards• Cyber Security
Smart Grid Energy Systems Enables Active Consumer Participation Accommodates all Generation and Storage
Options Enables New Products, Services, and Markets Provides Power Quality for the Digital Economy Optimize Asset Utilization and Operates
Efficiently Anticipates and Responds to System
Disturbances (Self-heals) Operates Resiliently Against Attack and Natural
Disaster
Reference: Salvatore, et al., Presentation on “Security analysis of a commercial synchrophasor device, May, 30-31,2011”
Intrusion Detection MethodsAnomaly detection:
Statistical models (Discrete Wavelet Transform)
Machine learning and data mining techniques
Specification-based methods
Information-theoretic measures
Misuse detection:
Rule-based language
Abstraction-based intrusion detection
State transition analysis tool kit
Colored Petri automata
15
Types of Stealth Attacks
Game-Theoretic approaches for addressing following stealth attacks:
• Surge Attacks• Bias Attacks• Geometric Attacks
TTU Real Time Simulator
State Estimation Techniques
• Facilitate accurate and monitoring of operational quantities in dynamical systems.
• Provide a real time data base of the system and will provide information to analyze contingencies and determine required corrective actions.
• Broadens the capabilities of SCADA control systems.
• Emphasis on Cyber Physical Systems• Importance of Secure Critical Infrastructure Systems• Multidisciplinary Research Approaches• Real Time Detection Methods• Complex Systems and Big Data (Data Analytics)• Significant Shortage of Professionals• Academic Programs• Development of Test Beds• Next Big Thing!! [Internet of Things]• THANKS for YOUR ATTENTION
19
Conclusions
