cybersecurity assurance for critical infrastructure
play

Cybersecurity Assurance for Critical Infrastructure Jason Jaskolka - PowerPoint PPT Presentation

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Cybersecurity Assurance for Critical Infrastructure Jason Jaskolka Collaborator: John Villasenor Center for International Security and Cooperation


  1. Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Cybersecurity Assurance for Critical Infrastructure Jason Jaskolka Collaborator: John Villasenor Center for International Security and Cooperation Stanford University, Stanford, CA 94305 jaskolka@stanford.edu May 11, 2017 Jason Jaskolka SCC 2017 1 / 33

  2. Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Acknowledgement & Disclaimer Acknowledgement This material is based upon work supported by the U.S. Department of Homeland Security under Grant Award Number, 2015-ST-061-CIRC01. Disclaimer The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland Security. Jason Jaskolka SCC 2017 2 / 33

  3. Introduction Research Problem Critical Infrastructure Methodological Elements Project Overview Impact & Value Cybersecurity Challenges in Critical Infrastructure Systems Concluding Remarks Critical Infrastructure Jason Jaskolka SCC 2017 3 / 33

  4. Introduction Research Problem Critical Infrastructure Methodological Elements Project Overview Impact & Value Cybersecurity Challenges in Critical Infrastructure Systems Concluding Remarks Project Overview Cybersecurity Assurance for Critical Infrastructure Focus on the challenges posed by cyber-attacks against critical infrastructures Aims to design and develop critical infrastructure cybersecurity assessment methodologies and associated modelling and simulation environments Enable community to much more effectively: Identify systemic cybersecurity vulnerabilities 1 Preemptively mitigate at least some of those vulnerabilities 2 Quickly and effectively respond to attacks that might exploit the 3 subset of those vulnerabilities Jason Jaskolka SCC 2017 4 / 33

  5. Introduction Research Problem Critical Infrastructure Methodological Elements Project Overview Impact & Value Cybersecurity Challenges in Critical Infrastructure Systems Concluding Remarks Operational Need Significant progress has been made in quality assurance for software and components used to build critical infrastructure systems Much less attention and progress in making the systems robust against intentionally compromised hardware and/or software Specifically designed to remain undetected in tests formulated to detect accidental design flaws Often only visible, or known, after a system experiences some kind of compromise or failure Cyber-attacks launched using built-in hardware and/or software vulnerabilities could have a devastating impact Jason Jaskolka SCC 2017 5 / 33

  6. Introduction Research Problem Critical Infrastructure Methodological Elements Project Overview Impact & Value Cybersecurity Challenges in Critical Infrastructure Systems Concluding Remarks Cybersecurity Challenges in Critical Infrastructure Systems Ubiquitous and pervasive Large, complex, and rapidly growing Mix of legacy systems and new technologies Numerous components or agents and even more interactions, some of which may be: Unfamiliar, unplanned, or unexpected Not visible or not immediately comprehensible Software/Hardware from third-party suppliers Cyber-attackers are far more sophisticated and have access to far more powerful tools than in the past Jason Jaskolka SCC 2017 6 / 33

  7. Introduction Research Problem Critical Infrastructure Methodological Elements Project Overview Impact & Value Cybersecurity Challenges in Critical Infrastructure Systems Concluding Remarks Cybersecurity Challenges in Critical Infrastructure Systems Ubiquitous and pervasive Large, complex, and rapidly growing Mix of legacy systems and new technologies Numerous components or agents and even more interactions, some of which may be: Unfamiliar, unplanned, or unexpected � Implicit Not visible or not immediately comprehensible Interactions Software/Hardware from third-party suppliers Cyber-attackers are far more sophisticated and have access to far more powerful tools than in the past Jason Jaskolka SCC 2017 6 / 33

  8. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Implicit Component Interactions 2015 Jeep Cherokee Hack Jason Jaskolka SCC 2017 7 / 33

  9. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Research Problem Assuring safety, security, and reliability of critical infrastructure systems is becoming a top priority Shortcomings in development of formal methods and tools for determining whether such systems are protected from cyber-threats [Bennett 2015] Ability to detect undesirable interactions among system components is needed [Jackson and Ferris 2012] Research Challenge Develop a rigorous (formal methods-based) approach to better understand, identify, analyze, and mitigate implicit component interactions in critical infrastructure systems. Jason Jaskolka SCC 2017 8 / 33

  10. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Why Formal Methods? According to the DHS Cybersecurity Research Roadmap [DHS 2009] Jason Jaskolka SCC 2017 9 / 33

  11. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Why Formal Methods? According to the DHS Cybersecurity Research Roadmap [DHS 2009] “ Formal verification and other analytic tools that can scale will be critical to building systems with significantly higher assurance than today’s systems.” Jason Jaskolka SCC 2017 9 / 33

  12. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Why Formal Methods? According to the DHS Cybersecurity Research Roadmap [DHS 2009] “ Formal verification and other analytic tools that can scale will be critical to building systems with significantly higher assurance than today’s systems.” “In particular, theories are needed to support analytic tools that can facilitate the prediction of trustworthiness , inclusion modelling, simulation, and formal methods .” Jason Jaskolka SCC 2017 9 / 33

  13. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Why Formal Methods? According to the DHS Cybersecurity Research Roadmap [DHS 2009] “ Formal verification and other analytic tools that can scale will be critical to building systems with significantly higher assurance than today’s systems.” “In particular, theories are needed to support analytic tools that can facilitate the prediction of trustworthiness , inclusion modelling, simulation, and formal methods .” “The potential utility of formal methods has increased significantly in the past four decades and needs to be considered whenever it can be demonstrably effective .” Jason Jaskolka SCC 2017 9 / 33

  14. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Proposed Approach for Solving the Problem Research Goal Develop methodologies to better understand how and why implicit component interactions can exist in critical infrastructure systems. Model critical infrastructure systems using a mathematical 1 framework Formulate and identify the existence of implicit component 2 interactions Analyze existing implicit component interactions 3 Mitigate the existence of and/or minimize the threat posed by 4 implicit component interactions Jason Jaskolka SCC 2017 10 / 33

  15. Introduction Illustrative Example: Manufacturing Cell Modeling using C 2 KA Research Problem Methodological Elements Formulating and Identifying Implicit Interactions Impact & Value Analyzing Implicit Interactions Concluding Remarks Mitigating Implicit Interactions Illustrative Example: Manufacturing Cell Jason Jaskolka SCC 2017 11 / 33

  16. Introduction Illustrative Example: Manufacturing Cell Modeling using C 2 KA Research Problem Methodological Elements Formulating and Identifying Implicit Interactions Impact & Value Analyzing Implicit Interactions Concluding Remarks Mitigating Implicit Interactions Illustrative Example: Manufacturing Cell Jason Jaskolka SCC 2017 11 / 33

  17. Introduction Illustrative Example: Manufacturing Cell Modeling using C 2 KA Research Problem Methodological Elements Formulating and Identifying Implicit Interactions Impact & Value Analyzing Implicit Interactions Concluding Remarks Mitigating Implicit Interactions Illustrative Example: Manufacturing Cell Control/Coordination Agent Storage Handling Agent Processing Agent Agent Jason Jaskolka SCC 2017 11 / 33

Recommend


More recommend