Risk Modeling and Cyber Defense Exercise for Critical Infrastructures Security

Abstract: Many critical infrastructures, such as the power grid, are complex cyber physical systems (CPS). Protecting these systems against cyber-attacks is of paramount importance to national security and economic well-being. Risk assessment considering cyber-attacks against critical infrastructures is not well understood due to ever growing, dynamic threat landscape coupled with complex cyber-physical interactions in these systems. In addition, there is a compelling need to create environments in which realistic attack-defense experiments (including risk assessment and risk mitigation) and training exercises can be safely conducted to advance the science and workforce development in this important area of national need. This project has two key goals: (1) the short-term goal is to design, develop, and demonstrate a cyber defense exercise for improving the security of CPS systems in alignment with the NIST/US Ignite Global Cities Team Challenge; and (2) the long-term goal is to explore fundamental models and algorithms for cyber risk assessment and mitigation. The project makes synergistic federation of three existing security testbeds hosted at Iowa State University and the University of Southern California to create a realistic environment for conducting CPS security experimentation and security preparedness and training exercise, like the North American Reliability Corporation (NERC) GridEx. The intellectual merit of the project lies in two key contributions: (i) realistic experimentations on CPS security testbed federation, and (ii) the development of a novel methodology for cyber risk modeling of CPS systems. The broader impacts of the project lie in developing realistic attack-defense scenarios and learning/training modules that enable academic researchers, students, and industry practitioners to systematically understand, analyze, and improve the security and resiliency of critical infrastructures.