Most critical infrastructures have evolved into complex systems comprising large numbers of interacting elements. These interactions result in the spread of disruptions, such as delays, from one part of the system to another, and even from one infrastructure to another. Effective tools for the analysis and control of real-world infrastructures need to account for the underlying dynamics. The key insight in this research is that by learning data-driven models of infrastructure networks, and using these models to determine dynamics-aware recovery algorithms, we can greatly improve the resilience of critical infrastructure networks. We propose to address these challenges by: 1. Learning and validating scalable representations of real systems from data. By considering continuous states, and by modeling the time-varying nature of connectivity as switching between network topologies, we propose to obtain a class of switched linear system models. Multilayer network models will be developed to account for airline networks, and multimodal systems. 2. Characterizing resilience, both for the system as a whole, and in terms of individual nodes (e.g., susceptibility to network delays). The metrics to evaluate resilience will encompass both steady-state and transient behavior. 3. Using the identified models to design optimal control algorithms that can enable recovery from disruptions, taking into account network dynamics, the uncertainty in operating environments, and the costs of decisions to restore service at various levels, at various times. The results of the research will be validated using operational data, thereby yielding a set of tools for system diagnostics, analysis, and recovery. Improving and maintaining critical infrastructures are among the grand challenges identified by the National Academy of Engineering. The proposed research will develop techniques grounded in network science, machine learning, and systems and control theory in order to effectively design and operate infrastructures. The development of common frameworks and abstractions for these infrastructures will enable the study of their interdependencies. With the rapid growth of intelligent infrastructures, the proposed research will benefit society, and also help attract and train the next generation of engineering professionals.

As evidenced by the recent cyberattacks against Ukrainian power grids, attack strategies have advanced and new malware agents will continue to emerge. The current measures to audit the critical cyber assets of the electric power infrastructure do not provide a quantitative guidance that can be used to address security protection improvement. Investing in cybersecurity protection is often limited to compliance enforcement based on reliability standards. Auditors and investors must understand the implications of hypothetical worst case scenarios due to cyberattacks and how they could affect the power grids. This project aims to establish an actuarial framework for strategizing technological improvements of countermeasures against emerging cyberattacks on wide-area power networks. By establishing an actuarial framework to evaluate and manage cyber risks, this project will promote a self-sustaining ecosystem for the energy infrastructure, which will eventually help to improve overall social welfare. The advances in cyber insurance will stimulate actuarial research in handling extreme cyber events. In addition, the research and practice related to cybersecurity and cyber insurance for the critical energy infrastructure will be promoted by educating the next generation of the workforce and disseminating the research results. The objective of this project is to develop an actuarial framework of risk management for power grid cybersecurity. It involves transformative research on using insurance as a cyber risk management instrument for contemporary power grids. The generation of comprehensive vulnerabilities and reliability-based knowledge from extracted security logs and cyber-induced reliability degradation analysis can enable the establishment of risk portfolios for electric utilities to improve their preparedness in protecting the power infrastructure against cyber threats. The major thrusts of this project are: 1) developing an approach to quantifying cyber risks in power grids and determining how mitigation schemes could affect the cascading consequences to widespread instability; 2) studying comprehensively how hypothesized cyberattack scenarios would impact the grid reliability by performing a probabilistic cyber risk assessment; and 3) using the findings from the first two thrusts to construct actuarial models. Potential cyberattack-induced losses on electric utilities will be assessed, based on which insurance policies will be designed and the associated capital market will be explored.

Cyber-physical systems (CPS) are engineered systems created as networks of interacting physical and computational processes. Most modern products in major industrial sectors, such as automotive, avionics, medical devices, and power systems already are or rapidly becoming CPS driven by new requirements and competitive pressures. However, in recent years, a number of successful cyber attacks against CPS targets, some of which have even caused severe physical damage, have demonstrated that security and resilience of CPS is a very critical problem, and that new methods and technologies are required to build dependable systems. Modern automotive vehicles, for example, employ sensors such as laser range finders and cameras, GPS and inertial measurement units, on-board computing, and network connections all of which contribute to vulnerabilities that can be exploited for deploying attacks with possibly catastrophic consequences. Securing such systems requires that potential points of compromise and vehicle-related data are protected. In order to fulfill the great promise of CPS technologies such as autonomous vehicles and realize the potential technological, economic, and societal impact, it is necessary to develop principles and methods that ensure the development of CPS capable of functioning dependably, safely, and securely. In view of these challenges, the project develops an approach for integration of reconfigurable control software design and moving target defense for CPS. The main idea is to improve CPS security by making the attack surface dynamic and unpredictable while ensuring safe behavior and correct functionality of the overall system. The proposed energy-based control design approach generates multiple alternatives of the software application that are robust to performance variability and uncertainty. A runtime environment is designed to implement instruction set randomization, address space randomization, and data space randomization. The heart of the runtime environment is a configuration manager that can modify the software configuration, either proactively or reactively upon detection of attacks, while preserving the functionality and ensuring stable and safe CPS behavior. By changing the control software on-the-fly, the approach creates a cyber moving target and raises significantly the cost for a successful attack without impacting the essential behavior and functionality. Demonstration and experimental evaluation will be performed using a hardware-in-the-loop simulation testbed for automotive CPS.

Strategic decision-making for physical-world infrastructures is rapidly transitioning toward a pervasively cyber-enabled paradigm, in which human stakeholders and automation leverage the cyber-infrastructure at large (including on-line data sources, cloud computing, and handheld devices). This changing paradigm is leading to tight coupling of the cyber- infrastructure with multiple physical- world infrastructures, including air transportation and electric power systems. These management-coupled cyber- and physical- infrastructures (MCCPIs) are subject to complex threats from natural and sentient adversaries, which can enact complex propagative impacts across networked physical-, cyber-, and human elements. We propose here to develop a modeling framework and tool suite for threat assessment for MCCPIs. The proposed modeling framework for MCCPIs has three aspects: 1) a tractable moment-linear modeling paradigm for the hybrid, stochastic, and multi-layer dynamics of MCCPIs; 2) models for sentient and natural adversaries, that capture their measurement and actuation capabilities in the cyber- and physical- worlds, intelligence, and trust-level; and 3) formal definitions for information security and vulnerability. The attendant tool suite will provide situational awareness of the propagative impacts of threats. Specifically, three functionalities termed Target, Feature, and Defend will be developed, which exploit topological characteristics of an MCCPI to evaluate and mitigate threat impacts. We will then pursue analyses that tie special infrastructure-network features to security/vulnerability. As a central case study, the framework and tools will be used for threat assessment and risk analysis of strategic air traffic management. Three canonical types of threats will be addressed: environmental-to-physical threats, cyber-physical co-threats, and human-in-the-loop threats. This case study will include development and deployment of software decision aids for managing man-made disturbances to the air traffic system. This is a continuing grant of Award # 1544863