Visible to the public Cyber Threat Analysis Framework for the Wind Energy Based Power System

Wind energy is one of the major sources of renewable energy. Countries around the world are increasingly deploying large wind farms that can generate a significant amount of clean energy. A wind farm consists of many turbines, often spread across a large geographical area. Modern wind turbines are equipped with meteorological sensors. The wind farm control center monitors the turbine sensors and adjusts the power generation parameters for optimal power production.


Visible to the public Impact of Stealthy Attacks on Optimal Power Flow: A Simulink-Driven Formal Analysis

Optimal Power Flow (OPF) is a crucial part of the Energy Management System (EMS) as it determines individual generator outputs that minimize generation cost while satisfying transmission, generation, and system level operating constraints. OPF relies on a core EMS routine, namely state estimation, which computes system states, principally bus voltages/phase angles at the buses. However, state estimation is vulnerable to false data injection attacks in which an adversary can alter certain measurements to corrupt the estimators solution without being detected.


Visible to the public OODA Loops in Cyberspace: A New Cyber-Defense Model

Colonel John Boyd's Observe/Orient/Decide/Act Loop ("OODA loop") is a widely adopted decision-making analytical framework.

We combine the OODA loop with the NSA Methodology for Adversary Obstruction to create a new cyber-defense model.


Visible to the public Improving Cybersecurity Through Human Systems Integration 29 June 2016

Advanced Persistent Threat (APT) attackers accomplish their attack objectives by co-opting users' credentials. Traditional cyber defenses leave users vulnerable to APT attacks which employ spearphishing. The success of spearphishing attacks is not a data processing failure, but is the result of defenders failing to apply the principles of Human System Integration to the problem of spearphishing. We discuss an alternative defensive strategy which addresses human performance capabilities and limitations to disrupt spearphishing attacks.


Visible to the public Credible Autocoding and Verification of Embedded Software (CrAVES)


The CrAVES project seeks to lay down intellectual foundations for credible autocoding of embedded systems, by which model-level control system specifications that satisfy given open-loop and closed-loop properties are automatically transformed into source code guaranteed to satisfy the same properties. The goal is that the correctness of these codes can be easily and independently verified by dedicated proof checking systems.