Pursuing scientific understanding of complex, distributed cyber systems
Introduction
Despite the criticality of cyber systems to national and global stability, cyber defenders lack the rigorous scientific techniques needed to make high-consequence decisions with confidence. The Emulytics™ team at Sandia National Laboratories is focused on using cyber emulation, mathematical modeling, and data analysis methodologies to produce quantitative knowledge about these critical systems, enabling substantiated risk assessment and mitigation strategies.
The term “Emulytics” was coined by practitioners to capture the intent of these efforts – a holistic approach to cyber emulation and analytics.
Transforming Cyber Experimentation
Emulytics™ experiments have provided safe, isolated environments to study and test networked information systems and train cyber staff for nearly two decades. Our tools and methodologies support analysis for a wide range of systems including enterprise, industrial control, Internet of Things, mobile networks, and other bespoke national security systems. Emulytics™ environments are highly scalable and can be deployed on a system as small as a laptop or on clusters with hundreds of high performance servers.
In recent years, Sandia has begun applying its long history of expertise in mathematical modeling and data science to Emulytics™. Using novel combinations of virtualization, simulation, physical test beds, uncertainty quantification, and stochastic methods, our researchers are discovering more robust ways to apply the scientific method to cyber and design rapid, reliable, and repeatable experiments.
Applications
Sandia’s Emulytics™ experts orchestrate experiments to enable solutions across several application areas:
Performance Analysis
Test the security or resilience of a system of interest without having to impact actual operations.
Development Test Beds
Rapidly compare and test system design alternatives using virtualized proofs of concept.
Exercise & Training Support
Create cyber training environments designed to prepare staff to meet specific mission needs.
Deception Networks
Virtualize key components of networks to provide dynamic and/or moving target defense.
Defense Optimization
Explore how defensive tactics, techniques, and procedures perform in a wide variety of circumstances, configurations, and environments.
Risk & Consequence Studies
Run controlled experiments that reveal complex system behavior and its cascading effects under rare or malicious circumstances.
Software Tools
Emulytics™ aggregates a variety of tools developed by Sandia to support the workflows needed for rigorous cyber experimentation. Follow the links for open-source versions (excl. Firewheel).
minimega
minimega is a tool for launching and managing virtual machines. It can run on your laptop or distributed across a cluster. minimega is fast, easy to deploy, and can scale to run on massive clusters with virtually no setup.
More information: http://minimega.org/
SCEPTRE
SCEPTRE provides a comprehensive ICS/SCADA modeling and simulation capability that captures the cyber-physical impacts of targeted cyber events on critical infrastructure and control systems. Open source packages can be found on Sandia’s github.
Firewheel
Firewheel is a cyber experiment design and control platform that provides infrastructure to test large-scale, realistic, and complex network topologies and rapidly run experiments under a variety of of parameters.
More information: Firewheel Factsheet
Dakota
Dakota delivers both state-of-the-art research and robust, usable software for optimization and UQ. Broadly, the Dakota software’s advanced parametric analyses enable design exploration, model calibration, risk analysis, and quantification of margins and uncertainty with computational models.
More information: https://dakota.sandia.gov/
Pyomo
Pyomo is a Python-based open-source software package that supports a diverse set of optimization capabilities for formulating, solving, and analyzing optimization models.
More information: http://www.pyomo.org/