Cyberattacks against industrial control systems have increased over the last decade, making it more critical than ever for system owners to have the tools necessary to understand the cyber resilience of their systems. However, existing tools are often qualitative, subject matter expertise-driven, or highly generic, making thorough, data-driven cyber resilience analysis challenging. The ADROC project proposed to develop a platform to enable efficient, repeatable, data-driven cyber resilience analysis for cyber-physical systems. The approach consists of two phases of modeling: computationally efficient math modeling and high-fidelity emulations. The first phase allows for scenarios of low concern to be quickly filtered out, conserving resources available for analysis. The second phase supports more detailed scenario analysis, which is more predictive of real-world systems. Data extracted from experiments is used to calculate cyber resilience metrics. ADROC then ranks scenarios based on these metrics, enabling prioritization of system resources to improve cyber resilience.
Virtual machine emulation environments provide ideal testbeds for cybersecurity evaluations because they run real software binaries in a scalable, offline test setting that is suitable for assessing the impacts of software security flaws on the system. Verification of such emulations determines whether the environment is working as intended. Verification can focus on various aspects such as timing realism, traffic realism, and resource realism. In this paper, we study resource realism and issues associated with virtual machine resource utilization. We examine telemetry metrics gathered from a series of structured experiments which involve large numbers of parallel emulations meant to oversubscribe resources at some point. We present an approach to use telemetry metrics for emulation verification, and we demonstrate this approach on two cyber scenarios. Descriptions of the experimental configurations are provided along with a detailed discussion of statistical tests used to compare telemetry metrics. Results demonstrate the potential for a structured experimental framework, combined with statistical analysis of telemetry metrics, to support emulation verification. We conclude with comments on generalizability and potential future work.
Recent high profile cyber attacks on critical infrastructures have raised awareness about the severe and widespread impacts that these attacks can have on everyday life. This awareness has spurred research into making industrial control systems and other cyber-physical systems more resilient. A plethora of cyber resilience metrics and frameworks have been proposed for cyber resilience assessments, but these approaches typically assume that data required to populate the metrics is readily available, an assumption that is frequently not valid. This paper describes a new cyber experimentation platform that can be used to generate relevant data and to calculate resilience metrics that quantify how resilient specified industrial control systems are to specified threats. Demonstration of the platform and analysis process are illustrated through a use case involving the control system for a pressurized water reactor.
Recent high profile cyber attacks on critical infrastructures have raised awareness about the severe and widespread impacts that these attacks can have on everyday life. This awareness has spurred research into making industrial control systems and other cyber-physical systems more resilient. A plethora of cyber resilience metrics and frameworks have been proposed for cyber resilience assessments, but these approaches typically assume that data required to populate the metrics is readily available, an assumption that is frequently not valid. This paper describes a new cyber experimentation platform that can be used to generate relevant data and to calculate resilience metrics that quantify how resilient specified industrial control systems are to specified threats. Demonstration of the platform and analysis process are illustrated through a use case involving the control system for a pressurized water reactor.
This report summarizes the activities performed as part of the Science and Engineering of Cybersecurity by Uncertainty quantification and Rigorous Experimentation (SECURE) Grand Challenge LDRD project. We provide an overview of the research done in this project, including work on cyber emulation, uncertainty quantification, and optimization. We present examples of integrated analyses performed on two case studies: a network scanning/detection study and a malware command and control study. We highlight the importance of experimental workflows and list references of papers and presentations developed under this project. We outline lessons learned and suggestions for future work.
Concerns about cyber threats to space systems are increasing. Researchers are developing intrusion detection and protection systems to mitigate these threats, but sparsity of cyber threat data poses a significant challenge to these efforts. Development of credible threat data sets are needed to overcome this challenge. This paper describes the extension/development of three data generation algorithms (generative adversarial networks, variational auto-encoders, and generative algorithm for multi-variate timeseries) to generate cyber threat data for space systems. The algorithms are applied to a use case that leverages the NASA Operational Simulation for Small Satellites (NOS$^{3})$ platform. Qualitative and quantitative measures are applied to evaluate the generated data. Strengths and weaknesses of each algorithm are presented, and suggested improvements are provided. For this use case, generative algorithm for multi-variate timeseries performed best according to both qualitative and quantitative measures.
Concerns about cyber threats to space systems are increasing. Researchers are developing intrusion detection and protection systems to mitigate these threats, but sparsity of cyber threat data poses a significant challenge to these efforts. Development of credible threat data sets are needed to overcome this challenge. This paper describes the extension/development of three data generation algorithms (generative adversarial networks, variational auto-encoders, and generative algorithm for multi-variate timeseries) to generate cyber threat data for space systems. The algorithms are applied to a use case that leverages the NASA Operational Simulation for Small Satellites (NOS$^{3})$ platform. Qualitative and quantitative measures are applied to evaluate the generated data. Strengths and weaknesses of each algorithm are presented, and suggested improvements are provided. For this use case, generative algorithm for multi-variate timeseries performed best according to both qualitative and quantitative measures.
Aging plants, efficiency goals, and safety needs are driving increased digitalization in nuclear power plants (NPP). Security has always been a key design consideration for NPP architectures, but increased digitalization and the emergence of malware such as Stuxnet, CRASHOVERRIDE, and TRITON that specifically target industrial control systems have heightened concerns about the susceptibility of NPPs to cyber attacks. The cyber security community has come to realize the impossibility of guaranteeing the security of these plants with 100% certainty, so demand for including resilience in NPP architectures is increasing. Whereas cyber security design features often focus on preventing access by cyber threats and ensuring confidentiality, integrity, and availability (CIA) of control systems, cyber resilience design features complement security features by limiting damage, enabling continued operations, and facilitating a rapid recovery from the attack in the event control systems are compromised. This paper introduces the REsilience VeRification UNit (RevRun) toolset, a software platform that was prototyped to support cyber resilience analysis of NPP architectures. Researchers at Sandia National Laboratories have recently developed models of NPP control and SCADA systems using the SCEPTRE platform. SCEPTRE integrates simulation, virtual hardware, software, and actual hardware to model the operation of cyber-physical systems. RevRun can be used to extract data from SCEPTRE experiments and to process that data to produce quantitative resilience metrics of the NPP architecture modeled in SCEPTRE. This paper details how RevRun calculates these metrics in a customizable, repeatable, and automated fashion that limits the burden placed upon the analyst. This paper describes RevRun's application and use in the context of a hypothetical attack on an NPP control system. The use case specifies the control system and a series of attacks and explores the resilience of the system to the attacks. The use case further shows how to configure RevRun to run experiments, how resilience metrics are calculated, and how the resilience metrics and RevRun tool can be used to conduct the related resilience analysis.