Flexible Autonomous Cyber-physical Ecosystem for Trusted Security (FACETS)

The FACETS project intends to enhance the monitoring and defense of both legacy and modern power systems through interoperable solutions. It will deliver comprehensive cyber-physical situational awareness (CPSA) across interconnected systems, allowing for a flexible capability that can adapt to emerging needs. FACETS will support grid planning, operation, and response decision-making, thereby improving resilience and security through a defense-in-depth approach. The primary outcome of FACETS is a tool-agnostic and plug-and-play cyber-physical security, operation, automation, and response (SOAR) capability. This system will integrate distributed cyber-physical data, facilitate adaptive detection and response using federated learning, and provide aggregate alerting and visualization for enhanced situational awareness.

The main output of FACETS will be a comprehensive ecosystem that defines necessary capabilities, integration requirements, and secure implementation strategies, along with a cyber-physical integrated security operation center (CP-ISOC) for unified data collection, alerting, and response. The project will leverage various RES-MC capabilities, including:

  1. griDNA: For distributed data collection and CPSA fusion analysis.
  2. OT-GRITY: For detecting cyber host execution integrity compromises.
  3. Hallucinating Canaries (HC): For detecting cyber field device compromises.
  4. HARMONIE-SPS: For adaptive cyber-physical remedial action schemes.
  5. STAHRS: For wide-area measurement-based remedial action schemes.
  6. DRE: For rigorous cyber-physical emulation experimentation.
Image of Picture1

Figure Vision: Integrated Security Operation Center (SOC)

The FACETS project will focus on five main objectives:

  1. Architecture: Develop a tool-agnostic architecture using software wrappers and containers for flexible integration and user-friendly interfaces, allowing for seamless deployment across various platforms.
  2. Federated Learning (FL) Approach: Implement FL to enhance data privacy and enable multi-modal analysis across decentralized devices, integrating results from various detection tools while ensuring transparency through Explainable AI.
  3. CPSA-focused Correlation and Fusion Analysis: Address challenges in aggregating and fusing diverse data types and time domains from multiple tools to enhance situational awareness.
  4. Secure Implementation Strategy: Establish a secure data-sharing framework that protects both open and private channels, leveraging technologies like distributed ledger systems and cryptographic services to ensure resilience and confidentiality.
  5. Testing Approach: Validate the integrated ecosystem against cyber-physical attack scenarios using existing emulation environments and frameworks like MITRE ATT&CK, assessing performance and robustness through uncertainty quantification (UQ) metrics.

This project will result in customizable software that can integrate with any other commercial and/or government off-the-shelf tools, as well as novel CPSA capabilities. Ultimately, FACETS will serve as a foundational capability for a next-generation CP-ISOC, allowing for flexible addition and removal of detection and mitigation tools while enhancing operational and security decision-making across cyber-physical systems.