CPS: TTP Option: Synergy: Collaborative Research: Threat Assessment Tools for Management-Coupled Cyber- and Physical- Infrastructures

Abstract: Strategic decision-making for physical-world infrastructures is rapidly transitioning toward a pervasively cyber-enabled paradigm, in which human stakeholders and automation leverage the cyber-infrastructure at large (including on-line data sources, cloud computing, and handheld devices). This changing paradigm is leading to tight coupling of the cyber- infrastructure with multiple physical- world infrastructures, including air transportation and electric power systems. These management-coupled cyber- and physical- infrastructures (MCCPIs) are subject to complex threats from natural and sentient adversaries, which can enact complex propagative impacts across networked physical-, cyber-, and human elements. We propose here to develop a modeling framework and tool suite for threat assessment for MCCPIs. The proposed modeling framework for MCCPIs has three aspects: 1) a tractable moment-linear modeling paradigm for the hybrid, stochastic, and multi-layer dynamics of MCCPIs; 2) models for sentient and natural adversaries, that capture their measurement and actuation capabilities in the cyber- and physical- worlds, intelligence, and trust-level; and 3) formal definitions for information security and vulnerability. The attendant tool suite will provide situational awareness of the propagative impacts of threats. Specifically, three functionalities termed Target, Feature, and Defend will be developed, which exploit topological characteristics of an MCCPI to evaluate and mitigate threat impacts. We will then pursue analyses that tie special infrastructure-network features to security/vulnerability. As a central case study, the framework and tools will be used for threat assessment and risk analysis of strategic air traffic management. Three canonical types of threats will be addressed: environmental-to-physical threats, cyber-physical co-threats, and human-in-the-loop threats. This case study will include development and deployment of software decision aids for managing man-made disturbances to the air traffic system.