The protection of cyber-physical critical infrastructures such as the power grid, water distribution networks, and transportation networks against computer attacks is a matter of national security, public safety, and economic stability; however, most of these critical assets are owned and operated by private companies with pressing operational requirements, tight security budgets, and aversion to regulatory oversight. As a result it is not clear that market incentives alone will create enough momentum to improve the security posture of these systems. This project studies how to incentivize investments and risk management for CPS security. A second related problem is that while current cyber-physical infrastructures are monitored by an operations center, this system does not currently help operators identify if a problem, alarm, or fault was the result of a physical accident or if there is any indication that a cyber-attack caused the problem. This second research focus aims to improve the assessment of the security states of these systems by developing the foundations towards an industrial security operations center to help operators identify the root cause (accident or cyber-attack) of alerts. There is a large body of work focusing on interdependent security with models of firms participating in protection and insurance markets. Most of the security models and economic interdependent investment formulations focus solely on information technology infrastructures, and are meant to model cybercriminal activities, where attackers are rational profit-driven agents and defenders experience constant security breaches allowing them to generate risk models based on data. In contrast, computer attacks to critical infrastructure systems represent a completely different set of malicious agents. These agents may not be profit-driven and will attack only sporadically. In addition, interdependent physical infrastructures are managed by federated agents, and cyber-attacks will have physical consequences extending the domain of the single firm attacked. This project leverages and extends the literature of investment in reliability for large-scale critical infrastructures as well as insurance, contracts between firms with interdependent assets, and extreme risk. The second research focus leverages the interest of the CPS industry in analyzing the data collected by sensor networks. Security Information and Event Managers (SIEM) solutions were designed for enterprise IT, and do not include, aggregate, and correlate the sensor data from the physical world. To mitigate this gap this proposal investigates how to aggregate information for a new system incorporating the data from control centers and those from security operations centers, laying thus the foundation to create an Industrial Security Operations Center (ISOC).
EAGER: Improving Incentives and Awareness, to Increase the Security Posture of Critical Infrastructures