Biblio
Mutual assured destruction is a Cold War era principle of deterrence through causing your enemy to fear that you can destroy them to at least the same extent that they can destroy you. It is based on the threat of retaliation and requires systems that can either be triggered after an enemy attack is launched and before the destructive capability is destroyed or systems that can survive an initial attack and be launched in response. During the Cold War, the weapons of mutual assured destructions were nuclear. However, with the incredible reliance on computers for everything from power generation control to banking to agriculture logistics, a cyber attack mutual assured destruction scenario is plausible. This paper presents this concept and considers the deterrent need, to prevent such a crippling attack from ever being launched, from a system of systems perspective.
A term systems of systems (SoS) refers to a setup in which a number of independent systems collaborate to create a value that each of them is unable to achieve independently. Complexity of a SoS structure is higher compared to its constitute systems that brings challenges in analyzing its critical properties such as security. An SoS can be seen as a set of connected systems or services that needs to be adequately protected. Communication between such systems or services can be considered as a service itself, and it is the paramount for establishment of a SoS as it enables connections, dependencies, and a cooperation. Given that reliable and predictable communication contributes directly to a correct functioning of an SoS, communication as a service is one of the main assets to consider. Protecting it from malicious adversaries should be one of the highest priorities within SoS design and operation. This study aims to investigate the attack propagation problem in terms of service-guarantees through the decomposition into sub-services enriched with preconditions and postconditions at the service levels. Such analysis is required as a prerequisite for an efficient SoS risk assessment at the design stage of the SoS development life cycle to protect it from possibly high impact attacks capable of affecting safety of systems and humans using the system.
Large-scale infrastructures are critical to economic and social development, and hence their continued performance and security are of high national importance. Such an infrastructure often is a system of systems, and its functionality critically depends on the inherent robustness of its constituent systems and its defense strategy for countering attacks. Additionally, interdependencies between the systems play another critical role in determining the infrastructure robustness specified by its survival probability. In this paper, we develop game-theoretic models between a defender and an attacker for a generic system of systems using inherent parameters and conditional survival probabilities that characterize the interdependencies. We derive Nash Equilibrium conditions for the cases of interdependent and independent systems of systems under sum-form utility functions. We derive expressions for the infrastructure survival probability that capture its dependence on cost and system parameters, and also on dependencies that are specified by conditional probabilities. We apply the results to cyber-physical systems which show the effects on system survival probability due to defense and attack intensities, inherent robustness, unit cost, target valuation, and interdependencies.
Guidelines, directives, and policy statements are usually presented in ``linear'' text form - word after word, page after page. However necessary, this practice impedes full understanding, obscures feedback dynamics, hides mutual dependencies and cascading effects and the like, - even when augmented with tables and diagrams. The net result is often a checklist response as an end in itself. All this creates barriers to intended realization of guidelines and undermines potential effectiveness. We present a solution strategy using text as ``data'', transforming text into a structured model, and generate a network views of the text(s), that we then can use for vulnerability mapping, risk assessments and control point analysis. We apply this approach using two NIST reports on cybersecurity of smart grid, more than 600 pages of text. Here we provide a synopsis of approach, methods, and tools. (Elsewhere we consider (a) system-wide level, (b) aviation e-landscape, (c) electric vehicles, and (d) SCADA for smart grid).
The objective of this paper is to explore the current notions of systems and “System of Systems” and establish the case for quantitative characterization of their structural, behavioural and contextual facets that will pave the way for further formal development (mathematical formulation). This is partly driven by stakeholder needs and perspectives and also in response to the necessity to attribute and communicate the properties of a system more succinctly, meaningfully and efficiently. The systematic quantitative characterization framework proposed will endeavor to extend the notion of emergence that allows the definition of appropriate metrics in the context of a number of systems ontologies. The general characteristic and information content of the ontologies relevant to system and system of system will be specified but not developed at this stage. The current supra-system, system and sub-system hierarchy is also explored for the formalisation of a standard notation in order to depict a relative scale and order and avoid the seemingly arbitrary attributions.
The Department of Energy seeks to modernize the U.S. electric grid through the SmartGrid initiative, which includes the use of Global Positioning System (GPS)-timing dependent electric phasor measurement units (PMUs) for continual monitoring and automated controls. The U.S. Department of Homeland Security is concerned with the associated risks of increased utilization of GPS timing in the electricity subsector, which could in turn affect a large number of electricity-dependent Critical Infrastructure (CI) sectors. Exploiting the vulnerabilities of GPS systems in the electricity subsector can result to large-scale and costly blackouts. This paper seeks to analyze the risks of increased dependence of GPS into the electric grid through the introduction of PMUs and provides a systems engineering perspective to the GPS-dependent System of Systems (S-o-S) created by the SmartGrid initiative. The team started by defining and modeling the S-o-S followed by usage of a risk analysis methodology to identify and measure risks and evaluate solutions to mitigating the effects of the risks. The team expects that the designs and models resulting from the study will prove useful in terms of determining both current and future risks to GPS-dependent CIs sectors along with the appropriate countermeasures as the United States moves towards a SmartGrid system.