Policy Analytics for Cybersecurity of Cyber-Physical Systems: October 2018 (Y1, Q2)

Funding Type: Full Proposal
Start Date: March 01, 2018
Expected Completion Date: April 30, 2019
Principal Investigator: Nazli Choucri
Public View

HARD PROBLEM(S) ADDRESSED

This project addresses the hard problem of policy-governed secure collaboration related to cyber-physical security of critical infrastructure (zeroing in on a generic and fundamental feature, namely smart grid power systems). The challenge is to (a) create a structured system model from text-based policy guidelines and directives, in order to (b) identify major policy-defined system-wide parameters, (c) situate system vulnerabilities, (d) map security requirements to security objectives, and (e) advance research on how multiple system features respond to diverse policy controls to strengthen the security of fundamentals in cyber physical systems.

PUBLICATIONS

in progress

KEY HIGHLIGHTS (July-September 2018)

Community Engagements

PI participated in the quarterly meeting held at UIUC and participated in the panel discussion titled "Successes in Tech Transfer." At that meeting, she conveyed the specific new collaborations initiated under the rubric of Tech Transfer. The goal is to build-in future applications as early on as possible.

1. Progress: Fiscal Year to Date

This project addresses the hard problem of policy-governed secure collaboration related to cyber-physical security of critical infrastructure (zeroing in on a generic and fundamental capability, namely smart grid power systems central to modern critical infrastructures). The challenge is to (a) a structured system model from text-based policy guidelines and directives, in order to (b) identify major policy-defined system-wide parameters, (c) situate vulnerabilities, (d) map security requirements to security objectives, and (e) advance research on how multiple system features respond to diverse policy controls to strengthen the security of fundamentals in cyber physical systems. Figure 1 summarizes the near-, mid- and long- term project targets and goals.

Designed as a multi-method approach, research is anchored in (a) transforming the text-based policy-defined operational features of NIST cybersecurity policies and guidelines into (b) structured model of system-features and information flows, for use as a (c) platform for system-wide policy impact analysis of cybersecurity directives, and exploration of "malicious pathways".

Figure 1. Near-, mid- and long- term project goals. * *Note - as framed at the onset.

Year Task 1 focuses on essential foundations for cybersecurity analytics. Specific tasks are to: (1) Identify the policy relevant ecosystem (done). (2) Formalize rules for extracting structured data from text-based policy materials (done). (3) Identify relevant linkages for representing and implementing cybersecurity measures (done) or identify "missing elements" (in progress); and (4) Construct internally consistent structure to represent, organize, and metricize, and manage text-based materials essential for application and development of cybersecurity analytics (in progress).

2. Guidelines for Cyber-Physical Security: Smart Grid

There is little need for introduction of NIST, the premier standard setting entity in the nation and often for the international community as a whole. In this study, we construct a structured model of text-based NIST guidelines and directives for cybersecurity in order to:

1. generate new knowledge,
2. provide a structured basis for operationalizing system risk,
3. create platform for valuating alternative courses of action,
4. explore system-wide path-ways of policy controls and impacts, and
5. help prioritize deployment of corrective measures.

Figure 2 provides a reminder of key policy guidelines and directives as the core data sources. It identifies sources of text-data relevant across sectors (in blue) and (b) sector-specific policy-texts, namely, electricity smart grid (in red).

Figure 2. Key Guidelines & Directives. Note - generic domain reports and smart grid specific.

We have found that this set of text-data base is especially important when viewed in chronological order. As shown in Figure 3, the evolution of directives and policy responses have remained consistent with, and incorporated, emergent technological changes.

Figure 3. A Timeline Policy-Development View.

3. HIGHLIGHT 1: Contextual Policy-Governed Security-Sesponse System

In the course of building Figure 3 - and our focus on policy-governed security responses -- we also have found a cumulative development of functions. The result is a dense web of policy-dependency system we show in Figure 4. This finding represents Highlight 1. It is important as it (a) helps parse policy guidelines, (b) assists researchers to locate materials of direct relevance, and (c) demonstrates salience of technology-development.

Figure 4. System of Policy-Governed Security-Response Systems

3.1 "Text-as-Raw" Data

At this point we draw attention to the source of our "raw-data", the cumulative materials in the NISTIR-7628 on Guidelines for Smart Grid Cybersecurity, as well as the NIST Cybersecurity Framework (CSF) - all totaling more than 600 pages. These two data-texts are connected to each other via a third policy text namely, NIST SP 800:53 Rev.4 on Security and Privacy Controls for Federal Information Systems and Organizations, shown in Figure 5.

Figure 5. Connections of NIST 7628 and NIST CSF.

Given the above, we focus on NISTIR-7628 Guidelines as the text-based raw data, and then augment our investigations with the NIST Cybersecurity Framework. As shown in Figure 4 above, the text-content lineage of NISTIR 7628 carries fundamental knowledge and provides detailed information on the NIST generic conceptual representation of smart grid -- its actors and activities; the interfaces between actors and their attributes as well as notional views of relationships.

Figure 6 shows the visual representation of NIST "model", and its constituent elements, defined as actors, domains and interfaces. It is shown here to indicate the richness of NIST notions.

Figure 6. NIST Smart Grid Conceptual Model

In Figure 6, the notion of Actor consists of "... a device, computer system, software program, or the individual or organization that participates in the smart grid". NISTIR-7628 identified 49 such actors, clustered into seven domains based on their role and responsibilities at the macro level.

The NIST logic is as follows:

• Domains encompass smart grid conceptual roles and services. It includes types of services, interactions, and stakeholders that make decisions and exchange information necessary for performing identified goals.
• Logical Interfaces connect any two actors. NISTIR-7628 has identified over 125 such interfaces between these 49 actors. NISTIR-7628 further aggregates them into 22 Logical Interface Categories, based on their Technical Requirements.

Using the "conceptual" model provided in NISTIR-7628 as an entry point, we developed a set of rules to extract the critical text-data.

4. HIGHLIGHT 2: Situating and Linking Elements of Response Strategy

Highlight 2 consists of the data-extraction strategy as shown in Figure 7. This figure provides a high-level view of the vastness of the information embedded in NISTIR-7628 (and its supporting texts) to show the parsed-basis for the linkage-strategy to connect the components of policy-governed security for cyber-physical systems.

Figure 7. The Linkage Strategy

4.1 From "Raw-to-Linked" Data

Highlight 2 shows the method we develop in its generic form, thus generalizable. The linked dataset is the further extended to include information on system vulnerabilities as listed in the NISTIR-7628 as well as its connections to NIST Cybersecurity Framework (CSF).

Recall that identification of these connections is based on (a) the mapping provided in Appendix 1 of NIST CSF between framework core categories and NIST SP 800-53 Rev.4, and (b) the crosswalk of cybersecurity requirements of NISTIR 7628 with NIST SP 800-53 Rev.4 as provided in volume 1 of NISTIR 7628. The result is of this initiative is to expand the size of database, the components, and interdependencies.

5. Challenges of Cybersecurity Analytics: Policy-Text NISTIR 7628

NISTIR-7628 contains all of the policy-relevant information required to undertake a structured mapping map for smart grid system, including generic technical operations, security requirements system-wide business strategy and technology policy. This policy-text consists of voluntary guidelines with the following properties, each of which generates specific policy-centered challenge:

1. Recognizing that NISTIR-7628 is a comprehensive and very detailed record of the elements of smart grid for policy-governed security purposes, nonetheless, the content is scattered throughout the text-based database that exceeds over 600 pages. The challenge is to manage this volume.
2. The structure of the report (three volumes focused each on Technology, Privacy and IT security) shows the efforts of a disparate group of experts in the field of Smart Grid, Computer Science and IT security¹. For most readers, the challenge to understand very detailed and often unfamiliar information, and the policy relevance thereof. This challenge is even greater for cybersecurity analytics where system-structure, actors, functions, operations and impacts must be captured accurately in order to generate a formal system representation.
3. Given the disconnected nature of the data provided, a major challenge is to capture the "correct" level of analysis as intended at the source, as well as the distinction between flows of information and flows of activity.

In addition, there are distinctive of this policy-text that create challenges for application and implementation. For example:

1. Given the generic nature of the NIST approach, it is especially important to address operational business objectives and organizational policies. These cannot be mapped to the technology policy and business strategy requirements due to technical nature of the report without relying on external literature in order to obtain an important end-to-end system view of cybersecurity.
2. While the report provides a detailed account of the elements of the smart grid and scenarios of failures, it lacks a systematic mapping to actors and interfaces that represent the full smart grid functions. This requires us to:
   1. Identify system-wide control points, in terms of who is responsible for what, when, where and how;
   2. Undertake a gap-analysis of current system-state vs. desired future state for technical landscape, business objectives and operations.

In sum, the overarching challenge -- to capture the knowledge and directives embedded in policy-text form and transform it into structured data and formal mode -- requires a systematic linkage approach. Since all policy documents on all issues, everywhere, are always in text form, the challenge is generic, and the solution-strategy must, by definition, also be generic.

Highlights 1 and 2 show the progress in the development of our approach for (i) synthesizing policy analysis and directives (ii) isolating and tracking the impacts of recommendations for policy actions and (iii) efficiently converting and conveying policy-directives within organizations.

6. Validation of Research Methodology - Phase 1

The fundamentals of first Phase 1 research method (see figure 1) have been subjected to verification and validation in two other entirely separate security-anchored policy contexts. Both are entirely different from the project materials (i.e. NIST, critical infrastructure, smart grid).

The first focusses on the application of rules of international law for cyber operations in war (known as Tallinn Manual 2.0 ² ).

The second focusses on the policy-content and context of the EU General Data Protection Regulation (GDPR)³ for data use and data privacy. (See "in progress" noted in Publications above).