Multi-model Testbed for the Simulation-based Evaluation of Resilience (April '21)

PI(s), Co-PI(s), Researchers:

• Peter Volgyesi (PI)
• Himanshu Neema (Co-PI)

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released in November 2012.

• Security Metrics Driven Evaluation, Design, Development, and Deployment
• Resilient Architectures

The goal of the Multi-model Testbed is to provide a collaborative design tool for evaluating various cyber-attack / defense strategies and their effects on the physical infrastructure. The web-based, cloud-hosted environment integrates state-of-the-art simulation engines for the different CPS domains and presents interesting research challenges as ready-to-use scenarios. Input data, model parameters, and simulation results are archived, versioned with a strong emphasis on repeatability and provenance.

PUBLICATIONS

[1] Himanshu Neema, Leqiang Wang, Xenofon Koutsoukos, CheeYee Tang, and Keith Stouffer. 2021. WiP: A Model-Based Risk Analysis Approach for Network Vulnerability of Railway Infrastructure. Presented the work-in-progress paper in the 8th Symposium on Hot Topics in the Science of Security (HotSoS '21). Association for Computing Machinery, Nashville, TN, USA.

KEY HIGHLIGHTS

Threat Modeling and Risk Analysis in Industrial Control Systems

In this effort, we are working on developing a modeling and analysis framework for threats and cybersecurity risks in Industrial Control Systems (ICS). Identification of system vulnerabilities and implementation of appropriate risk mitigation strategies are crucial for ensuring the cybersecurity of Industrial Control Systems (ICS). These system vulnerabilities must be evaluated depending on their exploitability, impact, mitigation status, and target platform and environments. Therefore, in order to assess system vulnerabilities and risk mitigation strategies quantitatively, we are focusing on threat modeling and risk analysis methods for the cybersecurity of Railway Transportation Systems (RTS), which are real-world ICS and have become increasing vulnerable to cyber-attacks due to growing reliance on networked physical and computation components.

We made significant progress in this effort and also presented our work at the HotSoS'21 symposium. The framework developed is called the Risk Analysis Framework (RAF). It has seven major components. The first component is modeling environment for system architecture where the ICS can be modeled with complete component hierarchy and the communication network topology. The second component allows for modeling cyber vulnerabilities, specifying attack ports and risk mitigation actions, and risk flows across components through attack ports. It also enables creating a library of cyber exploits and mitigations. The third component provides for validation of all models. The fourth component is for vulnerability assessment that propagates the risk with the system through network connections and hierarchy composition and generates the component attack trees and system attack graphs. It also rank orders the system vulnerabilities in order decreasing order of their impact on the overall system's cyber risk. The fifth component is for generation of code and artifacts from the risk assessments. The sixth component is a major tool for risk management planning which allows for cyber gaming various available risk mitigation actions against potential cyber exploits. The seventh component is for visualization of results and for analysis. We already visualize component attack trees and system attack trees. The work on visualization of risk management analysis is ongoing. We are currently extending the framework for dynamic vulnerabilities that occur as a result of changing network connectivity due to mobile components in the system.

TECHNOLOGY TRANSFER and BROADER IMPACT

Previous results of this project on novel graph and node embedding algorithms (dynamics control-based approach) have been successfully applied in learning structural patterns of electronic design circuits. The technology has been implemented and integrated into a web-based collaborative design tool for providing intelligent and intuitive suggestions during the design process. The source code of the tool is available at https://github.com/symbench/electric-circuits with a live demonstration of the tool at https://webgme.symbench.org/.

Similarly, we demonstrated the broader applicability of our theoretical and experimental results on applying physics-guided ML models and using domain adaptation with tradeoffs between fidelity and simulation speed. Our previous efforts on investigating vulnerabilities and potential defensive technologies of machine-learning-based CPS included the structural health monitoring domain where even simulation-based data is expensive. Learning in this domain requires a lot of simulation runs (costly FEM or faster but less accurate analytical approximations). The physics-guided approach enables more robust models and may decrease the number of required training samples, while domain adaptation can be used to refine the ML model with a few costly FEM results. The same approach is successfully applied in analyzing pressure vessels and for developing an AI-assisted tool for the conceptual design phase of UUVs.

EDUCATIONAL ADVANCES and OUTREACH

Collaboration with NIST on threat modeling and risk analysis in ICS

Discussion topics:

    Threat modeling in Railway ICS
    Risk Analysis
    Quantitative Risk Evaluation
    Integration with Simulation-Based Evaluation

Engagement on Risk Analysis and Cybersecurity with the American Railroads

This was a large meeting Vanderbilt and NIST presented our work on risk analysis and management to a group of top-level people from the Association of American Railroads, Railway Information Security Committee (RISC), and Railway Suppliers Committee. The meeting was well received and we have planned to continue our discussion with them in the near future.

EDUCATIONAL ADVANCES and OUTREACH

Dr. Himanshu Neema is currently advising three undergraduate students for their Spring internships at our institute. These internship projects are described below. Please note that these students are working with our technologies, but the internships are not funded by this project.

Local Virtual Power Plant with Transactive Energy

This project aims to evaluate whether transactive energy can provide economic benefit for developing virtual power plants (VPPs) for cities. In VPPs, communities transition from using more electricity for locally generated energy from renewable energy sources such as rooftop solar panels. However, this is highly cost prohibitive and so this project is investigating whether TE can reduce these costs. In addition, the project also aims to evaluate the impact of TE on better management of supply and demand in the DER integrated distribution grid. The project generated a good result for formulating appropriate real-time pricing that significantly smoothes the daily load curve. Our current effort in this project is focused on using machine learning techniques for efficient real-time pricing calculations.

Threat Modeling and Risk Analysis for ICS

This project aims to develop a comprehensive risk analysis framework for CPS. The modeling language and analysis tools in the framework are based on Vanderbilt's WebGME modeling environment. Using the modeling language one can create system architecture for specific ICS such as railway infrastructure. The system architecture comprises of various components within the system and different types of network connectivity among these components. Further, vulnerability scores could be assigned to various components with regard to different categories of Microsoft's STRIDE threat modeling method. The analysis tools as part of the language could be used to calculate vulnerability scores at the component level. In addition, the visualization tools will help show the generated component attack trees and system attack graphs that directly help with risk analysis of ICS. The risk management planning tools allow for cyber gaming of available risk mitigation actions against potential cyber exploits.

Evaluation of Vector Control and Social Policies on Pathogen Spread within Communities

This recently started project aims to utilize agent-based simulations for modeling arthropod behavior and human activities as well as social policies for vector control and for changing human behavior in order to evaluate how these affect the spread of pathogens in humans through mosquito bites. We plan to use integrated simulations for these evaluations. We have developed RESTful APIs for the creation, configuration, parameterization, execution, and control of the disease simulations. Currently, we are working on creating a model based experimentation environment using these REST APIs.