VU SoS Lablet Quarterly Executive Summary - APR 2021

A. Fundamental Research

The Science of Security for Cyber-Physical Systems (CPS) Lablet focuses on (1) Foundations of CPS Resilience, (2) Analytics for CPS Cybersecurity, (3) Development of a Multi-model Testbed for Simulation–based Evaluation of Resilience, and (4) Mixed Initiative and Collaborative Learning in Adversarial Environments.

• Due to the increased deployment of novel communication, control and protection functions, the grid has become vulnerable to a variety of attacks. Designing robust machine learning based attack detection and mitigation algorithms require large amounts of data that rely heavily on a representative environment, where different attacks can be simulated. In this work, we have developed a comprehensive toolchain for modeling and simulating attacks in power systems. First, we present a probabilistic domain specific language to define multiple attack scenarios and simulation configuration parameters. Secondly, we extend the PyPower-dynamics simulator with protection system components to simulate cyber-attacks in control and protection layers of power system. We demonstrate multiple attack scenarios with a case study based on IEEE 39 bus system
• Identification of system vulnerabilities and implementation of appropriate risk mitigation strategies are crucial for ensuring the cybersecurity of Industrial Control Systems (ICS). These system vulnerabilities must be evaluated depending on their exploitability, impact, mitigation status, and target platform and environments. Our work focuses on threat modeling and risk analysis methods for the cybersecurity of Railway Transportation Systems (RTS), which are real-world ICS and have become increasing vulnerable to cyber-attacks due to growing reliance on networked physical and computation components. We are developing a Risk Analysis Framework (RAF) with multiple components including a modeling environment for system architecture where ICS can be modeled with complete component hierarchy and communication network topology, modeling cyber vulnerabilities, specifying attack ports and risk mitigation actions, and risk flows across components through attack ports. We are currently extending the framework for dynamic vulnerabilities that occur as a result of changing network connectivity due to mobile components in the system.
• While educational robotics and makerspaces are useful to modern STEM education, they introduce both physical and economic barriers to entry. By creating a “cyber makerspace,” a simulated, networked environment, we can facilitate instruction on cyber-physical systems and their security and related topics while reducing cost and complexity. The approach will facilitate reaching audiences from traditionally underrepresented groups. It also supports remote learning, an especially important feature due to the current pandemic. The virtual robotics environment created is connected to a block-based programming language, NetsBlox, to allow students to engage with the curriculum regardless of programming experience. The networked simulation and collaborative programming environment combine to become especially effective for distance learning.

B. Community Engagement(s)

We participated in a meeting where Vanderbilt and NIST presented the work on risk analysis and management to a group from the Association of American Railroads, Railway Information Security Committee (RISC), and Railway Suppliers Committee. The meeting was well-received and we are planning to continue the discussion.

C. Educational Advances

• We launched an outreach program focusing on local high school students. Vanderbilt Digital Nights (VDN) is a series of online workshops using NetsBlox to introduce advanced computing concepts to young learners. VDN is a monthly event. We conducted three VDN workshops this quarter. We have reached about 50 high school students mainly from the middle Tennessee area, but since all workshops were virtual, some of the participants came from out of state from a variety of places. Approximately 40% of participants have been female so far.
• ​​​​​​​Dr. Himanshu Neema advised multiple undergraduate students performing projects related to CPS security.