Risk Modeling and Cyber Defense Exercise for Critical Infrastructures Security

关键基础设施安全的风险建模和网络防御演习

• 批准号: 1528731
• 负责人: Manimaran Govindarasu
• 金额: $ 15万
• 依托单位: Iowa State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-07-01 至 2017-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1528731&HistoricalAwards=false
• 关键词: Risk; Modeling; Cyber; Defense; Exercise

Many critical infrastructures, such as the power grid, are complex cyber physical systems (CPS). Protecting these systems against cyber-attacks is of paramount importance to national security and economic well-being. Risk assessment considering cyber-attacks against critical infrastructures is not well understood due to ever growing, dynamic threat landscape coupled with complex cyber-physical interactions in these systems. In addition, there is a compelling need to create environments in which realistic attack-defense experiments (including risk assessment and risk mitigation) and training exercises can be safely conducted to advance the science and workforce development in this important area of national need.This project has two key goals: (1) the short-term goal is to design, develop, and demonstrate a cyber defense exercise for improving the security of CPS systems in alignment with the NIST/US Ignite Global Cities Team Challenge; and (2) the long-term goal is to explore fundamental models and algorithms for cyber risk assessment and mitigation. The project makes synergistic federation of three existing security testbeds hosted at Iowa State University and the University of Southern California to create a realistic environment for conducting CPS security experimentation and security preparedness and training exercise, like the North American Reliability Corporation (NERC) GridEx. The intellectual merit of the project lies in two key contributions: (i) realistic experimentations on CPS security testbed federation, and (ii) the development of a novel methodology for cyber risk modeling of CPS systems. The broader impacts of the project lie in developing realistic attack-defense scenarios and learning/training modules that enable academic researchers, students, and industry practitioners to systematically understand, analyze, and improve the security and resiliency of critical infrastructures.

许多关键的基础架构，例如电网，都是复杂的网络物理系统（CPS）。保护这些系统免受网络攻击对于国家安全和经济福祉至关重要。考虑到针对关键基础设施的网络攻击的风险评估，由于不断增长的动态威胁景观以及这些系统中复杂的网络物理相互作用，因此无法充分理解。此外，可以安全地进行迫切需要创建环境，在这种环境中，可以安全地进行培训和培训练习，以促进这一重要的国家需求领域的科学和劳动力发展。该项目具有两个关键目标。 挑战; （2）长期目标是探索用于网络风险评估和缓解的基本模型和算法。该项目使在爱荷华州立大学和南加州大学举办的三个现有安全测试台的协同联合会创造了一个现实的环境，以进行CPS安全实验和安全准备和培训活动，例如北美可靠性公司（NERC）Gridex。该项目的智力优点在于两个关键贡献：（i）对CPS安全性测试床联合会的现实实验，以及（ii）开发了用于CPS系统的网络风险建模的新方法。该项目的更广泛影响在于开发现实的攻击防御场景和学习/培训模块，使学术研究人员，学生和行业从业人员能够系统地理解，分析和提高关键基础设施的安全性和弹性。