GGrantIndex
← Search

CRISP Type 1/Collaborative Research: Lessons Learned from Decades of Attacks against Critical Interdependent Infrastructures

$98,357FY2016ENGNSF

University Of Texas At Austin, Austin TX

Investigators

Abstract

Critical interdependent infrastructures such as the power grid, water distribution networks, and transportation networks are large-scale systems that provide the most essential services to modern life. Traditionally, the protection of these infrastructures has focused on preventing failures caused by accidents; however, there is a growing concern about preventing failures initiated by physical as well as cyber attacks. For example, the recent Executive Order 13636 on critical infrastructure cyber-security is a timely reminder on the growing need to improve the security posture and resiliency of our critical infrastructures against attacks, and in particular, a call of action for identifying well-documented and tested security best practices. The goal of this Critical Resilient Interdependent Infrastructure Systems and Processes (CRISP) collaborative research project is to identify the successful practices and lessons learned by countries subject to persistent attacks on their critical infrastructures, and incorporate these lessons into social and technical solutions that the U.S. can use to better understand the nature of the threat, and to motivate better public and private sector postures for the protection of U.S. critical infrastructures from physical as well as cyber-attacks. The research will leverage the experience of five decades of sustained attacks against the critical infrastructures of Colombia and study the government and industry responses and best practices in that country. It will also develop new algorithms and security solutions informed by the data collected on these attacks. These lessons will be translated into a new course focusing on terrorism, critical infrastructures, and cyber-security, with the goal of developing a multidisciplinary Masters on cyberconflict and terrorism targeted to students working in public policy as well as business leaders and stakeholders in our critical infrastructures. The results will be disseminated in academic as well as industrial conferences and in public and private partnerships for the protection of critical infrastructures such as those led by NIST and DHS. Several analytical and theoretical models for interdiction or interdependencies of critical infrastructures remain abstract and speculative not only because there is scarce data on attacks to critical infrastructures, but also because it is easier to consider simple models or assumptions in order to keep the problem analytically or computationally tractable. Evidence and empirical data of how attacks on critical infrastructures are planned and executed are essential for studying their impact on critical infrastructures, and for identifying the technical and social aspects for protecting these systems. Incorporating new adversary models and defense mechanisms based on real attacks and extracting statistics from these datasets into mathematical models of interdiction, or control interdependencies will require new theoretical developments in algorithms and optimization methods. For example the reconfiguration of power systems done by the operators of the power grid in Colombia can be considered as a moving target defense, and incorporating this dynamic aspect into interdiction games requires new formulations that have not been studied before. In addition, interdiction formulations considering interdependent infrastructures such as gas, water, telecommunications, and electricity will require different models of the "initiating events" and different models of the restoration processes. Similarly the inclusion of interdependent infrastructure models for control problems can add some advantages in the synchronization criteria and might improve synchronizability and stability. The mathematical conditions for phase cohesiveness and frequency synchronization when one infrastructure is subject to attacks will be studied in this research. Finally, extracting policy and strategic trends, and factors that have influenced the outcomes observed in datasets will require extensive analysis of a complex socio-technical component where multiple stakeholders (government, asset owners, services industry, and vendors) have different factors influencing their actions and decisions.

View original record on NSF Award Search →
CRISP Type 1/Collaborative Research: Lessons Learned from Decades of Attacks against Critical Interdependent Infrastructures · GrantIndex