Due to the critical importance of Industrial Control
Systems (ICS) to the operations of cities and countries, research
into the security of critical infrastructure has become increasingly
relevant and necessary. As a component of both the research and
application sides of smart city development, accurate and precise
modeling, simulation, and verification are key parts of a robust
design and development tools that provide critical assistance in
the prevention, detection, and recovery from abnormal behavior
in the sensors, controllers, and actuators which make up a
modern ICS system. However, while these tools have potential,
there is currently a need for helper-tools to assist with their
setup and configuration, if they are to be utilized widely. Existing
state-of-the-art tools are often technically complex and difficult
to customize for any given IoT/ICS processes. This is a serious
barrier to entry for most technicians, engineers, researchers, and
smart city planners, while slowing down the critical aspects of
safety and security verification. To remedy this issue, we take
a case study of existing simulation toolkits within the field of
water management and expand on existing tools and algorithms
with simplistic automated retrieval functionality using a much
more in-depth and usable customization interface to accelerate
simulation scenario design and implementation, allowing for
customization of the cyber-physical network infrastructure and
cyber attack scenarios. We additionally provide a novel in tool assessment of network’s resilience according to graph theory path
diversity. Further, we lay out a roadmap for future development
and application of the proposed tool, including expansions on
resiliency and potential vulnerability model checking, and discuss
applications of our work to other fields relevant to the design
and operation of smart cities.
more »
« less
Dynamic games for secure and resilient control system design
Abstract Modern control systems are featured by their hierarchical structure composed of cyber, physical and human layers. The intricate dependencies among multiple layers and units of modern control systems require an integrated framework to address cross-layer design issues related to security and resilience challenges. To this end, game theory provides a bottom-up modeling paradigm to capture the strategic interactions among multiple components of the complex system and enables a holistic view to understand and design cyber-physical-human control systems. In this review, we first provide a multi-layer perspective toward increasingly complex and integrated control systems and then introduce several variants of dynamic games for modeling different layers of control systems. We present game-theoretic methods for understanding the fundamental tradeoffs of robustness, security and resilience and developing a cross-layer approach to enhance the system performance in various adversarial environments. This review also includes three quintessential research problems that represent three research directions where dynamic game approaches can bridge between multiple research areas and make significant contributions to the design of modern control systems. The paper is concluded with a discussion on emerging areas of research that crosscut dynamic games and control systems.
more »
« less
- Award ID(s):
- 1847056
- NSF-PAR ID:
- 10208707
- Date Published:
- Journal Name:
- National Science Review
- Volume:
- 7
- Issue:
- 7
- ISSN:
- 2095-5138
- Page Range / eLocation ID:
- 1125 to 1141
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
null (Ed.)Our world today increasingly relies on the orchestration of digital and physical systems to ensure the successful operations of many complex and critical infrastructures. Simulation-based testbeds are useful tools for engineering those cyber-physical systems and evaluating their efficiency, security, and resilience. In this article, we present a cyber-physical system testing platform combining distributed physical computing and networking hardware and simulation models. A core component is the distributed virtual time system that enables the efficient synchronization of virtual clocks among distributed embedded Linux devices. Virtual clocks also enable high-fidelity experimentation by interrupting real and emulated cyber-physical applications to inject offline simulation data. We design and implement two modes of the distributed virtual time: periodic mode for scheduling repetitive events like sensor device measurements, and dynamic mode for on-demand interrupt-based synchronization. We also analyze the performance of both approaches to synchronization including overhead, accuracy, and error introduced from each approach. By interconnecting the embedded devices’ general purpose IO pins, they can coordinate and synchronize with low overhead, under 50 microseconds for eight processes across four embedded Linux devices. Finally, we demonstrate the usability of our testbed and the differences between both approaches in a power grid control application.more » « less
-
Abstract Research purpose. Smart City technologies offer great promise for a higher quality of life, including improved public services, in an era of rapid and intense global urbanization. The use of intelligent or smart information and communication technologies to produce more efficient systems of services in those urban areas, captured under the broad rubric of “smart cities,” also create new vectors of risk and vulnerability. The aim of this article is to raise consideration of an integrated cross-domain approach for risk reduction based on the risks smart cities are exposed to, on the one hand, from natural disasters and, on the other, from cyber-attacks. Design / Methodology / Approach. This contribution describes and explains the risk profile for which smart cities are exposed to both natural disasters and cyber-attacks. The vulnerability of smart city technologies to natural hazards and cyber-attacks will first be summarized briefly from each domain, outlining those respective domain characteristics. Subsequently, methods and approaches for risk reduction in the areas of natural hazards and ICT security will be examined in order to create the basis for an integrated cross-domain approach to risk reduction. Differences are also clearly identified if an adaptation of a risk reduction pattern appears unsuitable. Finally, the results are summarized into an initial, preliminary integrated cross-domain approach to risk reduction. Findings. Risk management in the two domains of ICT security and natural hazards is basically similar. Both domains use a multilayer approach in risk reduction, both have reasonably well-defined regimes and established risk management protocols. At the same time, both domains share a policymaking and policy implementation challenge of the difficulty of appropriately forecasting future risk and making corresponding resource commitments to address future risk. Despite similarities, different concepts like the CIA Triad, community resilience, absorption capacity and so on exist too. Future research of these concepts could lead to improve risk management. Originality / Value / Practical implications. Cyber-attacks on the ICT infrastructure of smart cities are a major vulnerability – but relatively little systematic evaluation exists on the topic. Likewise, ICT infrastructure is vulnerable to natural disasters too – and the risk of more severe natural disasters in the context of a global trend toward massive cities is increasing dramatically. Explicit consideration of the issues associated with cross-domain integration of reduction of interdependent risk is a necessary step in ensuring smart city technologies also serve to promote longer-term community sustainability and resilience.more » « less
-
null (Ed.)Modern cyber-physical systems are enabled by electronic hardware and embedded systems. The security of these sub-components is a concern during the design and operational phases of cyber-physical system life cycles. Compromised electronics can result in mission-critical failures, unauthorized access, and other severe consequences. As systems become more complex and feature greater connectivity, system owners must make decisions regarding how to mitigate risks and ensure resilience and trust. This paper provides an overview of research efforts related to assessing and managing risks, resilience, and trust with an emphasis on electronic hardware and embedded systems. The research takes a decision-oriented perspective, drawing from the perspectives of scenario planning and portfolio analysis, and describes examples related to the risk-based prioritization of cyber assets in large-scale systems.more » « less
-
Recent advances in machine learning enable wider applications of prediction models in cyber-physical systems. Smart grids are increasingly using distributed sensor settings for distributed sensor fusion and information processing. Load forecasting systems use these sensors to predict future loads to incorporate into dynamic pricing of power and grid maintenance. However, these inference predictors are highly complex and thus vulnerable to adversarial attacks. Moreover, the adversarial attacks are synthetic norm-bounded modifications to a limited number of sensors that can greatly affect the accuracy of the overall predictor. It can be much cheaper and effective to incorporate elements of security and resilience at the earliest stages of design. In this paper, we demonstrate how to analyze the security and resilience of learning-based prediction models in power distribution networks by utilizing a domain-specific deep-learning and testing framework. This framework is developed using DeepForge and enables rapid design and analysis of attack scenarios against distributed smart meters in a power distribution network. It runs the attack simulations in the cloud backend. In addition to the predictor model, we have integrated an anomaly detector to detect adversarial attacks targeting the predictor. We formulate the stealthy adversarial attacks as an optimization problem to maximize prediction loss while minimizing the required perturbations. Under the worst-case setting, where the attacker has full knowledge of both the predictor and the detector, an iterative attack method has been developed to solve for the adversarial perturbation. We demonstrate the framework capabilities using a GridLAB-D based power distribution network model and show how stealthy adversarial attacks can affect smart grid prediction systems even with a partial control of network.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.1093/nsr/nwz218
