cybersecurity assurance for critical infrastructure
play

Cybersecurity Assurance for Critical Infrastructure Jason Jaskolka - PowerPoint PPT Presentation

Feb 08, 2024 •17 likes •457 views

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Cybersecurity Assurance for Critical Infrastructure Jason Jaskolka Collaborator: John Villasenor Center for International Security and Cooperation

  1. Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Cybersecurity Assurance for Critical Infrastructure Jason Jaskolka Collaborator: John Villasenor Center for International Security and Cooperation Stanford University, Stanford, CA 94305 jaskolka@stanford.edu May 11, 2017 Jason Jaskolka SCC 2017 1 / 33

  2. Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Acknowledgement & Disclaimer Acknowledgement This material is based upon work supported by the U.S. Department of Homeland Security under Grant Award Number, 2015-ST-061-CIRC01. Disclaimer The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland Security. Jason Jaskolka SCC 2017 2 / 33

  3. Introduction Research Problem Critical Infrastructure Methodological Elements Project Overview Impact & Value Cybersecurity Challenges in Critical Infrastructure Systems Concluding Remarks Critical Infrastructure Jason Jaskolka SCC 2017 3 / 33

  4. Introduction Research Problem Critical Infrastructure Methodological Elements Project Overview Impact & Value Cybersecurity Challenges in Critical Infrastructure Systems Concluding Remarks Project Overview Cybersecurity Assurance for Critical Infrastructure Focus on the challenges posed by cyber-attacks against critical infrastructures Aims to design and develop critical infrastructure cybersecurity assessment methodologies and associated modelling and simulation environments Enable community to much more effectively: Identify systemic cybersecurity vulnerabilities 1 Preemptively mitigate at least some of those vulnerabilities 2 Quickly and effectively respond to attacks that might exploit the 3 subset of those vulnerabilities Jason Jaskolka SCC 2017 4 / 33

  5. Introduction Research Problem Critical Infrastructure Methodological Elements Project Overview Impact & Value Cybersecurity Challenges in Critical Infrastructure Systems Concluding Remarks Operational Need Significant progress has been made in quality assurance for software and components used to build critical infrastructure systems Much less attention and progress in making the systems robust against intentionally compromised hardware and/or software Specifically designed to remain undetected in tests formulated to detect accidental design flaws Often only visible, or known, after a system experiences some kind of compromise or failure Cyber-attacks launched using built-in hardware and/or software vulnerabilities could have a devastating impact Jason Jaskolka SCC 2017 5 / 33

  6. Introduction Research Problem Critical Infrastructure Methodological Elements Project Overview Impact & Value Cybersecurity Challenges in Critical Infrastructure Systems Concluding Remarks Cybersecurity Challenges in Critical Infrastructure Systems Ubiquitous and pervasive Large, complex, and rapidly growing Mix of legacy systems and new technologies Numerous components or agents and even more interactions, some of which may be: Unfamiliar, unplanned, or unexpected Not visible or not immediately comprehensible Software/Hardware from third-party suppliers Cyber-attackers are far more sophisticated and have access to far more powerful tools than in the past Jason Jaskolka SCC 2017 6 / 33

  7. Introduction Research Problem Critical Infrastructure Methodological Elements Project Overview Impact & Value Cybersecurity Challenges in Critical Infrastructure Systems Concluding Remarks Cybersecurity Challenges in Critical Infrastructure Systems Ubiquitous and pervasive Large, complex, and rapidly growing Mix of legacy systems and new technologies Numerous components or agents and even more interactions, some of which may be: Unfamiliar, unplanned, or unexpected � Implicit Not visible or not immediately comprehensible Interactions Software/Hardware from third-party suppliers Cyber-attackers are far more sophisticated and have access to far more powerful tools than in the past Jason Jaskolka SCC 2017 6 / 33

  8. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Implicit Component Interactions 2015 Jeep Cherokee Hack Jason Jaskolka SCC 2017 7 / 33

  9. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Research Problem Assuring safety, security, and reliability of critical infrastructure systems is becoming a top priority Shortcomings in development of formal methods and tools for determining whether such systems are protected from cyber-threats [Bennett 2015] Ability to detect undesirable interactions among system components is needed [Jackson and Ferris 2012] Research Challenge Develop a rigorous (formal methods-based) approach to better understand, identify, analyze, and mitigate implicit component interactions in critical infrastructure systems. Jason Jaskolka SCC 2017 8 / 33

  10. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Why Formal Methods? According to the DHS Cybersecurity Research Roadmap [DHS 2009] Jason Jaskolka SCC 2017 9 / 33

  11. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Why Formal Methods? According to the DHS Cybersecurity Research Roadmap [DHS 2009] “ Formal verification and other analytic tools that can scale will be critical to building systems with significantly higher assurance than today’s systems.” Jason Jaskolka SCC 2017 9 / 33

  12. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Why Formal Methods? According to the DHS Cybersecurity Research Roadmap [DHS 2009] “ Formal verification and other analytic tools that can scale will be critical to building systems with significantly higher assurance than today’s systems.” “In particular, theories are needed to support analytic tools that can facilitate the prediction of trustworthiness , inclusion modelling, simulation, and formal methods .” Jason Jaskolka SCC 2017 9 / 33

  13. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Why Formal Methods? According to the DHS Cybersecurity Research Roadmap [DHS 2009] “ Formal verification and other analytic tools that can scale will be critical to building systems with significantly higher assurance than today’s systems.” “In particular, theories are needed to support analytic tools that can facilitate the prediction of trustworthiness , inclusion modelling, simulation, and formal methods .” “The potential utility of formal methods has increased significantly in the past four decades and needs to be considered whenever it can be demonstrably effective .” Jason Jaskolka SCC 2017 9 / 33

  14. Introduction Implicit Component Interactions Research Problem Research Problem Methodological Elements Why Formal Methods? Impact & Value Proposed Approach for Solving the Problem Concluding Remarks Proposed Approach for Solving the Problem Research Goal Develop methodologies to better understand how and why implicit component interactions can exist in critical infrastructure systems. Model critical infrastructure systems using a mathematical 1 framework Formulate and identify the existence of implicit component 2 interactions Analyze existing implicit component interactions 3 Mitigate the existence of and/or minimize the threat posed by 4 implicit component interactions Jason Jaskolka SCC 2017 10 / 33

  15. Introduction Illustrative Example: Manufacturing Cell Modeling using C 2 KA Research Problem Methodological Elements Formulating and Identifying Implicit Interactions Impact & Value Analyzing Implicit Interactions Concluding Remarks Mitigating Implicit Interactions Illustrative Example: Manufacturing Cell Jason Jaskolka SCC 2017 11 / 33

  16. Introduction Illustrative Example: Manufacturing Cell Modeling using C 2 KA Research Problem Methodological Elements Formulating and Identifying Implicit Interactions Impact & Value Analyzing Implicit Interactions Concluding Remarks Mitigating Implicit Interactions Illustrative Example: Manufacturing Cell Jason Jaskolka SCC 2017 11 / 33

  17. Introduction Illustrative Example: Manufacturing Cell Modeling using C 2 KA Research Problem Methodological Elements Formulating and Identifying Implicit Interactions Impact & Value Analyzing Implicit Interactions Concluding Remarks Mitigating Implicit Interactions Illustrative Example: Manufacturing Cell Control/Coordination Agent Storage Handling Agent Processing Agent Agent Jason Jaskolka SCC 2017 11 / 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 Improving Critical Infrastructure Cybersecurity Kevin Stine National Institute of Standards and Technology Executive Order 13636:

128 views • 11 slides
The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013. The Executive Order calls for the development of a voluntary risk based Cybersecurity Framework a set of industry standards and

305 views • 12 slides
The cybersecurity dimension of critical [energy] infrastructure it appears that someone found

The cybersecurity dimension of critical [energy] infrastructure it appears that someone found

The cybersecurity dimension of critical [energy] infrastructure it appears that someone found remote access and started tripping breakers. - Scadasec commentator 2015-12-26 Vytautas Butrimas Views expressed in this presentation

376 views • 15 slides
Critical Infrastructure Cybersecurity Dean Bickerton Standards Certification ISA New Orleans

Critical Infrastructure Cybersecurity Dean Bickerton Standards Certification ISA New Orleans

Framework for Improving Critical Infrastructure Cybersecurity Dean Bickerton Standards Certification ISA New Orleans Education & Training Publishing April 5, 2016 Conferences & Exhibits 1 A Brief Commercial Interruption

507 views • 31 slides
Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent

Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent

FOR OFFICIAL USE ONLY Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent Infrastructure Identification Working Group (CDIIWG) March 11, 2013 FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Agenda 12:30

217 views • 20 slides
Infrastructure Cybersecurity Introduction to Concepts, Language, Policy About me Jack

Infrastructure Cybersecurity Introduction to Concepts, Language, Policy About me Jack

Understanding Critical Infrastructure Cybersecurity Introduction to Concepts, Language, Policy About me Jack Whitsitt | http://twitter.com/sintixerr | jack@energysec.org Broad Background Lived in a little hacker compound as a

850 views • 47 slides
5G infrastructure Hiroaki Kamoda Director for Policy Planning, Cybersecurity Division G

5G infrastructure Hiroaki Kamoda Director for Policy Planning, Cybersecurity Division G

Towards the construction of reliable 5G infrastructure Hiroaki Kamoda Director for Policy Planning, Cybersecurity Division G infrastructure Cyber/Physical Security Framework (CPSF) 1 Risks from Cybersecurity Viewpoints in 5G

290 views • 24 slides
FEBRUARY 2016 WEBINAR Quality Assurance Visit Information Critical Elements 1-3 Re-Accreditation

FEBRUARY 2016 WEBINAR Quality Assurance Visit Information Critical Elements 1-3 Re-Accreditation

FEBRUARY 2016 WEBINAR Quality Assurance Visit Information Critical Elements 1-3 Re-Accreditation Planning Danielle Morago HFO QA/TA Specialist 2016 Quality Assurance Visits Self-Study Reminders Critical Element 1 AGENDA Critical

535 views • 16 slides
Software Assurance and Cybersecurity William L Scherlis Professor of Computer Science

Software Assurance and Cybersecurity William L Scherlis Professor of Computer Science

Software Assurance and Cybersecurity William L Scherlis Professor of Computer Science Director, Institute for Software Research School of Nuclear Regulatory Commission Computer Science 17 December 2015 School of Computer Science Assurance

304 views • 6 slides
DON Cybersecurity/Information Assurance Workforce Management Chris Kelsall DON CIO, Director,

DON Cybersecurity/Information Assurance Workforce Management Chris Kelsall DON CIO, Director,

DON Cybersecurity/Information Assurance Workforce Management Chris Kelsall DON CIO, Director, Cyber/IT Workforce 23 March 2010 Steps to Transform IAWF Management Charter DON team to determine best approach Establish governance due to

704 views • 12 slides
Managing Potential Conflicts Between Vehicle Safety and Cybersecurity Andy Davis, Transport

Managing Potential Conflicts Between Vehicle Safety and Cybersecurity Andy Davis, Transport

Managing Potential Conflicts Between Vehicle Safety and Cybersecurity Andy Davis, Transport Cybersecurity Practice Director Agenda What do we mean by Safety - critical and Cybersecurity - critical? Potential conflict areas

356 views • 16 slides
Practically Formal Development and Assurance of Complex Software-Intensive Safety-Critical

Practically Formal Development and Assurance of Complex Software-Intensive Safety-Critical

Practically Formal Development and Assurance of Complex Software-Intensive Safety-Critical Systems Alan Wassyng work with Zinovy Diskin, Nicholas Annable, and Mark Lawford CyPhyAssure, 20 March 2019 GSN-like Assurance Cases Pros

720 views • 33 slides
Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science

Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science

Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Assurance For Safety Critical IA Systems 1 Introduction Increasing

557 views • 18 slides
We help small and mid-sized businesses complete their critical projects in the Technology,

We help small and mid-sized businesses complete their critical projects in the Technology,

We help small and mid-sized businesses complete their critical projects in the Technology, Cybersecurity and Accounting space. Support Architecture TECHNOLOGY Cloud Virtualization ERP|CRM Infrastructure Systems + Network Engineering

421 views • 12 slides
Mapping the Dutch Critical Infrastructure Razvan C. Oprea Fahime Alizade Supervised by Benno

Mapping the Dutch Critical Infrastructure Razvan C. Oprea Fahime Alizade Supervised by Benno

Mapping the Dutch Critical Infrastructure Razvan C. Oprea Fahime Alizade Supervised by Benno Overeinder Wednesday, July 3, 13 The initial question Critical infrastructure sectors What is the network level representation of the critical

392 views • 24 slides
Big data in critical infrastructure: Production and failover infrastructure in DWD's central data

Big data in critical infrastructure: Production and failover infrastructure in DWD's central data

Big data in critical infrastructure: Production and failover infrastructure in DWD's central data management Daniel Lee, German Weather Service (DWD) TI12b Sep. 2015 Agenda 1. DWD's goals 2. Operational systems 3. Technical

556 views • 52 slides
Kinodynamic Planning Seungwook Lee ( ) 2019. 11. 12 Index Motivations

Kinodynamic Planning Seungwook Lee ( ) 2019. 11. 12 Index Motivations

[CS686] Sampling-based Kinodynamic Planning Seungwook Lee ( ) 2019. 11. 12 Index Motivations Approaches Paper 1 Paper 2 2 Motivation Real-world implementation How to follow the

530 views • 28 slides
Accounting for sustainable plastics Dr Richard Mattison CEO Trucost Plc SUSTAINABLE PLASTICS

Accounting for sustainable plastics Dr Richard Mattison CEO Trucost Plc SUSTAINABLE PLASTICS

Accounting for sustainable plastics Dr Richard Mattison CEO Trucost Plc SUSTAINABLE PLASTICS STUDY What is the societal benefit in dollars (USD) of the sustainable plasDcs Market differenDaDon product/technology/intervenDon? Thought

383 views • 16 slides
Caltrain Electrification Update July 20, 2017 PCEP Funding Update Funding Update All Local,

Caltrain Electrification Update July 20, 2017 PCEP Funding Update Funding Update All Local,

Caltrain Electrification Update July 20, 2017 PCEP Funding Update Funding Update All Local, Regional, State Funding Secured FTA Core Capacity Grant ($647m) executed $73 approved previous years $100m approved FY 2017 Budget

471 views • 22 slides
Assessment at NJIT: Preparing for 2022 and Beyond Mary K. Kierst, Ph.D. Associate Director for

Assessment at NJIT: Preparing for 2022 and Beyond Mary K. Kierst, Ph.D. Associate Director for

Assessment at NJIT: Preparing for 2022 and Beyond Mary K. Kierst, Ph.D. Associate Director for Assessment & Evaluation November 14, 2019 Overview Introduction Assessment at NJIT MSCHE Requirements Status of Program

383 views • 7 slides
Powheg with Pythia 8 in Gauss Philip Ilten University College Dublin Bucharest MC Workshop

Powheg with Pythia 8 in Gauss Philip Ilten University College Dublin Bucharest MC Workshop

Powheg with Pythia 8 in Gauss Philip Ilten University College Dublin Bucharest MC Workshop November 22, 2012 Ilten (UCD) Powheg with Pythia 8 in Gauss November 22, 2012 1 / 13 Introduction Overview LO n -jet ME PS Merging NLO ME PS

150 views • 13 slides
ASSESSMENT OF TRACK-GROUND COUPLED VIBRATION INDUCED BY HIGH-SPEED TRAINS Miss Jou-Yi Shih

ASSESSMENT OF TRACK-GROUND COUPLED VIBRATION INDUCED BY HIGH-SPEED TRAINS Miss Jou-Yi Shih

ASSESSMENT OF TRACK-GROUND COUPLED VIBRATION INDUCED BY HIGH-SPEED TRAINS Miss Jou-Yi Shih Dynamic group, ISVR, University of Southampton Supervisor: Prof. David Thompson, Dr. Antonis Zervos 10 th June. 2014 Time-domain models are needed to

206 views • 3 slides
Baldwin Hills Conservancy November 02, 2018 PARK TO PLAYA Stoneview Nature Center to Hahn Park

Baldwin Hills Conservancy November 02, 2018 PARK TO PLAYA Stoneview Nature Center to Hahn Park

PARK TO PLAYA Stoneview Nature Center to Hahn Park Project Baldwin Hills Conservancy November 02, 2018 PARK TO PLAYA Stoneview Nature Center to Hahn Park Project Blair Hills Association DESIGN-BUILD Team Structure SCHEMATIC DESIGN Status

214 views • 17 slides
CORONA VIRUS PREPARATIONS CORONA VIRUS - LATEST The risk to healthy school age pupils is

CORONA VIRUS PREPARATIONS CORONA VIRUS - LATEST The risk to healthy school age pupils is

CORONA VIRUS PREPARATIONS CORONA VIRUS - LATEST The risk to healthy school age pupils is extremely low. The symptoms for school age pupils are similar to a cold. The risk is that the virus could be passed on to high risk groups

176 views • 4 slides

More recommend