| NSF Org: |
CMMI Division of Civil, Mechanical, and Manufacturing Innovation |
| Recipient: |
|
| Initial Amendment Date: | March 26, 2019 |
| Latest Amendment Date: | March 26, 2019 |
| Award Number: | 1925524 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Yueyue Fan
CMMI Division of Civil, Mechanical, and Manufacturing Innovation ENG Directorate for Engineering |
| Start Date: | January 1, 2019 |
| End Date: | December 31, 2019 (Estimated) |
| Total Intended Award Amount: | $109,782.00 |
| Total Awarded Amount to Date: | $125,781.00 |
| Funds Obligated to Date: |
FY 2016 = $16,000.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
1156 HIGH ST SANTA CRUZ CA US 95064-1077 (831)459-5278 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
CA US 95064-1077 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): |
CRISP - Critical Resilient Int, CIS-Civil Infrastructure Syst |
| Primary Program Source: |
01001617DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.041 |
ABSTRACT
Critical interdependent infrastructures such as the power grid, water distribution networks, and transportation networks are large-scale systems that provide the most essential services to modern life. Traditionally, the protection of these infrastructures has focused on preventing failures caused by accidents; however, there is a growing concern about preventing failures initiated by physical as well as cyber attacks. For example, the recent Executive Order 13636 on critical infrastructure cyber-security is a timely reminder on the growing need to improve the security posture and resiliency of our critical infrastructures against attacks, and in particular, a call of action for identifying well-documented and tested security best practices. The goal of this Critical Resilient Interdependent Infrastructure Systems and Processes (CRISP) collaborative research project is to identify the successful practices and lessons learned by countries subject to persistent attacks on their critical infrastructures, and incorporate these lessons into social and technical solutions that the U.S. can use to better understand the nature of the threat, and to motivate better public and private sector postures for the protection of U.S. critical infrastructures from physical as well as cyber-attacks. The research will leverage the experience of five decades of sustained attacks against the critical infrastructures of Colombia and study the government and industry responses and best practices in that country. It will also develop new algorithms and security solutions informed by the data collected on these attacks. These lessons will be translated into a new course focusing on terrorism, critical infrastructures, and cyber-security, with the goal of developing a multidisciplinary Masters on cyberconflict and terrorism targeted to students working in public policy as well as business leaders and stakeholders in our critical infrastructures. The results will be disseminated in academic as well as industrial conferences and in public and private partnerships for the protection of critical infrastructures such as those led by NIST and DHS.
Several analytical and theoretical models for interdiction or interdependencies of critical infrastructures remain abstract and speculative not only because there is scarce data on attacks to critical infrastructures, but also because it is easier to consider simple models or assumptions in order to keep the problem analytically or computationally tractable. Evidence and empirical data of how attacks on critical infrastructures are planned and executed are essential for studying their impact on critical infrastructures, and for identifying the technical and social aspects for protecting these systems. Incorporating new adversary models and defense mechanisms based on real attacks and extracting statistics from these datasets into mathematical models of interdiction, or control interdependencies will require new theoretical developments in algorithms and optimization methods. For example the reconfiguration of power systems done by the operators of the power grid in Colombia can be considered as a moving target defense, and incorporating this dynamic aspect into interdiction games requires new formulations that have not been studied before. In addition, interdiction formulations considering interdependent infrastructures such as gas, water, telecommunications, and electricity will require different models of the "initiating events" and different models of the restoration processes. Similarly the inclusion of interdependent infrastructure models for control problems can add some advantages in the synchronization criteria and might improve synchronizability and stability. The mathematical conditions for phase cohesiveness and frequency synchronization when one infrastructure is subject to attacks will be studied in this research. Finally, extracting policy and strategic trends, and factors that have influenced the outcomes observed in datasets will require extensive analysis of a complex socio-technical component where multiple stakeholders (government, asset owners, services industry, and vendors) have different factors influencing their actions and decisions.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Our project identified lessons learned from the international community for protecting and responding to attacks on critical infrastructures. We also looked at successful practices for protecting critical infrastructures within a country in order to help the United States better understand and motivate public and private sector postures in preparedness and resilience of our critical infrastructures. We particularly focused on extracting lessons learned from physical attacks in Colombia, but experiences from other countries and other modes of attack such as the cyber-attacks against Ukraine, and the recent discussion of IoT demand attacks in the literature, were also used in our analysis.
Colombia has experienced physical attacks to its infrastructure over multiple decades, and there are many lessons and parallels to our infrastructures that can be learned from this analysis and can help us design better cyber-security postures, physical-protection postures, and recommend more informed policy initiatives. In the first part of our work we look back at what happened in the world of physical attacks against the power grid to identify lessons learned that can be applied for the resiliency of control systems under attack, and create a science of security, policy, and engineering for designing critical infrastructures that can survive attacks. In the latter part of our work, we use the recent history of cyber-attacks to inform policy.
Another project goal was to identify the similarities and differences between physical and cyber-attacks, and to study which of the countermeasures that critical infrastructure industries and agencies have taken to prevent and react to physical attacks are also useful in the cyber-attack context, and to identify which have an analogous treatment in the cyber-context.
One of our main lessons learned from attacks in Colombia included an interesting study of perverse incentives in the ecosystem of critical infrastructure repairs. Because of the large volume of attacks, transmission companies in Colombia have to hire third parties to repair transmission towers. The transmission companies designated a single contractor to repair the towers in a given region. However, selecting a service provider is a non-trivial task, since both the transmission company and the contractors have conflicting interests and asymmetric information. Concretely, while transmission companies attempt to minimize their expenses, the contractors benefit with more tower attacks and higher repair costs. Case in point, in 2005 a company in charge of repairing electric transmission towers made a deal with guerrilla militants to demolish the towers. This company thrived, because the attacks were attributed to guerrilla groups, who commit these attacks often. As a result, the guerrilla attacked more than 320 electric towers between 2005-2008 in their region of operation. The corrupt contractor paid the guerrilla members $8,000,000 pesos (approximately $3,000 USD at the time) to take down each tower, and in return ISA, the company overseeing the transmission system in Colombia, paid the corrupt company $150,000,000 pesos (approximately $57,000 USD) to repair the tower. They even asked the guerrillas to bomb towers only during working days, so that the corrupt company would not have to pay for extra-hours to their workers. Our work modeled this case as a problem of perverse incentives, and provided the mathematical framework with the help of mechanism design to create new contracts that prevent perverse incentives like these. We believe our results are general and applicable to other areas like Internet security companies. This work was published first, in WEIS, the most visible venue at the intersection of economics and security, and later in the Journal of Critical Infrastructure Protection.
Finally, we also worked on a new attack vector for the power grid, abusing high-energy IoT devices to cause damages to the bulk system. We utilized and further developed a cascading outage analysis tool developed at UT, Austin, to examine the response of the Electric Reliability Council of Texas (ERCOT) system to the cyber attack proposed by Soltan et al. and model the security of the Texas grid to IoT demand attacks. Our work is a positive look at the resilience of protection systems in the grid. Previous work had suggested that an IoT botnet of high-powered devices could have potentially catastrophic consequences in the grid, causing cascading failures and system-wide blackouts. Our work reaches different conclusions. Analyzing protection measures in the grid including: (1) Under-frequency load shedding (UFLS), (2) timing for activation of protection equipment, and (3) how each individual generator responds to disruptions to the frequency of its bus, we show that the grid can be resilient to IoT demand attacks. Our work was published at the USENX Security Symposium in 2019.
Last Modified: 04/30/2020
Modified by: Alvaro Cardenas
Please report errors in award information by writing to: awardsearch@nsf.gov.
