visual analytics in support of secure cyber-physical systems david dittrich parvac / vaccine ...
Post on 15-Jan-2016
216 views
TRANSCRIPT
Visual Analytics in Support of Secure Cyber-Physical Systems
David DittrichPARVAC / VACCINE
http://parvac.washington.edu/University of Washington
DHS Workshop on Future Directions in Cyber-Physical Systems Security, July 22-24, 2009
July 22-24, 2009
•VACCINE•Basic Issues in Securing CPS•Viewing CPS in Multiple Dimensions•Holistic View of Security of CPS
Overview
July 22-24, 2009
Collaborative Decision-making and Communication for Crisis Management
Disruption
Response
Recovery
MaintenanceSituational AwarenessRisk Assessment/MitigationPreparedness
Capacity to meet new demand level
Time
Losses due to downtime
Cap
acity
(S
ecto
r N
)
July 22-24, 2009
• Multiple agencies• Multiple missions• Multiple jurisdictions• Multiple business processes• Multiple systems• Multiple terminologies• Multiple cultures
It is difficult to fully understand the processes that this community employs to enhance regional safety and security, but mapping and analyzing these processes is a prerequisite to improving them.
Collaborative Decision-making and Communication for Crisis Management
July 22-24, 2009
Themes in CPS security (NERC)
•CPS devices originally designed for isolated environments
• Insufficient separation from other systems• Insufficient monitoring of access and use•Need for better coordination, education/training, and workforce enhancement
Do we build systems simply to function, or with the understanding they will be attacked?
July 22-24, 2009
HMI Display Example
July 22-24, 2009
Border Monitoring and Sensing
July 22-24, 2009
Levels of Networks
•Physical (ethernet, WiFi, Bluetooth, etc.)•Logical (Windows Domain, LAN, shared accounts)•Political (individual, department, school/company, collaborative federation)
All connections involve trust, which an attacker (“insider” or remote) can exploit.
July 22-24, 2009
9
Attacking Trust Relationships
July 22-24, 2009
A new way of thinking about CPS security
•Secure overlay network for isolation and trusted foundation
• Integrated access control, command and control hardening, and monitoring
•Visualization and analytics for improved oversight• Integrated Ops, SecOps, R&D, and E&T
Strategic Framework
July 22-24, 2009
Dynamic Preparedness System (DPS) & Information Framework Dashboard (IFD)
July 22-24, 2009
Contact
David Dittrich
Affiliate Researcher Affiliate Principal ScientistPARVAC / VACCINE Applied Physics Laboratory
dittrich(at)u.washington.eduhttp://staff.washington.edu/dittrich/