Visual Analytics in Support of Secure Cyber-Physical Systems

David DittrichPARVAC / VACCINE

http://parvac.washington.edu/University of Washington

DHS Workshop on Future Directions in Cyber-Physical Systems Security, July 22-24, 2009

July 22-24, 2009

•VACCINE•Basic Issues in Securing CPS•Viewing CPS in Multiple Dimensions•Holistic View of Security of CPS

Overview

July 22-24, 2009

Collaborative Decision-making and Communication for Crisis Management

Disruption

Response

Recovery

MaintenanceSituational AwarenessRisk Assessment/MitigationPreparedness

Capacity to meet new demand level

Time

Losses due to downtime

Cap

acity

(S

ecto

r N

)

July 22-24, 2009

• Multiple agencies• Multiple missions• Multiple jurisdictions• Multiple business processes• Multiple systems• Multiple terminologies• Multiple cultures

It is difficult to fully understand the processes that this community employs to enhance regional safety and security, but mapping and analyzing these processes is a prerequisite to improving them.

Collaborative Decision-making and Communication for Crisis Management

July 22-24, 2009

Themes in CPS security (NERC)

•CPS devices originally designed for isolated environments

• Insufficient separation from other systems• Insufficient monitoring of access and use•Need for better coordination, education/training, and workforce enhancement

Do we build systems simply to function, or with the understanding they will be attacked?

July 22-24, 2009

HMI Display Example

July 22-24, 2009

Border Monitoring and Sensing

July 22-24, 2009

Levels of Networks

•Physical (ethernet, WiFi, Bluetooth, etc.)•Logical (Windows Domain, LAN, shared accounts)•Political (individual, department, school/company, collaborative federation)

All connections involve trust, which an attacker (“insider” or remote) can exploit.

July 22-24, 2009

9

Attacking Trust Relationships

July 22-24, 2009

A new way of thinking about CPS security

•Secure overlay network for isolation and trusted foundation

• Integrated access control, command and control hardening, and monitoring

•Visualization and analytics for improved oversight• Integrated Ops, SecOps, R&D, and E&T

Strategic Framework

July 22-24, 2009

Dynamic Preparedness System (DPS) & Information Framework Dashboard (IFD)

July 22-24, 2009

Contact

David Dittrich

Affiliate Researcher Affiliate Principal ScientistPARVAC / VACCINE Applied Physics Laboratory

dittrich(at)u.washington.eduhttp://staff.washington.edu/dittrich/