Spotlight on Lablet Research #1 - Analytics for Cyber-Physical Systems Cybersecurity (archived)
Spotlight on Lablet Research #1 -
Project: Analytics for Cyber-Physical Systems Cybersecurity
Lablet: Vanderbilt University
Participating Sub-Lablet: Massachusetts Institute Technology
Mounting concerns about safety and security have resulted in an intricate ecosystem of guidelines, compliance measures, directives and policy reports for cybersecurity of all critical infrastructure. By definition, such guidelines and policies are written in linear sequential text form that makes them difficult to integrate, or to understand the policy-technology-security interactions, thus limiting their relevance for science of security. The challenges are to develop a structured system model from text-based policy guidelines and directives in order to identify major policy-defined system-wide parameters, situate vulnerabilities, map security requirements to security objectives, and advance research on how multiple system features respond to diverse policy controls to strengthen the security of fundamentals in cyber-physical systems.
Project research draws on major reports presented by the National Institute for Standards and Technology (NIST) as the source of the data. While some efforts have already been made to mine NIST materials, few exploit the value of multi-methods for knowledge mining and analytical tools to support user understanding, analysis, and eventually action. The team’s approach learns from, and transcends, the above efforts by developing a platform for multi-methods cybersecurity analytics based entirely on the contents of policy documents. The case application focuses on cybersecurity of smart grid for electric power systems.
The overarching purpose of this project is to support the national strategy for cybersecurity, as outlined in Presidential Executive Orders (EXORD) and the National Defense Authorization Acts (NDAAs). Operationally, the goal is to develop analytics for cybersecurity policies and guidelines targeted specifically to (a) overcome the limitations of text-based guidelines (b) extract the knowledge embedded in policy guidelines, and (c) assist the user community, analysts, and operators in implementation. Another goal is to construct new tools that are applicable to policy directives, regulations, and guidelines for diverse issue areas. The tools will enable users to explore mission-related properties, concerns, or contingencies. The Cyber Security Framework (CSF) is mandatory in the public sector and greatly encouraged for the private sector. CSF provides general guidance and directives of a broadly defined nature. But the mission-specific application is left to the user--with only the general guidance provided by CSF. It is up to the user to proceed as best determined.
Led by Principal Investigator Nazli Choucri, MIT, the research team has been able to align the project vision and mission to National Cybersecurity Policy and identify the policy-relevant ecosystem. In focusing on national cybersecurity policies for securing Cyber-Physical Systems (CPS), the researchers identified core policy documents for smart grid CPS and research design. They extracted data and created a Dependency Structure Matrix (DSM) of the “as-is” smart grid NIST reference model. They also completed the design and operational strategy of the data extraction and linkage method including identifying and extracting the value-added of policy documents and guidelines and developing the process to move from “policy-as-text” to “text-as-data” for constructing the Platform for Cyber Analytics.
A review of rules and methods they developed for extracting data from key documents and creating the linked database allowed them to create initial exploratory tools for analysis of system information, and a core DSM of the CPS system by identifying the first level information dependencies. The dependency matrix will be examined closely and validated, further transformed as needed into clusters and partitions of structure and process in order to explore properties that reveal interconnections and "hidden features". It is also the basis upon which added policy imperatives - also in text form - are incorporated later on in expanded DSM forms.
For the most recent updates about the project, please see: https://cps-vo.org/node/48269