C3E 2016 and 2017 Challenge Problem: Cyber Security
Modeling Consequences of Ransomware on Critical Infrastructures
In recent years cybersecurity experts have been reporting that the number of adversaries in cyberspace continues to grow and to become more sophisticated in their practices stating crimeware is taking on more Advanced Persistent Threat (APT) like characteristics. The Institute for Critical Infrastructure Technology (ICIT) issued a stark warning that 2016 would be the year ransomware holds America hostage.
A successful ransomware attack, unlike other crimeware, creates disruptive effects on victim systems and an associated attack on critical infrastructure has the potential to greatly increase the risk of unintended and possibly catastrophic consequences. The availability of both ransomware and now ransomware as a service means the skill level for entry is low and will likely increase the chance of a significant disruptive event occurring. Also, because of the disruptive effects that this type of attack produces, it should not be ignored that a nation state actor could use this kind of crimeware to mask an information warfare purpose while providing them with some level of deniability.
The challenge problem for 2017 sought modeling approaches that provide insight into the potential consequences that can result from crimeware, specifically ransomware, attacks on critical infrastructure. Additionally, the 2016 challenge problem, “Novel Approaches to Avoid Misattribution of Malicious Cyber Activity,” sought techniques to identify non-obvious features of malicious activity that could be used to distinguish threat actors who employ very similar Techniques, Tactics, and Procedures (TTP). Building on that idea, the challenge problem also sought novel techniques that could reveal a nation-state actor trying to use ransomware or other crimeware to instigate an attack on US critical infrastructure.
Researchers can choose any critical infrastructure as a use case or focus for models/model approaches.
- Are there modeling approaches (new or existing) for gaining insight into the consequences of ransomware attacks on critical infrastructure?
- Could these be used to inform a risk framework?
- Could these produce mitigation strategies?
- What novel methods/techniques or behavioral analytics exist to attribute attacks?
- How would you apply these specifically to Advanced Persistent Threats or terrorists?
- Could these reveal possible nation-state instigation?
- How would these minimize the possibility of misattribution?
- Is there any other emerging crimeware that could cause significant disruptive events or other unintended consequences?
- Are there any geo-political or socio-economic dependencies that might reveal the perpetrator's true identity?
- What is a strategy to reduce the utility of crimeware, specifically ransomware on the critical infrastructure?
- Which critical infrastructures are most at risk from a ransomware attack?
NSF Funding for the 2017 C3E Cybersecurity Challenge Problem
In 2016, NSF funded a grant on this Cybersecurity Challenge Problem for the 2017 C3E Workshop to develop a research framework for addressing this emerging threat from the perspective of multiple disciplines, to begin to develop theories about ransomware, and to identify needs for future research efforts. Seven studies were funded from the grant for research on the topic during 2016-17. At the 2017 C3E Workshop at GTRI in Atlanta, the leaders of these studies will present brief summaries of their efforts at a panel presentation and a offer a more detailed discussion at the poster session on Monday afternoon
READING LIST
The ICIT Ransomware Report: 2016 Will Be the Year Ransomware Holds America Hostage
Authors: James Scott (ICIT) and Drew Spaniel (CMU)
2016 is the year ransomware will wreak havoc on America’s critical infrastructure community. The resurgence of these attacks is driven by a growing attack surface comprised of internet enabled devices and a keen understanding by Advanced Persistent Threat groups that ransomware is under-combated and highly profitable. The “ICIT Ransomware Report: 2016 Will Be the Year Ransomware Holds America Hostage” is a comprehensive analysis of ransomware threats and mitigation strategies