Edward J. M. Colbert

Introduction and Preview

The term Industrial Control System (ICS) refers to a variety of systems comprised of computers, electrical and mechanical devices, and manual processes overseen by humans; they perform automated or partially automated control of equipment in manufacturing and chemical plants, electric utilities, distribution and transportation systems and many other industries.

Biologically Inspired Artificial Intelligence Techniques

Recent years have seen continuous, rapid growth in popularity and capabilities of artificial intelligence, and broadly speaking, of other computational techniques inspired by biological analogies. It is most appropriate, therefore, for this book to explore how such techniques might contribute to enhancing cyber resilience. This chapter argues that the fast-paced development of new cyber-related technologies complicates the classical approach of designing problem-specific algorithms for cyber resilience. Instead, “general-purpose” algorithms—such as biologically inspired artificial Intelligence (BIAI)—are more suited for such problems. BIAI techniques allow learning, adaptability, and robustness, which are compatible with cyber resilience scenarios like self-organization, dynamic operation conditions, and performance in adversarial environment. This chapter introduces the readers to BIAI techniques and describes various BIAI techniques and their taxonomy. It also proposes metrics which can be used to compare the techniques in terms of their performance, implementation ease, and requirements. Finally, the chapter illustrates the potential of such techniques via several case studies—applications pertaining to wireless communication systems.

Droid M+: Developer Support for Imbibing Android's New Permission Model

In Android 6.0, Google revamped its long criticized permission model to prompt the user during runtime, and allow her to dynamically revoke granted permissions. Towards steering developers to this new model and improve user experience, Google also provides guidelines on (a) how permission requests should be formulated (b) how to educate users on why a permission is needed and (c) how to provide feedback when a permission is denied. In this paper we perform, to the best of our knowledge, the first measurement study on the adoption of Androids new model on recently updated apps from the official Google Play Store. We find that, unfortunately, (1) most apps have not been migrated to this new model and (2) for those that do support the model, many do not adhere to Googles guidelines. We attribute this unsatisfying status quo to the lack of automated transformation tools that can help developers refactor their code; via an IRB approved study we find that developers felt that there was a non-trivial effort involved in migrating their apps to the new model. Towards solving this problem, we develop Droid M+, a system that helps developers to easily retrofit their legacy code to support the new permission model and adhere to Googles guidelines. We believe that Droid M+ offers a significant step in preserving user privacy and improving user experience.

The game-theoretic model and experimental investigation of cyber wargaming

We demonstrate that game-theoretic calculations serve as a useful tool for assisting cyber wargaming teams in identifying effective strategies. We note a significant similarity between formulating cyber wargaming strategies and the methodology known in the military practice as Course of Action (COA) generation. For scenarios in which the attacker must penetrate multiple layers in a defense-in-depth security configuration, an accounting of attacker and defender costs and penetration probabilities provides cost–utility payoff matrices and penetration probability matrices. These can be used as decision tools by both the defender and attacker. Inspection of the matrices allows players to deduce preferred strategies (COAs) based on game-theoretical equilibrium solutions. The matrices also help in analyzing the anticipated effects of potential human-based choices of wargame strategies and counter-strategies. We describe a mathematical game-theoretic formalism and offer detailed analysis of a cyber-physical table-top wargame executed at the US Army Research Laboratory. Our analysis shows how game-theoretical calculations can indeed provide a useful tool for effective decision-making during cyber wargames.

In Conclusion: The Future Internet of Things and Security of Its Control Systems

We consider the future cyber security of industrial control systems. As best as we can see, much of this future unfolds in the context of the Internet of Things (IoT). In fact, we envision that all industrial and infrastructure environments, and cyber-physical systems in general, will take the form reminiscent of what today is referred to as the IoT. IoT is envisioned as multitude of heterogeneous devices densely interconnected and communicating with the objective of accomplishing a diverse range of objectives, often collaboratively. One can argue that in the relatively near future, the IoT construct will subsume industrial plants, infrastructures, housing and other systems that today are controlled by ICS and SCADA systems. In the IoT environments, cybersecurity will derive largely from system agility, moving-target defenses, cybermaneuvering, and other autonomous or semi-autonomous behaviors. Cyber security of IoT may also benefit from new design methods for mixed-trusted systems; and from big data analytics -- predictive and autonomous.

Intrusion Detection in Industrial Control Systems

Even if the threats, risk factors and other security metrics—which we discussed in previous chapters—are well understood and effectively mitigated, a determined adversary will have non-negligible probability of successful penetration of the ICS. In this chapter we use the word “intrusion” to refer to a broad range of processes and effects associated with the presence and actions of malicious software in an ICS. Once an intrusion has occurred, the first and necessary step for defeat and remediation of the intrusion is to detect the existence of the intrusion.