international conference on critical infrastructure protection
DESCRIPTION
International Conference on Critical Infrastructure Protection. A Computational Asset Vulnerability Model for Strategic Protection of Critical Infrastructure Richard White, Terrance Boult, and C. Edward Chow A Decision Support Tool for a Computational Unified Homeland Security Strategy - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/1.jpg)
ESC
International Conference on Critical Infrastructure Protection
A Computational Asset Vulnerability Model for Strategic Protection of Critical Infrastructure
Richard White, Terrance Boult, and C. Edward Chow
A Decision Support Tool for a Computational Unified Homeland Security Strategy
Richard White, Aaron M. Burkhart, C. Edward Chow, and Logan L. Maynard
Presented by C. Edward Chow
International Federation for Information ProcessingEighth Annual Working GroupSRI InternationalArlington, VAMarch 17-19, 2014
1
![Page 2: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/2.jpg)
ESC
Presentation Outline
1. Asset Vulnerability Model2. AVM Analysis of Alternative Critical
Infrastructure Protection Investment Strategies
3. AVM Decision Support Tool
2
![Page 3: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/3.jpg)
ESC
1Asset Vulnerability Model
3
![Page 4: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/4.jpg)
ESC
2001, Attacks on World Trade Center and PentagonExposed vulnerability of critical infrastructure.
2002, Homeland Security ActMade critical infrastructure protection Department of Homeland Security mission
2010, National Research Council Report“did not find any DHS risk analysis capabilities and methods that are yet adequate for supporting DHS decision making”
Motivations
4
2002 HSA 2005 INIPP (I & II) 2006 NIPP 2009 NIPP 2013 NIPP
![Page 5: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/5.jpg)
ESC
Risk Management Framework
Step 2: Identify Infrastructure. The DHS database has “many unusual or out-of-place assets whose criticality is not readily apparent...” 2007 DHS Inspector GeneralStep 3: Assess Risks. Less than 11 percent of DHS’ assessments were conducted on high-priority assets. 2012 GAO ReportStep 3: Analyze Risks. Unable to differentiate vulnerability across areas or states, DHS assigned constant value of “1” to “V” in R=T*V*C risk formulation. 2007 CRS ReportStep 4: Implement Measures. Poor coordination between RMF working “inside the fence” and National Preparedness System working “outside the fence”. 2011 CRS Report
5
1 2 3 4 5
![Page 6: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/6.jpg)
ESC
2010 National Research Council Report
“DHS’s operationalization of that framework—it’s assessment of individual components of risk and their integration into a measure of risk—is in many cases seriously deficient and is in need of major revision.”
Summary Challenges:– Dearth of Data– Transparency & Repeatability– Qualified Results– Comprehensive Scope– National Impact– Applicable Results
6
![Page 7: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/7.jpg)
ESC
Infrastructure Risk Models
7
1. AIMS 8. CIPDSS*^ 15. EMCAs 22. KM&V 29. NEXUS-FF 36. RVA*+^
2. Athena 9. CIPMA^ 16. EURACOM^ 23. MDM+ 30. NGtools 37. SRAM*
3. BIRR*^ 10. CISIA 17. FAIT^ 24. MIN+^ 31. NSRAM* 38. TRAGIS
4. BMI* 11. CommAspen+^ 18. FINSIM 25. MUNICIPAL 32. PFNAM 39. TRANSIMS
5. CAPRA*+^- 12. COUNTERACT* 19. Fort Future 26. N-ABLE+ 33. RAMCAP-Plus* 40. UIS
6. CARVER2™^ 13. DECRIS*^ 20. IEISS 27. NEMO 34. RMCIS*^ 41. WISE
7. CIMS^ 14. DEW 21. IIM 28. Net-Centric GIS 35. RMF (DHS)* +^-
250 reported infrastructure risk models 41 (listed above) identified in two summary reports 22 (highlighted) offered information to draw some inferences 12 (identified with *) employed a threat-driven risk methodology 7 (identified with +) were described as “complicated” 14 (identified with ^) did not address “resiliency” 2 (identified with -) did not capture broader impacts of disaster 0 overcame challenges cited by National Research Council report
![Page 8: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/8.jpg)
ESC
Asset Vulnerability Model
1. Baseline AnalysisΘ = P(dis)*P(def)*P(den)*P(dim)*%(dam)
2. Cost-Benefit AnalysisΔΘ = P(Δdis)*P(Δdef)*P(Δden)*P(Δdim)*%(dam)
3. Decision Support Tools
8
![Page 9: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/9.jpg)
ESC
Choice of Metric• 1988 Sandler & Lapan research used
game theory to examine attacker’s choice of target.
• Findings:– A coordinated defense is more efficient
than an uncoordinated one.– The optimum defense strategy is to
protect all targets equally, not necessarily maximally,
• Attacker’s choice depended on perceived probability of failure, S&L designated as θ.
9
Sandler & Lapan Attack Model
![Page 10: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/10.jpg)
ESC
Θ Risk Formulation
Θ = P(dis)*P(def)*P(den)*P(dim)*%(dam)Θ represents attacker probability of failure based on known defender data
P(dis) = Probability an attack can be detected/disrupted# thwarted attacks / # known planned & executed attacks
P(def) = Probability an attack can be defeatedderived from Protective Measure Index (PMI) calculated by Argonne Nat’l Labs
P(den) = Probability a worst case disaster can be avertedderived from Resiliency Index also calculated by ANL
P(dim) = Probability 100% survivors can be savedderived from DHS collected THIRA data
%(dam) = % decrease in economic output* % increase in mortality ratechange in GDP * change in national mortality from loss of asset
10
![Page 11: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/11.jpg)
ESC
Comprehensive Scope
Θ = P(dis)*P(def)*P(den)*P(dim)*%(dam)
Prevent Protect Mitigate Respond Recover
11
Right of “Boom”Left of “Boom”
![Page 12: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/12.jpg)
ESC
National Impact
Θ = P(dis)*P(def)*P(den)*P(dim)*%(dam)
•9/11 registered a 47% decrease in GDP and 20% increase in national homicide rates•Quantifying the magnitude component in terms of trending data:
– Captures effects of both destructive and disruptive incidents– Expresses effects over time, beyond immediate consequences– Avoids difficulty of comparing lost lives and damaged property
12
![Page 13: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/13.jpg)
ESC
Qualified Results
Sensitivity Analysis•Interval Risk Reduction Worth•Ratio Risk Reduction Worth•F-V Measure of Importance•Fractional Risk Reduction
Stable Formulation
13
![Page 14: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/14.jpg)
ESC
Threat Localization
14
![Page 15: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/15.jpg)
ESC
AVM Comparison RA Criteria Risk Mgmt Score Other Model ADA TL T&R QR CS NI AR BA CBA DMT Y N U IA 1. AVM Y Y Y Y Y Y Y Y Y Y 10 0 0 N 2. NEMO Y U U U U U U U U U 1 0 9 Y 3. CIPMA Y Y U U N U U U Y Y 4 1 5 Y 4. CIMS U U Y U N U U U U Y 2 1 7 Y 5. COUNTERACT N Y U U U U U U Y U 2 1 7 U 6. FAIT Y U U U N U U U U Y 2 1 7 Y 7. NSRAM N U U U U U U U Y Y 2 1 7 Y 8. RAMCAP-Plus N U Y U U U U U U Y 2 1 7 Y 9. EURACOM U U U U N U U U U Y 1 1 8 U
10. MDM U U N U U U U U U Y 1 1 8 Y 11. CIPDSS N U U U N Y U U Y Y 3 2 5 Y 12. DECRIS N Y Y U N U U U U Y 3 2 5 N 13. CommAspen Y Y N U N U U U U U 2 2 6 Y 14. MIN Y U N U N U U U Y U 2 2 6 Y 15. SRAM N U N U U U U U Y Y 2 2 6 U 16. BMI N U U U U U U U N Y 1 2 7 Y 17. N-ABLE Y U N U U U U U U N 1 2 7 Y 18. RVA N U U U N U U U U Y 1 2 7 U 19. CARVER2 Y N Y U N Y U U N Y 4 3 3 N 20. RMCIS N U U U N U U U U N 0 3 7 Y 21. BIRR N N Y N N Y U Y N Y 4 5 1 N 22. CAPRA N N N Y N N U Y Y N 3 6 1 N 23. RMF N N N N N N N N N N 0 10 0 Y
15
![Page 16: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/16.jpg)
ESC
AVM Cost-Benefit Analysis
ΔΘ = P(Δdis)*P(Δdef)*P(Δden)*P(Δdim)*%(dam)
P(Δdis) = Increased prob. attack can be detected/disruptedP(Δdef) = Increased prob. an attack can be defeatedP(Δden) = Increased prob. Worst Case Disaster can be avertedP(Δdim) = Increased prob. 100% survivors can be saved%(dam) = % decrease in economic output* %increase in mortality rate
D(ΔΘ) = D(Δdis)+D(Δdef)+D(Δden)+D(Δdim)
16
![Page 17: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/17.jpg)
ESC
AVM & RMF
Step 2: Identify Infrastructure. Focus on infrastructure that may be subverted to precipitate domestic catastrophic attack (i.e., “localization”)Step 3: Assess & Analyze Risks. Use results from DHS security surveys and vulnerability analysis to calculate Θ on each asset and produce Baseline Analysis.Step 4: Implement Measures. Perform Cost-Benefit Analysis to identify optimum combination of protective improvement measures that provide highest protective gain ΔΘ for the least cost D(ΔΘ).
17
1 2 3 4 5
![Page 18: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/18.jpg)
ESC
2AVM Analysis of Alternative Critical
Infrastructure Protection Investment Strategies
18
![Page 19: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/19.jpg)
ESC
AVM Investment Strategy Analysis
19
![Page 20: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/20.jpg)
ESC
Alternative Investment Strategies
1. Least Cost (LC)2. Least Protected (LP)3. Region Protection (RP)4. Sector Protection (SP)5. Highest DTheta (HD)6. Highest Consequence (HC)
7. Random Purchases (RAN)
20
![Page 21: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/21.jpg)
ESC
Strategy Simulation• Applied simulated investment strategy against 100 assets over 10-year period• Calculated probability of attack and tabulated annual damages• Collected results over 100 simulations• Performed simulations under three different conditions:
1. AVM18 varied probabilities of attack (0%-100%)2. AVM19 varied attacker perceptions of Θ (0%-100%)3. AVM20 used different attack model
21
![Page 22: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/22.jpg)
ESC
Simulated Protective Improvements
22
![Page 23: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/23.jpg)
ESC
Attack Models
Target Selection1.Sandler & Lapan. Attackers target asset with lowest Θ value.2.Willie Sutton. Attackers target asset with highest Θ value.
Attack Algorithm1.Set Annual Attack Expectancy (AAE) = varied 0%-100%2.Calculate Probability of Attack (POA) = random uniform value 0%-100%3.If POA < AAE then proceed to calculate attack outcome4.Select target based on above chosen criteria5.Calculate Probability of Success (POS) = random uniform value 0%-100%6.Calculate Probability of Failure (POF) = P(dis)*P(def)*P(den)7.If POS > POF then proceed to calculate attack damages8.Damages = P(dim)*%(dam)
23
![Page 24: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/24.jpg)
ESC
Attack Profiles
AVM18•S&L Attack Model•Varying probability of attack•Constant Θ (20%)
AVM19•S&L Attack Model•Varying attacker perception of Θ•Constant probability of attack (32%)
AVM20•WS Attack Model•Varying probability of attack•Constant Θ (20%)
24
![Page 25: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/25.jpg)
ESC
Investment Profiles
AVM18•S&L Attack Model•Varying probability of attack•Constant Θ (20%)
AVM19•S&L Attack Model•Varying attacker perception of Θ•Constant probability of attack (32%)
AVM20•WS Attack Model•Varying probability of attack•Constant Θ (20%)
25
![Page 26: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/26.jpg)
ESC
Protective Purchase Profiles
AVM18•S&L Attack Model•Varying probability of attack•Constant Θ (20%)
AVM19•S&L Attack Model•Varying attacker perception of Θ•Constant probability of attack (32%)
AVM20•WS Attack Model•Varying probability of attack•Constant Θ (20%)
26
![Page 27: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/27.jpg)
ESC
Damage Profiles
AVM18•S&L Attack Model•Varying probability of attack•Constant Θ (20%)
AVM19•S&L Attack Model•Varying attacker perception of Θ•Constant probability of attack (32%)
AVM20•WS Attack Model•Varying probability of attack•Constant Θ (20%)
27
![Page 28: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/28.jpg)
ESC
Statistical Analysis• Which investment strategy results in
the least damages over time?– Pairwise comparison using modified
Tukey Honestly Significant Difference (HSD) method indicates Highest Consequence (HC) strategy best
• Do attacker’s perception of Θ affect damage results?– Kruskal-Wallis test inconclusive
• Do attacker’s method of selecting target affect damage results?– Kruskal-Wallis test indicates
attacker’s method of target selection is significant factor
– WS model resulted in higher damages than S&L model
28
![Page 29: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/29.jpg)
ESC
3AVM Decision Support Tool
29
![Page 30: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/30.jpg)
ESC
Applicable Results
National Research Council attributes of a good risk analysis:•Convey current risk levels•Support cost-benefit analysis•Demonstrate risk reduction effects across multiple assets at different levels of management•Measure and track investments and improvement in overall system resiliency over time
30
![Page 31: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/31.jpg)
ESC
AVM Decision Support Tool
• Web-based application• Provides interactive graphical display of AVM cost-benefit analysis• Facilitates selection and analysis of protective improvement measures
31
![Page 32: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/32.jpg)
ESC
Protective Improvement Selection
• Select by investment strategy: LC, LP, RP, SP, HD, HC, or RAN• Select individually• Edit selections
32
![Page 33: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/33.jpg)
ESC
Analyze Protective Improvement Selections
• Run simulated attacks using varying probability of attack over specified period• Graph projected damages
33
![Page 34: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/34.jpg)
ESC
AVM-DST Lessons Learned
1. Stand-alone client model exceptionally fast because no network delays2. Canvas JS renders charts significantly faster than Ext JS3. Optimized sorting algorithm keeps browser from becoming unresponsive
34
![Page 35: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/35.jpg)
ESC
Future Research
AVM-DST•Expansion•Fidelity•Performance Enhancements
AVM•Validation•Refinement•Further Analysis
35
![Page 36: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/36.jpg)
ESC
Contributions• Risk model for strategic protection of critical infrastructure.
– Overcomes challenges with current models– Compatible with DHS Risk Management Framework– Clarifies identification of critical infrastructure– Unifies efforts “inside” and “outside” the perimeter
• Strategy analysis support– Demonstrated advantage of Highest Consequence investment strategy
• Decision support for all levels of management– Convey current risk levels– Support cost-benefit-analysis– Demonstrate risk reduction across multiple assets– Measure and track improvement over time
36
![Page 37: International Conference on Critical Infrastructure Protection](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681452e550346895db1f5eb/html5/thumbnails/37.jpg)
ESC
AVM & AVM-DST
Questions?
37