simulation-based evaluation of the impact of cyber...
TRANSCRIPT
Simulation-based Evaluation of the Impact of Cyber Actions on
the Operational C2 DomainPaulo C. G. Costa, Ph.D.
Associate ProfessorDepartment of Systems Engineering and Operations Research /C4I Center / Center for Air Transportation Systems Research
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
Framework for Aviation Cybersecurity
!2
“America must also face the rapidly growing threat from cyber-attacks . . . our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems.We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.” !
- President Barack Obama, 2013 State of the Union Address
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
• With the evolution of computing systems, many critical infrastructures use advanced automation, making modern society technologically dependent.
• Cyberspace is a new domain to conduct wars, and others are affected by it.
• Cyberspace protection involves:
‣ Identifying the main events in space and time,
‣ understanding how cyber threats could produce damage to critical infrastructure used for operations, and
‣ responding with suitable COAs.
Protecting Complex Systems
!3
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
• Simulate the effect of multiple cyber-attacks on C2 infrastructures
• Understand the impact of these attacks to the operations that are supported by these C2 infrastructures
Our Approach
!4
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
• The main approach is to detect intrusions and system attack paths using a set of distributed sensors in the network (Denning, 1987; Bass, 1999).
• To provide Situation Awareness (SA), it is not enough to identify attacks, but also requires a capability to understand the attack impact within the environment (Bass, 2000).
• Mission-Oriented Risk and Design Analysis (Evans et al., 2004) presents a methodology to develop risk assessment using information about mission, enemy and our forces.
• Cauldron (Jajodia et al., 2010) transforms raw security data into attack graphs to provide a common operating picture and a concrete understanding of how individual and combined vulnerabilities impact overall network security.
• Schneier (1999) uses an attack-tree approach to measure the impact.
• Mission Impact Assessment (CMIA) (Musman et al., 2011) presents a general model to evaluate the cyber impact over a mission.
Related Work – Cyber Impact Assessment
!5
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
Major Challenges• Develop a set of tools (the C2
Collaborative Research Testbed) to simulate real-time scenarios;
• Fuse physical and IT behavior in an integrated view.
!6
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
Case Study – ADS-B
!7
GPS Track
GPS Track GPS Track
ADS-B Radio Station Relay
ATC Center
Automatic Dependent Surveillance-Broadcast
(ADS-B)
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
Campos Basin Scenario
!8
• The scenario models Air Traffic Control operations in the Campos Basin.
• The Campos Basin is a petroleum rich area located in the Rio de Janeiro state, and is responsible for 80% of Brazil's petroleum production (1 million 265 thousand barrels).
• Oil development operations include heavy helicopter traffic between the continent and oceanic fields during daytime, with an average of 50 minutes per flight.
Legend
Airfield
Oil Field
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
Campos Basin Scenario
!9
• The main airport in the Region (Macaé) has a Radar Station that supports the Air Traffic Service (ATS) within the Terminal Control Area (45 NM radius from the airport based at 9500 feet).
• Most oil platforms are located more than 60 Nautical Miles from Macaé and the helicopter flights are carried out at low altitude.
• Therefore, the ATS provided on most of the oceanic area is based on non-radar procedures, which significantly reduces the efficiency of air operations.
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
Campos Basin Scenario – ADS-B
!10
Radar Coverage
ADS-B Coverage
Legend
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
C2 Collaborative Research Testbed
!11
The C2 Collaborative Research Testbed is a set of Commercial Off-the-Shelf (COTS) tools that provides a realistic and complex simulation environment to conduct C2 research experiments.
ITA! Instituto Tecnológico de Aeronáutica
(Technological Institute of Aeronautics) is a Brazilian Top Tier
Engineering School.http://www.ita.br/ingles/ingles.htm
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
C2 Collaborative Research Testbed
!12
SA Msg
OrdersShared
Folde
r
Emula3
on Enviro
nmen
t
Opera3onalSimula3onModule (operaModule)
VR-‐Forces Orders
VR-‐Forces Msg
MÄK VR-‐Forces
Specifc-‐Domain Simula/on Manager
Specifc-‐Domain Simula/on En//es
Specifc-‐Domain Real En//es
Cyber ADack Effects Generator
IT Effects Generator
Core Simula3on Manager
(cSimMan)
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
The “Real” Scenario
!13
Real Scenario
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
Scenario Implementation
!14
Real Scenario
Simulated/Emulated Scenario
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
Scenario Implementation
!15
Simulated/Emulated Scenario
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013 !16
ATC Simula3on SoJware
Architecture
ATC Simulation Manager
KinectModule
MÄK VR-‐Forces
VR-‐Forces Orders
VR-‐Forces Msg
Testbed IntegrationEngine
Cyber Attack Generator
IT Effects Generator
Shar
ed F
olde
r
Emulation Environment
8231
VHF StationsRadar Stations ADS-B Stations
8232
8232
ATC View
SA Message
Order Message
Fused Track
Legend8231 8231
8231
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
Mission Effectiveness Measures(examples)
!17
• To provide Mission Warnings that can be used in an impact assessment module in the Campos Basin Scenario, various measures were developed. These include:
‣ Collision warning – When two aircraft go below a minimum of vertical or horizontal distance defined by International Civil Aviation Organization (ICAO).
‣ Time it takes to update Aircraft tracks – When the time of track updating goes above a maximum threshold. - If a track does not update often enough, it can mean a ghost track inject
attack, an aeronautical accident or that the aircraft has landed.
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
Included Visualizations
!18
Tactical Visualization
3D Visualization
ATC Visualization
Network Visualization
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
Modeling Enemy Behavior
!19
1. Sushil Jajodia, Steven Noel, Pramod Kalapa, Massimiliano Albanese, John Williams, "Cauldron: Mission-Centric Cyber Situational Awareness with Defense in Depth," 30th Military Communications Conference (MILCOM), Baltimore, Maryland, November 2011.
Attack-Graph Analyser
attack-path
Firewall & Border Devices
Attack-Graph
Rules & ACL
Reduced Attack-Graph
Knowledge Base
Vulnerability Database
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
Effect Propagation
!20
N1
N2
N9 N3
N4
N5
High resilience Medium resilience Low Resilience
OC Measure
1) OC’s are calculated using node’s evidence collected from the environment.
High resilience Medium resilience Low Resilience T10 T20
3) The BN also propagates the
impact to the Task Nodes
t0 4) This process happens at each
discrete time t of a Dynamic BN...
2) The impact at each OC is
aggregated to Service Nodes
High resilience Medium resilience Low Resilience S10 S20
Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013
Brazilian AF Project
!21
Supervisor Comm Server
Pilot
Aircrafts Commands
ICEA Protocol
SRBC Kinect Sim
Sensor Emulation
TVT2 || Asterix Msg
Core Sim
TVT2 || Asterix Msg
Net Emulation
App Emulation
Voice Emulation
Voice Msg
VISIR
X4000 / SAGITARIOTVT2 || Asterix Msg
Net Sim Net Attack Sim
LIBCAP Driver
ATN Sim Infrastructure Sim
VHF Radio Impact Evaluation
Sim Msg
ADS-B Attack Emulation