simulation-based evaluation of the impact of cyber...

Simulation-based Evaluation of the Impact of Cyber Actions on

the Operational C2 DomainPaulo C. G. Costa, Ph.D.

Associate ProfessorDepartment of Systems Engineering and Operations Research /C4I Center / Center for Air Transportation Systems Research

Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013

Framework for Aviation Cybersecurity

!2

“America must also face the rapidly growing threat from cyber-attacks . . . our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems.We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.” !

- President Barack Obama, 2013 State of the Union Address


• With the evolution of computing systems, many critical infrastructures use advanced automation, making modern society technologically dependent.

• Cyberspace is a new domain to conduct wars, and others are affected by it.

• Cyberspace protection involves:

‣ Identifying the main events in space and time,

‣ understanding how cyber threats could produce damage to critical infrastructure used for operations, and

‣ responding with suitable COAs.

Protecting Complex Systems

!3


• Simulate the effect of multiple cyber-attacks on C2 infrastructures

• Understand the impact of these attacks to the operations that are supported by these C2 infrastructures

Our Approach

!4


• The main approach is to detect intrusions and system attack paths using a set of distributed sensors in the network (Denning, 1987; Bass, 1999).

• To provide Situation Awareness (SA), it is not enough to identify attacks, but also requires a capability to understand the attack impact within the environment (Bass, 2000).

• Mission-Oriented Risk and Design Analysis (Evans et al., 2004) presents a methodology to develop risk assessment using information about mission, enemy and our forces.

• Cauldron (Jajodia et al., 2010) transforms raw security data into attack graphs to provide a common operating picture and a concrete understanding of how individual and combined vulnerabilities impact overall network security.

• Schneier (1999) uses an attack-tree approach to measure the impact.

• Mission Impact Assessment (CMIA) (Musman et al., 2011) presents a general model to evaluate the cyber impact over a mission.

Related Work – Cyber Impact Assessment

!5


Major Challenges• Develop a set of tools (the C2

Collaborative Research Testbed) to simulate real-time scenarios;

• Fuse physical and IT behavior in an integrated view.

!6


Case Study – ADS-B

!7

GPS Track

GPS Track GPS Track

ADS-B Radio Station Relay

ATC Center

Automatic Dependent Surveillance-Broadcast

(ADS-B)


Campos Basin Scenario

!8

• The scenario models Air Traffic Control operations in the Campos Basin.

• The Campos Basin is a petroleum rich area located in the Rio de Janeiro state, and is responsible for 80% of Brazil's petroleum production (1 million 265 thousand barrels).

• Oil development operations include heavy helicopter traffic between the continent and oceanic fields during daytime, with an average of 50 minutes per flight.

Legend

Airfield

Oil Field


Campos Basin Scenario

!9

• The main airport in the Region (Macaé) has a Radar Station that supports the Air Traffic Service (ATS) within the Terminal Control Area (45 NM radius from the airport based at 9500 feet).

• Most oil platforms are located more than 60 Nautical Miles from Macaé and the helicopter flights are carried out at low altitude.

• Therefore, the ATS provided on most of the oceanic area is based on non-radar procedures, which significantly reduces the efficiency of air operations.


Campos Basin Scenario – ADS-B

!10

Radar Coverage

ADS-B Coverage

Legend


C2 Collaborative Research Testbed

!11

The C2 Collaborative Research Testbed is a set of Commercial Off-the-Shelf (COTS) tools that provides a realistic and complex simulation environment to conduct C2 research experiments.

ITA! Instituto Tecnológico de Aeronáutica

(Technological Institute of Aeronautics) is a Brazilian Top Tier

Engineering School.http://www.ita.br/ingles/ingles.htm


C2 Collaborative Research Testbed

!12

SA Msg

OrdersShared

Folde

r

Emula3

on Enviro

nmen

t

Opera3onalSimula3onModule (operaModule)

VR-‐Forces Orders

VR-‐Forces Msg

MÄK VR-‐Forces

Specifc-‐Domain Simula/on Manager

Specifc-‐Domain Simula/on En//es

Specifc-‐Domain Real En//es

Cyber ADack Effects Generator

IT Effects Generator

Core Simula3on Manager

(cSimMan)


The “Real” Scenario

!13

Real Scenario


Scenario Implementation

!14

Real Scenario

Simulated/Emulated Scenario


Scenario Implementation

!15

Simulated/Emulated Scenario

Paulo Cesar G Costa, Ph.D. NG University Tech Show - Nov 5, 2013 !16

ATC Simula3on SoJware

Architecture

ATC Simulation Manager

KinectModule

MÄK VR-‐Forces

VR-‐Forces Orders

VR-‐Forces Msg

Testbed IntegrationEngine

Cyber Attack Generator

IT Effects Generator

Shar

ed F

olde

r

Emulation Environment

8231

VHF StationsRadar Stations ADS-B Stations

8232

8232

ATC View

SA Message

Order Message

Fused Track

Legend8231 8231

8231


Mission Effectiveness Measures(examples)

!17

• To provide Mission Warnings that can be used in an impact assessment module in the Campos Basin Scenario, various measures were developed. These include:

‣ Collision warning – When two aircraft go below a minimum of vertical or horizontal distance defined by International Civil Aviation Organization (ICAO).

‣ Time it takes to update Aircraft tracks – When the time of track updating goes above a maximum threshold. - If a track does not update often enough, it can mean a ghost track inject

attack, an aeronautical accident or that the aircraft has landed.


Included Visualizations

!18

Tactical Visualization

3D Visualization

ATC Visualization

Network Visualization


Modeling Enemy Behavior

!19

1. Sushil Jajodia, Steven Noel, Pramod Kalapa, Massimiliano Albanese, John Williams, "Cauldron: Mission-Centric Cyber Situational Awareness with Defense in Depth," 30th Military Communications Conference (MILCOM), Baltimore, Maryland, November 2011.

Attack-Graph Analyser

attack-path

Firewall & Border Devices

Attack-Graph

Rules & ACL

Reduced Attack-Graph

Knowledge Base

Vulnerability Database


Effect Propagation

!20

N1

N2

N9 N3

N4

N5

High resilience Medium resilience Low Resilience

OC Measure

1) OC’s are calculated using node’s evidence collected from the environment.

High resilience Medium resilience Low Resilience T10 T20

3) The BN also propagates the

impact to the Task Nodes

t0 4) This process happens at each

discrete time t of a Dynamic BN...

2) The impact at each OC is

aggregated to Service Nodes

High resilience Medium resilience Low Resilience S10 S20


Brazilian AF Project

!21

Supervisor Comm Server

Pilot

Aircrafts Commands

ICEA Protocol

SRBC Kinect Sim

Sensor Emulation

TVT2 || Asterix Msg

Core Sim

TVT2 || Asterix Msg

Net Emulation

App Emulation

Voice Emulation

Voice Msg

VISIR

X4000 / SAGITARIOTVT2 || Asterix Msg

Net Sim Net Attack Sim

LIBCAP Driver

ATN Sim Infrastructure Sim

VHF Radio Impact Evaluation

Sim Msg

ADS-B Attack Emulation

simulation-based evaluation of the impact of cyber...

Documents