Loading…
Attending this event?
This is a DRAFT Agenda for SecurityWeek’s 2019 ICS Cyber Security Conference. Sessions are being added daily and the final program will include 4 FULL DAYS of content. (View the full conference website here)  (You can Register for ICS Cyber Security Conference Here)
Tuesday, October 22 • 11:45am - 12:30pm
Deep-CYBERIA: Towards Automated Discovery of Level 0 Sensors and their Interdependencies

Sign up or log in to save this to your schedule and see who's attending!

In large cyber-physical systems, the capabilities of mapping and analysis of sensors at levels 0 or 1 behind the programmable logic controllers (PLCs) are very useful for many purposes including triage, verification, audit, misconfiguration detection, intelligence gathering, maintenance, calibration, inaccessible locations, and so on. However, unlike traditional information technology components, sensor information is relatively challenging to infer and analyze because of the inherently indirect nature of their dynamic behavioral effects.  The complexity of the inference problem arises from the undetermined numbers and type of sensors, unique interconnection topologies, protocol heterogeneity and customized interdependencies driven by the physical portion of the cyber-physical system.

Given passive or active modes of interaction with a cyber-physical system, how well can network communication reveal the sensor information behind the PLCs? Is it feasible, and to what extent, can causality patterns among multiple streams of the inferred sensor reveal their actual dependencies of the physical processes driving them? Are there special classifications of sensors that are largely domain-agnostic in nature, yet reveal useful insights? What type of analyses are most effective in uncovering any unexpected, intentional or unintentional effects on the operational dynamics of the sensors?

With the goal of answering these classes of challenging questions, we are developing novel network packet analysis techniques and data analysis methods. These are incorporated and experimented in a novel prototype system called Deep-CYBERIA (Deep Cyber-Physical System Interrogation and Analysis).

Deep-CYBERIA is aimed at developing a network discovery capability (both passive and active) to enhance discovering, monitoring, and diagnosing the identity of cyber-physical system (CPS) components at level 0-1. The interrogation and analysis capabilities are targeted to uncover interdependencies among sensors with respect to cyber and physical process interactions, triggers, and after-effects. Analysis capabilities are aimed at building the foundation for sophisticated forensic features that reach beyond basic data-based inference.

In addition to small CPS testbeds, as a complex case study, the experimental network of the Cold Source portion of the High Flux Isotope Reactor (HFIR) facility at ORNL is exercised with the DEEP-CYBERIA implementation. Experimental results have yielded excellent results. To date DEEP-CYBERIA is capable to (a) extract sensor information from packet-level traces, and (b) uncover key interdependencies among the inferred sensors. Using the causality graphs, we were able to dramatically eliminate the number of false-positive links among the sensor variables. New causality algorithms customized for cyber-physical processes were able to further enhance the interdependencies to match the ground truth. Our approach ultimately aims to provide a broadly applicable, novel approach to deepen understanding and strengthen the resilience of cyber-physical assets.

Speakers
avatar for Juan Lopez Jr., PhD

Juan Lopez Jr., PhD

Cyber-Physical R&D Manager, Oak Ridge National Laboratory
avatar for Kalyan Perumalla

Kalyan Perumalla

Oak Ridge National Laboratory
KALYAN PERUMALLA is a Distinguished Research and Development Staff Member and Manager at the Oak Ridge National Laboratory. Dr. Perumalla founded and currently leads the Discrete Computing Systems Group in the Computer Science and Mathematics Division at the Oak Ridge National Laboratory... Read More →


Tuesday October 22, 2019 11:45am - 12:30pm
Windsor Ballroom

Attendees (3)