Building security with resilience
Photo by Evan Krape April 06, 2017
International 'Resilience Week' Conference puts focus on cybersecurity, controls, grids, human dynamics
You remember those roly-poly dolls -- Weebles were a popular type some years back -- designed with a center of gravity that keeps them bouncing back no matter how they get pushed around.
They are a model of resilience -- things or people that teeter, totter, take a body blow and carry on.
Engineers and security experts want that quality of resilience built into control systems, the energy grid and other critical infrastructures. They want us to think about cybersecurity in terms of resilience, too, so that as more and more aspects of our lives are connected in "smart" ways, those links do not become virtual landmines that trigger long chains of destruction.
With that objective in mind, researchers, industry leaders and government officials will gather in Delaware later this year for the 10th annual IEEE Resilience Week, sponsored by the U.S. Department of Energy's Idaho National Laboratory and the University of Delaware Cybersecurity Initiative. The conference, designed to bring all up to date on promising research and technology, is set for Sept. 18-22 at the Chase Center on the Riverfront in Wilmington. (Organizers have issued a call for papers from interested authors.)
"Our systems were designed many decades ago and they were designed to optimize operations, make things more efficient and allow for tuning of the systems," said Starnes Walker, founding director of the Delaware Cybersecurity Initiative and a co-chair of the conference. "They were not built with the sense that people would intentionally try to break through normal safeguards. We wouldn't want people tampering with the electrical grid or refineries or chemical plants. These threats can affect our economy and national security very rapidly."
Attacks on infrastructure can bring a cascade of woes. Disrupt the electrical grid and you lose elevators, traffic signals, pumps, communications, sophisticated surgical equipment in operating rooms, all manner of other networks.
"It's a domino effect," said UD's Nii Attoh-Okine, professor of civil engineering and author of Resilience Engineering: Models and Analysis, published in 2016 by Cambridge Press. "If you have such interactions, you have to break that effect."
Expert design and collaboration
Resilience comes by expert design and collaboration across many fields.
"Achieving inherently resilient infrastructure is by definition an interdisciplinary study, in line with the complexity of the challenge -- whether it be from cyber attack or the next Hurricane Sandy," said Craig Rieger, chief control systems research engineer for Idaho National Lab. "Resilience Week promotes this discussion, taking advantage of sessions that naturally cross disciplinary boundaries, allowing opportunity for publication and presentation by government, academic and industry participants."
Attoh-Okine, who will be part of the National Symposium on Critical Infrastructure at the conference, is among the pioneers in this field. In his book, he traces the concept of resilience to ecologist C.S. Holling of Canada (1973) and defines it as the capacity to deal with and bounce back from unexpected danger.
That "unexpected" feature distinguishes resilience from risk management, which assumes that hazards are identifiable.
"Cybersecurity and resilience are becoming common as these two converged systems are being connected to cyberspace," Attoh-Okine said. "The presence of unstructured, streaming data has added new dimensions to these problems. Currently formulation and analysis of models to address these problems in the era of big data are at the initial stages.
"Cyber resiliency engineering is an emerging research area, and part of mission-assurance engineering, which depends on various disciplines, including resilience engineering, information system security engineering, survivability, dependability and fault tolerance, among others. It is also the ability to prepare for and adapt to changing conditions while withstanding and recovering rapidly from attacks to infrastructure availability and performance. The main goals are: anticipate, withstand, recover and evolve."
Attoh-Okine has worked to develop quantitative methods and metrics to address resilience and strengthen analytics in various systems.
"In the end, the idea of resilience is important for our survival as human beings, especially in terms of health and our economic life," he said.
• John McDonald, global smart grid strategy leader, General Electric
• Richard Mroz, president, New Jersey Board of Public Utilities
• Jonathan Monken, senior director, system resiliency and strategic coordination, PJM Interconnection
• Mikhail Falkovich, director, information systems, Con Edison
• John Everett, program manager, DARPA Information Innovation Office (I20)
• Liesel Ritchie, associate director of the Natural Hazards Center, University of Colorado-Boulder
Other symposium leaders and technical experts include representatives of Argonne National Laboratory, Johns Hopkins University, the National Park Service, Naval Sea Systems Command, Pacific Northwest National Laboratory, Sandia National Laboratory, Syracuse University, Temple University, Virginia Tech, Weather Gauge Technologies and the University of Idaho.
Five symposia and three special sessions are planned, including:
• Avoiding Skynet - Humans Interacting with Autonomy
• Research and Efforts in the Human Dimension
• Resilience Models and Measures