You are here

Identification of Critical Resources and Cyber Threats in the Physical Domain


TECHNOLOGY AREAS: Information Systems

OBJECTIVE: The focus of this research is to develop an innovative system that assists users in rapidly identifying and mapping cyberspace and physical infrastructure to analyze critical threats and vulnerabilities that impact both DOD force projection and mission assurance.

DESCRIPTION: Cyber attacks have become a significant threat for DoD operations that are increasingly more connected and integrated. As DoD relies more on commercial support for communication, troop movement, bases logistical infrastructure support, the threat to those operations from a cyber warfare perspective increases. Much research has been performed to date; however there is a strong need for technologies that automatically discover and correlate physical threats to or critical centralization of cyber resources. Current cyber and network defense is too focused on virtual resources alone. Almost all cyber defense is performed “on the network” ignoring other critical factors. These methods often ignore threats in the physical (kinetic) domain. Importantly, these threats can go both ways.  For example, a physical threat to a military installation can map to a particular threat source, but cyber threats can map to multiple communication nodes across multiple DoD networks without geographic constraints. Proposed solutions should allow users to easily provide mappings, automatically identify as many mappings as possible, and provide mechanisms to incorporate new discovery schemes. Furthermore, the solution should help users quickly identify single-points of failure and to measure criticality of components. Commercial, government, DoD, and ad-hoc networks have become nearly ubiquitous. Through extensive abstraction, heterogeneous systems interconnect and interoperate. Unfortunately, these abstractions make system characterization difficult at best. For example, an organization may lease network resources from two different providers for redundancy. These networks may be carried on a single fiber, owned by a common single carrier further upstream. For example, long-haul fiber and Dense Wavelength Division Multiplexing (DWDM) network increase the likelihood that multiple carriers share physical infrastructure. Further, off-network infrastructure requirements such as power, cooling, and maintenance complicate an assessment. The focus of this research is threefold. First involves the development of a methodology for gathering the critical cyberspace and physical data. Second, it involves the development of algorithms, tools, and techniques to automatically generate mappings of virtual to physical resources, and to isolate critical components. The third is the development of a modular operations visualization and analysis framework. New technologies are needed to gather data, assess vulnerabilities, identify critical dependencies and develop capabilities to help in understanding the 1st, 2nd, and 3rd order of effects to DOD when critical infrastructure like power plants, air traffic control systems, sensor webs, and the electrical grid do not perform correctly. The new framework should allow for quick integration of data sources, provide intuitive visualization (such as a geo-located threats on a world map), and allow users to manually map between the cyber and physical domains to support decision aiding and assessment. The framework and these data should be structured such that future components can analyze the multi-domain model for effective and innovative operations.

PHASE I: Develop a design that will acquire, store, map, and visualize information linking cyber and physical resources in a coherent operational picture. Technical work should focus on reducing risk for future phases and developing key technologies to facilitate future work. Special attention should be paid to gathering the data, to identifying potentially complex mappings and identifying gaps. Phase I will include a proof of feasibility of key enabling technologies.

PHASE II: Develop prototype software that can be accredited at Technical Readiness Level 6 (TRL 6), that will effectively acquire, store, manipulate and present the cyber threat and infrastructure data. Create an effective demonstration that uses representative data to provide proof of concept for computer network defense systems that defend against emerging threats.

PHASE III -- DUAL-USE COMMERCIALIZATION: Military Application: Military operations through cyber attacks and the ability to quickly and efficiently identify threats and vulnerability to infrastructure as they relate to cyber assets. Commercial Application: The monitoring, identification, and reconstitution of cyber threats is a critical component of overall readiness and infrastructure information to both the planners and first responders.

US Flag An Official Website of the United States Government