Assessment and Measurement of Port Disruptions
Modern shipping ports require computer systems in order to accommodate an increasing number of port calls, larger vessel sizes, and tighter supply chains. Therefore, disruptions to assets on these networks have the potential to propagate to other critical infrastructures at great economic cost. Such disruptions may be introduced accidentally (e.g. by misconfiguration), or intentionally by adversaries that include nation states, organized crime, pirates, hacktivists, and trusted insiders. Recently, cyber-threats to the Maritime Transportation System (MTS) have become more relevant. The NotPetya malware attack affected Maersk and caused disruptions to operations estimated at over $200 million by Forbes. As a result, legislation was recently introduced within the US that would require cybersecurity information sharing among maritime stakeholders and building a model for maritime cybersecurity risk assessment. The intent of our research is to extend models used within shipping port simulations with dependencies on the Communications/IT sector, develop threat models resulting from these interactions, and measure/rank their impact. In this talk, we present models of cyber-physical interactions within container and petroleum operations at shipping ports that have been validated by practitioners in the field. We then explain how such models can be used to simulate cyber-originating disruptions to the MTS.
Gabriel Weaver is a Research Scientist at the Coordinated Science Laboratory at the University of Illinois at Urbana-Champaign. During his research career, Weaver has served at MIT’s Lincoln Laboratory and as a non-residential fellow at Harvard where he designed an XML vocabulary to encode Ancient Greek Mathematical Diagrams. Currently, Weaver is PI on a project via the Critical Infrastructure Resilience Institute (CIRI) to look at the economic impacts of cascading disruptions to shipping port infrastructure. This project, in combination with his work as the Inaugural Dieckamp Postdoctoral Fellow at UIUC’s Information Trust Institute, and in coordination with National Laboratories such as INL and PNNL, is being used to develop a Cyber-Physical Topology Language (CPTL) to encode and analyze interdependencies across critical infrastructure systems.
Weaver holds a Ph.D. from Dartmouth College, and a B.A. in Classics in Mathematics, with a minor in Computer Science from the College of the Holy Cross. He has been a long-time collaborator and contributor to concepts and code surrounding Canonical Text Services developed out of the Multitext of Homer Project at Harvard’s Center for Hellenic Studies. For his dissertation at Dartmouth College, Weaver applied similar ideas to create eXtended Unix Tools (XUTools) to process a broader class of languages (in the language- theoretic sense) in which security policies are expressed. Throughout history, people have identified meaningful substrings of text and categorized them into groups for analysis such as sentences, pages, lines, function blocks, and books. Weaver’s dissertation formalizes these structures via context-free languages by which practitioners can extract, count, and compare files in terms of high-level language structures. Articles on XUTools have been featured in news outlets such as ComputerWorld, CIO Magazine, Communications of the ACM, and Slashdot.
During his career at UIUC, he has co-advised 5 Ph.D students with Professor William H. Sanders, Department Head of ECE. Two of these students, co-authors with Sanders and Weaver, recently received best paper awards Weaver at highly-competitive conferences in systems security and resilience: QEST 2015 and DSN 2016. PI Weaver has a long history of educational outreach and mentoring including serving as a Lead Instructor for a Dartmouth Security Camp for 10 teenage students, to serving as a Resident Assistant (RA) for a hall of 60 Freshmen in college, to designing and teaching curriculum to roughly 16 incarcerated students with various mental disorders and criminal history.