Cybersecurity Assurance For Critical Infrastructure

PI: John Villasenor, University of California at Los Angeles  

Co-PI: Jason Jaskolka, Stanford University

Critical infrastructure systems including ports, transportation systems, communication networks, manufacturing facilities, and water distribution systems consist of numerous components linked in complex ways. Despite extensive testing and verification of individual components, security vulnerabilities resulting from unintended and unforeseen component interactions (so-called “implicit interactions”) often remain undetected. These vulnerabilities can be exploited to mount a cyberattack if a user can gain access to the component from which the implicit interaction originates. In turn, this can have severe consequences in terms of the safety, security, and reliability of the system. It is too often the case that these kinds of implicit interactions are only made visible or known when the system experiences
an attack or failure.

This project will build upon the previous work conducted at Stanford University by Jason Jaskolka and John Villasenor, with CIRI support, aimed at developing methods to identify implicit interactions in critical infrastructure systems. It will focus on the challenges of analyzing and assessing the impact that such vulnerabilities can have on a system should it experience an attack or failure. This project will develop rigorous mathematical methods and techniques that will provide vital information that can drive decisions on where and how to spend valuable resources in mitigating the potential for such attacks.