A Note from Our Guest Editors
Winter 2019
Preparing for a Future of Critical Infrastructure under Autonomic Control
This special edition of the Journal of Information Warfare explores foundations of key technol-ogies that we believe will drive a revolution in control of critical infrastructure systems. This revolution is needed because of the importance of these systems (i.e., providing most of the basic functionality required to sustain life and livelihood on a national and global scale), the growing prevalence of networked sensing and control that operates these systems, and the increasingly hostile and fast-acting ecosystem that challenges them on a daily basis. It is our assertion that in the near future increasing autonomy will be necessary for subsystems and their components to react quickly enough (and proactively position themselves) against the threats they face. This has the added benefitof freeing up humans to act in a supervisory and strategic decision-making loop that resides above the lower-level subsystems and component control—but it also comes with an added cost of designing systems so that, when they take autonomous action, it is transparent to humans and the motivations for and impact of those actions are also communicated and controllable by human operators. The goal is to make human decision-making more impactful and at a time scale that is appropriate for human cognition.
Autonomic control is importantly differentfrom automation. Many critical infrastructure subsystems already have some degree of automation, typically realised by if-then, rule-based pre-decided courses of action. While this is a significantfirststep, it suffersfrom the limitation that one has to be able to enumerate the possible situations a critical infrastructure system may encounter. In the world of natural threats, it may be possible to estimate the likelihood of significantevents such as hurricanes and earthquakes; but in the cyber world, the possible threats are as boundless as human imagination and, therefore, not constrained by likelihoods. Realising autonomic control will re-quire the ability for systems to understand their own state, reason over this state (within functional boundaries), take action when appropriate, and communicate all of this to human operators with enough transparency that humans can be confidentthe systems are behaving properly. In some cases, humans will also need to override local subsystem control to achieve more strategic aims—hence, the view of humans in a supervisory capacity over the whole system.
The papers in this special edition address various facets of this autonomic loop with human su-pervisory control, beginning with accounting for human influencein terms of adversarial learning systems (‘Adversarial ArtificialIntelligence: State of the Malpractice’), accounting for behaviour of system users (‘A Context-Centred Research Approach to Phishing and Operational Technology in Industrial Control Systems’), adversarial behaviours playing out through cyber systems (‘Cyber Threat Screening Using a Queuing-Based Game-Theoretic Approach’), and deterrence (‘A Toolkit for Cyber Deterrence and Stability with Historical Analysis and Prospective Applications’). The next collection of papers explores facets of gaining awareness of complex systems and how to reason over their present and possible future states, including the ability to automatically discover relationships between processes and components in a dynamic environment (‘Towards Automated Cyber Mission Modelling’) and the ability to model, and emulate complex systems (‘An Auto-mated, Disruption-Tolerant Key Management Framework for Critical Systems’ and ‘Safer and Optimised Vulnerability Scanning for Operational Technology through Integrated and Automated Passive Monitoring and Active Scanning’). We conclude this edition with papers that explore models for sensing and controlling critical infrastructure systems including utilising software-de-finednetworking to drive adaptive and reactive control and sensing (Software-DefinedNetwork-ing TraffiEngineering Process’ and ‘Enabling Situational Awareness in Operational Technology Environments through Software Defined Networking’)
Taken together, we believe these are representative of the technologies that will drive the revolution in autonomic control. With this special edition, we hope to stimulate frank dialogue about the enormous potential and realistic challenges of applying these technologies to defending national critical infrastructure with the goal of broadly improving awareness and driving rapid, impactful innovation.
AUTHORS
Pacific Northwest National Laboratory
Richland, Washington, United States
Christopher Oehmen received his B.A. in Physics and Mathematics from Saint Louis University in 1995 and M.S. and Ph.D. degrees in Biomedical Engineering in 1999 and 2003 respectively from the Joint Graduate Program in Biomedical Engineering at the University of Memphis and University of Tennessee Health Science Center. Chris is now at PNNL as a research scientist, previously serving as the lead for the Asymmetric Resilient Cybersecurity Initiative. His research is built on a foundation of high-performance computing applications in biology, with special emphasis on how these biological approaches can be used as a new paradigm for other fields such as cybersecurity. His resilience and active defense work rely on a foundational application of biological principles for survivability and regeneration with special emphasis on facilitating human control of complex systems.
Pacific Northwest National Laboratory Richland, Washington,
United States
Samuel L. Clements is a Cyber Security Researcher at PNNL. His current work focuses on cyber security for nuclear non-proliferation systems and cyber security developing situational awareness and response capabilities for industrial controls systems for the Department of Defense. Mr. Clements holds a Master of Science in Information Security, Policy and Management from Carnegie Mellon University and a bachelor's degree in Information Systems from Utah State University. Mr. Clements is fluent in Spanish and works with the U.S. National Nuclear Security Administration's International Nuclear Security office supporting their efforts in Latin America.
Published In
Keywords
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive