Automatic security assessment of critical cyber-infrastructures

This research investigates the automation of security assessment of the static and dynamic properties of cyber infrastructures, with emphasis on the electrical power grid. We describe a network model representing the static elements of a cyber infrastructure including devices, services, network connectivity, vulnerabilities, and access controls. The dynamic elements include workflow models of the operating procedures, processes and the state of a working power grid. We introduce a toolkit that with a little manual assistance can automatically generate these models from specifications, continuously update attributes from online event aggregators, and perform security assessment. The assessment reveals whether observed anomalies about the system could indicate possible security problems and permit dynamic ranking of alternative recovery procedures to minimize the total risk. We motivate the use of the tool-chain by showing an example scenario where the recovery procedure recommended to minimize security risk depends on the current state of system as well as the network topology.