LERSAIS is host to a Seminar Series that brings researchers and practitioners to Pittsburgh to share emerging developments and research in the area of Information Assurance. The field of Cyber Security faces new challenges and demands on a daily basis and these seminars serve to keep students, faculty, and business leaders abreast of issues in both the laboratory and industry.
Professionals and investigators who would like more information on this series, or have an idea for a topic, are invited to contact Prof. James Joshi.
The seminars are open to all. Check out our upcoming presentations.
Spring 2019
LERSAIS Cybersecurity Seminar
(organized by SCI, LERSAIS and Pitt Cyber)
Dr. Indrajit Ray
The Joint LERSAIS and PittCyber Distinguished Cybersecurity Seminar
January 14
When Cyber-Attacks Masquerade as Safety Events Can Catastrophe be Far Behind?
--Support for Nuclear Reactor Operators in Case of Cyber-Security Threats
Dr. Indrajit Ray
Professor, Colorado State University, NSF SaTC Program Director
Time/Location
12:00 AM - 1:00 PM (Meet the Speaker & Pizza at 11:30AM)
CANCELLED
January 14
Information Sciences Building, 3rd floor theatre
135 North Bellefield Ave
Abstract:
Increasing use of digital technology in nuclear power plants (NPPs) poses cyber-security as a crucial threat to public safety and to continuous energy production. The current cybersecurity practice for nuclear plants is based on NIST Special Publication 800-161 (Supply Chain Risk Management Practices for Federal Information Systems and Organizations) and NIST Special Publication 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations). These standards provide the process framework to control the security risks, and particularly emphasize monitoring vulnerabilities and enhancing visibility at different stages of the system development lifecycle. However, there is little understanding or research geared towards plant operators’ response under cyber-security threats and operation procedures to cope with such threats. This is particularly critical when a cyber-security event masquerades as a safety incident or an evolving accident. Instead of leading operators to the remediation of the accident, the masked cyber event may lead them to circumvent the safety mechanisms of the plant. Unfortunately, there is an awful lack of real-world data related to cyber incidents in nuclear power plant. This translates to serious challenges to separating behaviors that are indicative of pure safety issues, behaviors that are indicative of pure cyber-attacks, and behaviors that are indicative of cyber-attacks masquerading as safety issues.
In this ongoing project, we take a two-step approach to developing indicators to help operators distinguish between cyber-security related events and safety related events. The first step consists of developing an integrated model of nuclear power plant safety and cyber-security that captures the dependencies (if any) among them. Safety event features include correspondence to known failure modes or whether behavior precursors to the failure occurrence have been observed in the recent record of the plant. Cyber-security threats are consistent with the various goals of an attacker, e.g. disruption of service, data collection, inducing severe damage, etc. Considering the features of cyber-security versus safety events and the dependencies between them will allow better discrimination and prediction capability than an approach based solely on external symptoms. The second step comprises developing classifiers to determine anomalous behavior of embedded devices. A monitoring system determines when a device behaves differently from its expected behavior and projects the anomaly against the integrated model developed in the first step. We discuss our initial results in developing these two approaches.
Biography:
Dr. Indrajit Ray is a Professor of Computer Science at Colorado State University. He joined CSU in 2001 moving from the University of Michigan-Dearborn where he worked as an Assistant Professor from August 1997 – July 2001. Dr. Ray obtained his Ph.D. in Information Technology from George Mason University in August 1997. Indrajit’s primary research is in computer security and privacy. His major contributions have been in security risk modeling and security protocol design using applied cryptographic techniques. Other areas in which he has made valuable contributions are trust models for security and micro-data disclosure control. He has published more than 150 technical papers. His research has been well funded through various federal agencies. He has advised several Ph.D. students many of whom hold tenured positions in academia. He has also played leadership roles in the academic community by serving as program chairs in various conferences. In 2015 he served as General Chair of the 2015 ACM CCS conference which is the flagship conference of ACM SIGSAC, and in 2017 as the General Chair of the 2017 IEEE CNS conference. He was the founder of the IFIP TC 11, WG 11.9 on Digital Forensics and its first Chair. Recently, Indrajit has helped establish the CSU site of the NSF funded I/UCRC Center for Configuration Analytics and Automation, where he is Co-Director. This multi-university research center that includes fee-paying members from the industry and FFRDCs works with enterprises and government entities to improve service assurability, security and resiliency of enterprise IT systems, cloud/SDN data centers, and cyber-physical systems by applying innovative analytics and automation. Currently, he is serving as a Program Director at the National Science Foundation, where is responsible for the Secure and Trustworthy Cyberspace program.