Policy Analytics for Cybersecurity of Cyber-Physical Systems

Abstract

Mounting concerns about safety and security have resulted in an intricate ecosystem system of guidelines, compliance measures, directives and policy reports for cybersecurity of all critical infrastructure. The policy paradox is that the text form of policy documents is an impediment to the implementation of policies and directives and creates potentially powerful opportunity costs. As a general practice, guidelines, directives and policy documents are presented in text form, page-by-page and word-by-word all supported by figures, diagrams and tables as needed. By definition text obscures properties of both policy and system-target in terms of dynamic relationships, feedback, “drill-down”, leads and lags, and so forth. The challenge is to develop analytics for cybersecurity policy of cyber physical systems. We begin with constructing (a) a structured system model of the system, in order to (b) identify major policydefined system-wide parameters, (c) situate system vulnerabilities, (d) map security requirements to security objectives, and (e) advance research on how system properties respond to diverse policy controls for security of cyber physical systems. This Project addresses the hard problem of policy-governed secure collaboration related to cyberphysical security of critical infrastructure (focusing on a generic and fundamental feature, namely smart grid of electric power systems). The purpose is to (a) reduce, if not eliminate barriers to full understanding of policy text as transmitted by the source, (b) explore system-wide or targeted implications, (c) help contextualize generic directives for specific applications, and (d) facilitate contingency analysis, as needed. This Compilation is based on the Quarterly Research Reports submitted by MIT to the Cyber- Physical Systems Organization of Vanderbilt University. The Compilation is the first of several Reports highlighting the research process and products of the MIT Project on Policy Analytics for Cybersecurity of Cyber-Physical Systems. Gaurav Agarwal [a.k.a. Gaurav], MIT alumnus, served as Lead Researcher for the Proof-of-Concept case presented here.