By Saurabh Amin, Professor of Civil and Environmental Engineering PI, Laboratory for Information and Decision Systems Massachusetts Institute of Technology
Cyberattacks are undoubtedly on the rise; as of September 2023, there had already been a 17% increase in the number of security compromises over the total number for 2022. We can likely expect more such attacks as the geopolitical situation continues to deteriorate and more government actors abroad mount attacks on U.S. companies and infrastructure. In this climate, the challenge for the public and private sectors alike is to protect critical infrastructure systems as they become increasingly interdependent and reliant on cyberinfrastructure for both routine and emergency operations.
We live in a world of neither purely physical nor purely cyber infrastructure, but of cyber-physical-human-systems (CPHS). Vulnerabilities mean that hospitals can be shut down; air traffic and shipping can be disrupted; electricity grids can be knocked out; and navigation systems can be spoofed. The functionality of these systems can dip rapidly and take significant time to recover, leading to huge societal losses. Such risks are becoming especially concerning due to increasing attempts to compromise the nation’s large and strategic systems, and loss of trust in digital systems due to disinformation, fraud, and lack of digital safety. The resilience and trustworthiness of CHPS that provision critical societal services is now a top national security concern. How should policymakers address this fact?
Resources for new R&D is one answer. But R&D needs both resources and one or more pathways that are ambitious yet viable in a multi-stakeholder and highly uncertain environment. Hence if decision-makers in government and industry want to overcome our asymmetrical cyber challenge, they need diverse, committed subject matter expertise to chart the right course and create a broad, long-term picture of future global risks and opportunities that captures the needs of all stakeholders of CPHS.
Identifying research priorities for R&D is the function of the Engineering Research Visioning Alliance (ERVA), an initiative funded by the U.S. National Science Foundation (NSF). In August 2022, ERVA held one of its visioning events on the theme of “unhackable infrastructure,” convening dozens of the top experts in cybersecurity in the nation. The experts arrived at a consensus about the requirements that future resilient infrastructure must satisfy. These include the ability of CHPS to ensure safety, security, and trust in essential systems and services, while maintaining practical usability; and the capacity to adapt to unexpected changes while maintaining robustness and trustworthiness in a range of situations, including actively resisting adversaries (both known and unknown). The group identified gaps in today’s security technologies and formulated new ideas and visions that will be instrumental in steering future research toward areas of much-needed innovation to ensure resilient and trustworthy CPHS.
The resulting report identified research directions within five concrete areas for R&D efforts with the goal of addressing the thorniest challenges in security engineering. Each area produced an array of specific engineering topics to catalyze engineering research for a more secure and resilient world. The experts highlighted ways in which these topics should be contextualized in various domains (e.g., energy, transportation, supply chains, health care systems), considering domain-specific design and functional requirements of CPHS, and unambiguous specification of safety, security, and resiliency requirements for all stakeholders.
- Human-Technology Interface Considerations: The visioning event report emphasized a crucial insight: humans are both the weakest link and biggest opportunity in cybersecurity. Modeling to counteract cyberthreats must consider the human element more comprehensively, from motivating incentives and economics of security in asymmetric information environments as well as usability in engineered infrastructures. (This is why we expanded the concept of cyber-physical systems (CPS) to cyber-physical-human systems—to accentuate the essential human aspect.) The assembled experts also recommended more R&D to integrate frontier technologies like augmented and virtual reality into security interfaces, as well as greater use of immersive human-computer environments. These would simultaneously improve usability of security systems for human operators and allow greater understanding of what motivates humans to act in particular ways—knowledge that can be applied to the way adversaries think and act as well.
- Measuring and Verifying Security: CPHS operate in highly complex and constantly changing environments, making it hard to determine how secure they are at any given time. We recommend development of new quantitative metrics for determining system safety as well as advanced research into continuous monitoring and verification tools, which will rely on further development of artificial intelligence (AI) tools that can be deployed at partially observable and often vulnerable CPHS interfaces. These tools must be engineered to be able to learn through changing threat landscapes and help trigger automated response under highly dynamic and unpredictable situations. Additionally, insights derived from systematic study of human behavior and incentives for engineered systems will be crucial to better understand the human oversight aspect of security monitoring, adaptation, and verification.
- Future Approaches to Autonomous Security: The sheer size and scale of cyber threats will require much greater use and deployment of AI and machine learning capabilities to monitor and quickly synthesize massive amounts of data and help determine when CPHS are at risk. R&D must continually emphasize integration of the most cutting-edge AI into safety and security processes, with a special focus on developing AI with contextual awareness in as humanlike a way possible, while ensuring trustworthiness of automated decisions and response capabilities. Crucially, research is needed to develop effective processes for human operators and decision-making processes (or feedback loops) to interact with and derive the most value from AI, again tapping into the CPHS framework to integrate knowledge about human behavior in threat modeling and coordinated, risk-aware, response mechanisms that satisfy physical constraints.
- New Approaches to Resilience in Interdependent Infrastructures: CPHS tightly couple continuous physical dynamics with networked computer processes, which means adversaries can exploit a weakness in one area to wreak far wider damage. Strategic coordination among different systems, organizations, and industries is therefore critical for addressing insecurities arising due to correlated software bugs, hardware malfunctions, and network interdependencies. In addition to technical research, mechanisms for coordination between government and for-profit agents must be established, since the latter possess access control to critical industries that are integrated in common CPHS. There is a clear need for a limited liability framework (aka due care standard) and compliance mechanisms for processes such as data sharing and analysis as well as the knowledge base for security tactics and active defense strategies.
- Architecting Trustworthy Systems: Systems and security processes must be, above all, trustworthy. But what does this mean? In the context of engineered infrastructure, trustworthy refers to system correctness and security according to a well-defined design specification. Hence R&D in this space should focus first on design specification and defining correct behavior in complex infrastructures (which include many interconnected sub-infrastructures and processes that can range from centralized command to fully decentralized operations). The goal is to design trustworthy systems that can withstand attacks—or unanticipated uses of technology that fall within a system’s specifications. These systems have untrusted inputs and interfaces that can be tackled by confidential computing techniques and trustworthy architectures. Engineering research should address such key issues to address vulnerabilities we see today that arise from ill-defined specifications, brittle control loops, and poorly understood interdependencies.
The ERVA report elucidates proactive research directions and focus for those who oversee cybersecurity within each of these five research areas. But I would emphasize two key points above all: (1) collaboration across industries and sectors (including academia and government agencies) is essential, as the interdependent nature of CPHS demands it; and (2) this is the time to think in terms of a systems approach to design trustworthy and resilient CHPS in all major critical infrastructure domains.
Plugging holes and fighting security breaches as they occur is not the answer. We must reimagine the whole way we approach cyber-physical security in this world of cascading threats and their global implications. The ERVA visioning session was motivated by a call to look beyond the here and now to future, potential threats, so we can contemplate solutions that do not yet exist but are urgently needed. Decisionmakers in both national defense and in private industry must do no less to ensure our security.
About the Author
Saurabh Amin is Professor in the Department of Civil and Environmental Engineering (CEE) at MIT, and co-chair of the ERVA Engineering R&D Solutions for Unhackable Infrastructure Task Force
Saurabh can be reached at our company website https://www.ervacommunity.org/