Modelling for Socio-technical Security (MASS) 

L I M

Project update: The MASS project is currently (early 2021) recruiting interview participants who operate or manage the security of critical infrastructure systems. For more information, please see the Participant Information Sheet for Security Operators and Managers of Critical Infrastructure Systems [pdf].

This project has undergone UCL Research Ethics Approval.

Background

Critical infrastructure networks (CINs) are a good example of classical complex systems as they comprise heterogeneous technologies (hardware and software) in multiple sub-systems that function and exchange volumes of data and information to support the smooth running of society.

The proliferation of the Internet of Things (IoT) presages even greater capabilities for CINs – enabling both remote autonomous sensing and actuation to support smarter and improved functionality in control and monitoring, predictive maintenance, safety and security management among others.

Against these advantages, increased risks of mal-interventions from hostile actors are emerging, facilitated by lack of understanding of the cyber threats and vulnerabilities introduced in the creation of complex interdependent wireless networks and internet-connected smart IoT devices.

Emerging threats to critical infrastructure

IBM and Threatcare Security Researchers  identified seventeen zero-day vulnerabilities in smart city infrastructures deployed across modern cities around the world. Some of these vulnerabilities could enable hackers to alter traffic signals or to broadcast fake or false flood alerts with the aim of creating panic or reducing confidence in legitimate warnings. Similarly, there were claims by researchers that Model S of Tesla’s electric cars were vulnerable to a key fob relay attack, which could allow attackers to read the vehicle’s identifier, and so trigger an unlock response from the key fob. Studies suggest that the future will see an increased number of vulnerabilities, and attacks moving beyond Distributed Denial of Services (DDoS) to an exploitation of the command and control capabilities of IoT-enabled CINs. The impacts of exploiting some of these vulnerabilities may be significant with effects that range from those likely to affect individuals and(or) their immediate environment to those that affect critical services at a national scale.

What are the challenges in processing vast amounts of data?

The expected benefits arising from the massive volumes of data being generated through the adoption of IoT may not be realised, as a significant proportion of IoT data is often lost, either due to the lack of suitable data capture or the lack of appropriate analytics to support effective decision-making. For example, a smart car is fitted with hundreds of sensors that continuously monitor states and parameters, and is capable of generating nearly 25 gigabytes of data per hour. A huge fraction of those data generated are not retained due to a lack of appropriate technologies and infrastructure for sorting, filtering, and storing them.

Cyber-physical systems infrastructures are, in general, socio-technical engineering systems – networks of interconnected elements comprising both technological, non-technological and hybrid entities including people and organisations that function collaboratively as a single system designed to achieve a specific goal.

Currently, cloud processing latency and reliability limitations – an inability to swiftly and securely process the huge volume of data generated by IoT devices – are part of the challenges emerging from the drive to understand how to maximally create value (financial and operational) from the vast volume of IoT-generated data.

How can we improve IoT security system implementation? 

Improvements can include timely identification of security threats and vulnerabilities, prioritisation of controls, and mitigation of attack impacts. There is a challenge related to determining how these security goals can be achieved while capturing and combining socio-technical system attributes such as software, hardware, policies and regulations, standards, human behaviours, finance, and organisational structures. This is crucial since cyber-physical systems are socio-technical systems, and cyber-attacks are seen to also exploit the interrelatedness and interaction between the social and technical elements they characterise.

A sociotechnical approach can help towards a more holistic cyber-physical system security model solution that supports higher-level national and international guidance on future developments and improvements in IoT security system implementation.

The MASS project

The MASS project will investigate the knowledge, attitudes, perceptions, practices, enabling factors, and barriers for security modelling that are used to support threat and vulnerability identification and monitoring operations, and countermeasures development including analytics at the periphery of the Internet.

The work will include exploring how modelling, simulation, monitoring and detection tools can be evaluated and validated, and the impacts of cyber-attacks on technical and socio-technical cyber-physical systems and services considering interdependencies and cascading impacts. It will also explore the value and maturity of security development tools used for modelling and simulation in practice, especially for socio-technical security risk analysis of IoT-connected cyber-physical systems.

A second prong of the project will involve investigating available tools and techniques that use analytics and artificial intelligence (AI) methods to facilitate and improve real-time threat and vulnerability analysis at the Edge of IoT-connected cyber-physical systems.

CIN system owners, managers, and operators need to understand their unique socio-technical environments and be aware of emerging cyber security threats and vulnerabilities, and the analytical possibilities available to help improve security of the cyber-physical systems they design, analyse or operate. To narrow down the challenging areas, representative sectors will be selected for deep dives; e.g. transport and communications infrastructure and manufacturing operations.

Proposed outputs

MASS outputs should provide a better, evidenced understanding of the realistic usefulness of analytical monitoring, modelling and simulation, as well as highlighting current limitations in supporting improved security from analytics and artificial intelligence viewpoints. Deliverables in this strand of work will combine initial insights from MASS with those from other PETRAS projects, working towards a broader interdisciplinary understanding, an analytical framework and possibly, a toolkit that spans many critical infrastructures and domains.

Findings

TBA

Download project flyer [pdf]