Helen Gill, Ph.D. CISE/CNS National Science Foundation Critical Infrastructure Protection Challenges: High Confidence Critical Systems Helen Gill, Ph.D. CISE/CNS National Science Foundation

U.S. Power Grid: Well-Known Challenges Status Cascading failures Changing technologies, constraints Vulnerability to failures, attacks, misuse Expertise, training limitations Insider threats Interdependencies Need for both, renewal and growth PSERC enables: Research vanguard Coordination

Critical Infrastructure Protection HSPD-7 ISACs, NIPP, SCCs, etc. CIP R&D Planning National CIP R&D Plan CIIP R&D Plan NSTC Committee structure CT – Committee on Technology Networking, IT R&D Subcommittee Infrastructure Subcommittee Critical Information Infrastructure Protection Interagency Working Group (to be renamed) NITRD High Confidence Software and Systems Coordinating Group NSTC … CT H&NS Infrastructure NITRD … CIIP HCSS HEC

National CIP R&D Plan April 8, 2005 NCIP R&D Roadmap identifies three strategic goals: National Common Operating Picture Secure National Communication Network Resilient, Self-Healing, Self-Diagnosing Infrastructure Themes: Detection and Sensor Systems Protection and Prevention Entry and Access Portals Insider Threats Analysis and Decision Support Systems Response, Recovery, and Reconstitution New and Emerging Threats and Vulnerabilities Advanced Infrastructure Architectures and Systems Design Human and Social Issues http://www.bfrl.nist.gov/PSSIWG/documents/2004NCIP_R&D_Plan_FINAL.pdf

Illustration, GAO Report: CRITICAL INFRASTRUCTURE PROTECTION Challenges and Efforts to Secure Control Systems (GAO-04-354)

The Outsider's Strawman Perspective: The Power Grid Current Human-centric system of systems, information-enabled regional coordination Static structure, with protection equipment, human operation Built infrastructure; stressed by power routing; complex market, regulatory, and advisory environment No storage, shrinking stability margin Not secure, minimal cost incentive to change Enterprise/market/control interaction, air gap violated Midterm FACTS – better flow control PMUs – better local state information Super-capacitors – better buffering, increased stability GridWise, GridStat, …-- better global information NERC 1200 Security Standard: guidelines, progress toward industry-specific IT security standards, SCADA security

The Outsider’s Strawman (Continued) Long Term, “Energy Independence” Future Physical System Highly decentralized, distributed generation, configurable sources Intermittent sources, smart motor loads Information Technology System of (Embedded) Systems, flexible (local? regional?) structure, Real-time, multi-modal, mixed-initiative control Flexible, dynamic topology Security built in, policy-driven, adaptive Authentication Access control Information assurance Authority management Intrusion detection, response Real-time trust maintenance Diagrams, courtesy UIUC/Cornell U./Dartmouth U./WSU

The Technology

A (fairly obvious) prediction about the Future of Physical and Engineered Systems General transportation Highway system technologies Vehicle technologies Hybrid engines, alternative fuels Coordinated motor, braking, transmission Continuously varying transmission control ABS, regenerative braking, etc… Environmental monitoring Global warming Environmental observation instrumentation, control Agriculture and ecology Herd health monitoring Remote veterinary care Crop condition monitoring Emergency response Rescue robotics Command and control Power generation and distribution Deregulation, competition Mix of generation technologies Fossil fuels Solar, wind Hydrogen, fuel cells Fusion? Future airspace Airspace management Free flight UAVs Critical Infrastructure Protection Higher performance vehicles Health care Infusion pumps, ventilators,… EMT and ICU of the future Triage and transport Home care IT Inside Health care, environment, agriculture, species monitoring Information technology inside! Pictures of current and concept devices, not megalomania A significant share of the technology edge is coming from better use of information - design - precise control Photo Credits: Boeing, GM, Medtronics

Embedded Software and System Control Problem Closing the loop around combined behaviors… Physical/Biological/Engineered System Control Software Latency Latency Sensing State: Kinematic, Thermal, Electromagnetic, Optical, Chemical,… Coordination Mode, Thread switching Stability Phase Actuation Energy production, consumption Periodic calculation Frequency Execution Rate Dynamic scheduling, resource management Clock rate Energy Management Voltage scaling Hardware Platform Processing and Networking Latency Bandwidth

IT Technical Challenge: "Systems of Embedded Systems" Now: information focus, human-machine interface Operator skill System, operator certification Future: closed loop, mixed initiative, autonomous systems and multi-systems Example domains: Medical: “plug and play” operating room of the future Aviation: mixed manned, autonomous flight Power systems: SCADA and DCS for distributed generation, renewable energy resources National Security: common operating picture, global information grid, future combat systems

Some “Grand Challenges” Medical devices and systems of the future Now: Practitioner closes the loop; sensor feeds to TV monitor, manual settings Future: Closed-loop patient monitoring and delivery systems, “plug and play” operating rooms/ICUs/home care Flight-critical aviation systems of the future Now: Federated designs, pilot closes the loop Future: Integrated designs; autonomy vs. pilot control SCADA systems of the future Now: Telemetry, sensor feeds to control center, centralized decision support Future: Hierarchical, decentralized, highly-automated, market/policy driven, closed-loop + supervisory control Now: Information-centric, human-closes-loop, distributed a priori, soft real-time, not secured Future: Mixed initiative/closed-loop, open systems, hierarchical supervisory control, mobile, soft and hard real-time, secured

Cross-cutting Technical Challenges Future distributed, real-time embedded system characteristics/requirements: Open, reconfigurable topology, group membership Styles: Integrated, peer-to-peer, “plug and play”, service-oriented Fixed & mobile, RF/optical/wired/ wireless networking modalities Mixed-initiative and highly autonomous operation Complex multi-modal behavior, discrete-continuous (hybrid) control Reconfigurable, multi-hierarchy supervisory control; vertical and horizontal interoperation End-to-end security, “self-healing” System certification Status: many experimental systems, some science Interesting results, but not yet a principled science/engineering base Focus on situation awareness, sensor nets, and simulation, not control infrastructure

Cross-cutting Technical IT Challenges Technical gaps: Lack secure, interoperable, scalable real-time technology base System stack (RTOS, virtual machines, middleware) needs re-factoring, extension, scaling, e.g. Coordination (e.g., timed, reactive) Dynamic hard/soft real-time scheduling System security services Recovery services Lack secure real-time networking capability for critical infrastructures Lack reliable, proven infrastructure IT architectures and components for high-confidence sensing and control systems

Goal: A Technology Base with Broad Applicability Coordinated control systems applications Unmanned autonomous air vehicles, automotive applications SCADA systems for power grid, pipeline control Remote, tele-operated surgery? OR, ICU, EMT of the future? Nano/bio devices? … Key areas for potential joint research Open control platforms Reconfigurable coordinated control Computational and networking substrate Assured RTOS, networking,… Middleware Virtual machines

HCSS and NSF/CISE Actions

NITRD HCSS Coordinating Group Assessment Actions National workshops on: High Confidence Medical Device Software and Systems (HCMDSS), Planning Workshop, Arlington VA, November 2004, http://www.cis.upenn.edu/hasten/hcmdss-planning/ National R&D Road-mapping Workshop, Philadelphia, Pennsylvania, June 2005, http://www.cis.upenn.edu/hcmdss/ High Confidence Aviation Systems (title TBD) Planning Workshop, Seattle, WA, November 21-22, 2005 National R&D Road-mapping Workshop, venue TBD, June/July 2006 High Confidence Critical Infrastructures: “The Electric Power Grid: Beyond SCADA” Planning EU-US Planning meeting, October, 2005 US Planning Workshop, Washington, DC, November 3-4, 2005 Workshops US National R&D Road-mapping Workshop, venue TBD, March, 2006 EU-US Workshop, Framework Program 7 linkage

NITRD HCSS Coordinating Group Assessment Actions (continued) Backdrop: NSF/OSTP Critical Infrastructure Protection Workshop, Leesburg, VA, September 2002, http://www.eecs.berkeley.edu/CIP/ NSF Workshop, on CIP for SCADA, Minneapolis MN, October 2003 http://www.adventiumlabs.org/NSF-SCADA-IT-Workshop/index.html National Academies’ study: “Sufficient Evidence? Design for Certifiably Dependable Systems”, http://www7.nationalacademies.org/cstb/project_dependable.html HCSS real-time operating systems research needs assessment: Real-time embedded systems technical base evaluation and prospectus, September-October 2005 Scope: secure RTOS, virtual machines, middleware Industry input (NDA): System integration houses, labs, FFRDCs, RTOS/middleware vendor perspective, OMG National Coordination Office summary report(s) derived from workshops, industry input sessions, NAS study

Conclusion: A Possible PSERC Research Agenda? Exploit renewables and distributed generation/micro-grid research as CIP breakthrough opportunity. Why? Concept development hotbed for systems of secure, distributed, real-time embedded systems Vector for change via new and emerging markets, decentralization Fosters US competitiveness in control systems and embedded systems technologies Foster multi-disciplinary work that includes the IT research community. Why? Leverage; investment multiplier NSF CISE-ENG grass-roots enthusiasm for cooperation in this area (Tomsovic, Baheti, Schwartzkopf, Rodriguez, Rotea, Gill, …) Initial NSF/DoE/DHS cooperation for secure electric power systems (Cyber Trust) Who else will do this?

So Far: NSF CISE Investments in Critical Infrastructure, Power Systems CISE/CNS Computer Systems Research Program Embedded and Hybrid Systems disciplinary area (Watch for new emphasis areas in FY 2006 announcement) CISE/CNS Networking Research “Clean Slate” Internet research initiative Planning grant: study on real-time networking for critical infrastructures NSF Science and Technology Center: TRUST UC Berkeley, with Vanderbilt, Cornell, Stanford, CMU, … http://trust.eecs.berkeley.edu/ Engineering Research Centers: current competition Information Technology Research, competition ended, active grants remain (EU-US linkages, G.3 and D.4): Center for Hybrid and Embedded Systems (CHESS), UC Berkeley Secure and Robust IT Architectures to Improve Survivability of the Power Grid, CMU/WSU Multi-Layered Architecture for Reliable and Secure Large-Scale Networks, CMU Infrastructure Programs: Major Research Infrastructure: Laboratory to Study FACTS Device Interactions, U. of Missouri at Rolla Cyber Trust (FY 2005 Center-Scale portfolio, TBA 2-3 weeks)

Thank you

High-Confidence Software and Systems (HCSS) Agencies Air Force Research Laboratories* Army Research Office* Defense Advanced Research Projects Agency Department of Energy Federal Aviation Administration* Food and Drug Administration* National Air & Space Administration National Institutes of Health National Institute of Science and Technology National Science Foundation National Security Agency Office of Naval Research* * Cooperating agencies