What We Do

What We Do

 

Vulnerability Analysis

When it comes to critical infrastructure systems, NPS has a unique perspective and capability.

  • We have been studying critical infrastructure for decades.
  • We look at our own domestic infrastructure through the eyes of intelligent adversaries.
  • We have conducted over 150 “red team analyses” to plan attacks on our own infrastructure, and determine how to mount effective hardening and defensive efforts ("blue team analyses") 

Systems Modeling: We model the operation of a system.

Our view of critical infrastructure systems holds that the function of each system, and especially continuity

of that function, is of primary importance. We view an infrastructure as a collection of interconnected components that work together as a system to achieve a particular, domain-specific function. It does this through either human or automated decision making that responds to the demands placed on the system to provide the best possible function in any given situation. This decision making is commonly termed the operation of the system, and an operational model of a system is any mathematical model that evaluates the performance of a system (through a cost function, or some other quantitative evaluation of its operation) and that explicitly includes this operational decision making in its formulation.

System operation can be almost anything,but we often model it as a network flow.  Electricity flows through the power grid.  Water flows through a pipeline network.  Vehicles flow through a network of highways and roads.  Information flows through communication networks.  Goods and materials flow through supply chains.  Continuity of operation for many critical infrastructures can be understood in terms of the ability to deliver flow in the presence of disruptions.

Red Teaming: We identify worst-case disruptions.

In practice, infrastructure owners and operators must contend with both non-deliberate hazards (e.g.,

accidents, failures, and Mother Nature) and deliberate threats (e.g., vandalism, sabotage, competitors,

and terrorism).  Military planners have learned to deal with deliberate threats, primarily through the analysis of worst-case outcomes—one assumes that the adversary is intelligent and will act to inflict the most possible harm based on his capability. The key idea is to base assessments on what the adversary can do, as opposed to guesses about what the adversary wants to do. This is conservative, but prudent, and the use of red-teaming techniques provides an effective way of discovering hidden dependencies between system components.

We can also use scenarios of interest or probabilities into traditional risk-based analyses.  However, principles of reliability andrisk are—by necessity—based on knowledge of past events. They are not suited to adapt

infrastructure to dramatic change and/or future surprising events.

Blue Teaming: We identify optimal investments to improve system resilience

Determining how we should invest limited resources to make our infrastructures resilient to disruption is a system design problem. We use of our models to assess improvements from potential investments, ranging from (i) hardening andreinforcement, to (ii) redundancy and backup functionality, to (iii) capacity expansion and/or new construction.  In some military applications, this is known as mission assurance, and such analysis adds another layer of difficulty to the general problem of using appropriate analyses to protect infrastructure systems. 

Fundamental Contributions: Network Interdiction Models.

Network interdiction problems (also called Attacker-Defender problems) focus on situations where an attacker will target one or more arcs in a network in a way that most impacts its performance (e.g., minimizing the maximum flow or maximizing the shortest path). The defender is the operator of the network that will select decisions so the network performs as well as possible after the perturbation. The modern study of network interdiction problems was started by fundamental contributions of Prof. Kevin Wood (1993), along with other faculty at NPS.  [Picture of Kevin Wood by electric transmission tower to go somewhere here]

 

References:

 

 

Infrastructure Resilience

As defined by the U.S. Government, critical infrastructure consists of "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, the national economy, national public health or safety, or any combination of those matters" (42 U.S.C. 5195c(e)).

The U.S. National Strategy for Homeland Security succinctly recognizes the challenge and the opportunity:

"We will not be able to deter all terrorist threats, and it is impossible to deter or prevent natural catastrophes. We can, however, mitigate the Nation's vulnerability to acts of terrorism, other man-made threats, and natural disasters by ensuring the structural and operational resilience of our critical infrastructure and key resources" (p. 27)

Thus, the National Strategy for Homeland Security states the infrastructure mission unambiguously:

"We must now focus on the resilience of the system as a whole—an approach that centers on investments that make the system better able to absorb the impact of an event without losing the capacity to function" (p.28).

The limited availability of investment resources to support this mission challenges infrastructure decision-makers at all levels of government, industry, and the military. Our research focuses on how to model and solve such investment problems.

Concerns about accidents, failures, natural hazards, and attacks on critical infrastructures typically focus on three basic questions:

  • Consequence estimation. Given some imagined scenario, what will be the consequence (for example, lives lost, damage, loss of service)? How bad could things be?
  • Critical components. What are the most critical (sets of) components in the system? Where should we focus our attention?
  • Mitigation. What could be done to mitigate the potential consequences of the imagined scenario? What is it going to cost? What is the potential return on investment?