The Human Element in Cyber Security and Critical Infrastructure Protection: Lessons Learned

Similar documents
Network Mission Assurance

EL Program: Smart Manufacturing Systems Design and Analysis

Human Dimension in Cyber Operations Research and Development Priorities

Information Visualization WS 2013/14 11 Visual Analytics

Cognitive and Organizational Challenges of Big Data in Cyber Defense

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC)

Information and Understanding (IFU) Overview

Manjula Ambur NASA Langley Research Center April 2014

Communicating Agents Architecture with Applications in Multimodal Human Computer Interaction

Release Notes: SANsymphony-V System Center Operations Manager (SCOM) Management Pack 1.3

Complexity and Scalability in Semantic Graph Analysis Semantic Days 2013

Detect, Contain and Control Cyberthreats

The Big Data Paradigm Shift. Insight Through Automation

Integrating a Big Data Platform into Government:

New Era in Cyber Security. Technology Development

Data Intensive Science and Computing

Establishing a business performance management ecosystem.

A Conceptual Approach to Data Visualization for User Interface Design of Smart Grid Operation Tools

Information Services for Smart Grids

GO BEYOND DATA Real-time Analytics for Application Performance Management

The Geospatial Approach to Cybersecurity: An Executive Overview. An Esri White Paper January 2014

DoD Strategy for Defending Networks, Systems, and Data

Air Force SOA Enterprise Service Bus Study Using Business Process Management Workflow Orchestration for C4I Systems Integration

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Pragmatic Web 4.0. Towards an active and interactive Semantic Media Web. Fachtagung Semantische Technologien September 2013 HU Berlin

Solicitation Number: RFI-JIFX_Special_Interest_Request_For_Information Notice Type: Special Notice

Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems.

Driving Customer Experience Excellency: 360 Degree Voice of Customers Analytics. Tan Meng Teck Head of Contact Center Solution Sales Avaya APAC

A Biologically Inspired Approach to Network Vulnerability Identification

Vulnerability Management

Automated Oil Analysis Interpretation System.

Doctor of Philosophy in Computer Science

Enterprise Security Tactical Plan

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Oracle Real Time Decisions

What is Security Intelligence?

Provide access control with innovative solutions from IBM.

Better planning and forecasting with IBM Predictive Analytics

ScienceLogic vs. Open Source IT Monitoring

ORACLE HEALTHCARE ANALYTICS DATA INTEGRATION

Autonomy for SOHO Ground Operations

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50

How To Create A Help Desk For A System Center System Manager

IBM Operational Decision Management v8

MULTI AGENT-BASED DISTRIBUTED DATA MINING

Situational Awareness Through Network Visualization

Hurwitz ValuePoint: Predixion

Keep managers better informed on their areas of responsibility and highlight the issues that require their attention with dashboards!

SECURITY MEETS BIG DATA. Achieve Effectiveness And Efficiency. Copyright 2012 EMC Corporation. All rights reserved.

WebSphere Business Modeler

MOC 10324A: Implementing and Managing Microsoft Desktop Virtualization

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

Defending against modern cyber threats

FutureWorks Nokia technology vision 2020: personalize the network experience. Executive Summary. Nokia Networks

Q1 Labs Corporate Overview

Solving the CIO s Challenge For More Efficient and Resilient Business Technology Supply Chain Management

Sanjeev Kumar. contribute

A University BI-solution

可 视 化 与 可 视 计 算 概 论. Introduction to Visualization and Visual Computing 袁 晓 如 北 京 大 学

high performance solutions for a connected world

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

July 2016 Price List

Three Open Blueprints For Big Data Success

Table of Contents Cicero, Inc. All rights protected and reserved.

The Clinical Atlas A Modeling and Execution Environment for Clinical Process Solutions

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

Big Data and the Evolution of Precision Medicine

Intrusion Detection via Machine Learning for SCADA System Protection

US Nuclear Regulatory Commission (NRC): National Scale/Fleet Situational Awareness and Emergency Response - Lessons Learned

How To Improve The Performance Of Anatm

Obtaining Enterprise Cybersituational

Knowledge Management in Intercultural Collaborative Environments

IEEE International Conference on Computing, Analytics and Security Trends CAST-2016 (19 21 December, 2016) Call for Paper

A Network Management Framework for Emerging Telecommunications Network.

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

Real Time Traffic Monitoring With Bayesian Belief Networks

RSA ARCHER OPERATIONAL RISK MANAGEMENT

SMART FACTORY: Real Time Multi-Agent Resource Allocation, Scheduling, Optimization and Controlling

Attack Intelligence: Why It Matters

Requirements Analysis Concepts & Principles. Instructor: Dr. Jerry Gao

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

A Hurwitz white paper. Inventing the Future. Judith Hurwitz President and CEO. Sponsored by Hitachi

Artificial Intelligence and Politecnico di Milano. Presented by Matteo Matteucci

Semantic Business Process Management Lectuer 1 - Introduction

Data Mining, Predictive Analytics with Microsoft Analysis Services and Excel PowerPivot

Motorola AirDefense Network Assurance Solution. Improve WLAN reliability and reduce management cost

WHITE PAPER. CRM Evolved. Introducing the Era of Intelligent Engagement

How To Create A Data Science System

I3P SCADA Security Research Plan

Traffic System for Smart Cities. Empowering Mobility Consulting Solutions Managed Services

BIG DATA IN THE CLOUD : CHALLENGES AND OPPORTUNITIES MARY- JANE SULE & PROF. MAOZHEN LI BRUNEL UNIVERSITY, LONDON

Good afternoon. It is a pleasure to be joining you for the Predictive Analytics World for Government conference.

NNMi120 Network Node Manager i Software 9.x Essentials

EASPI EASPI. The Integrated CMMI-based Improvement Framework for Test and Evaluation. Jeffrey L. Dutton Principal Consultant

Software solutions for manufacturing operations management. Helping manufacturers optimize the Digital Enterprise and realize innovation

Total Exploration & Production: Field Monitoring Case Study

I D C A N A L Y S T C O N N E C T I O N. C o g n i t i ve C o m m e r c e i n B2B M a rketing a n d S a l e s

Snapshot: Zantaz Enterprise Archive Solution, Digital Safe, and Introspect

CLUSTER ANALYSIS WITH R

Transcription:

The Human Element in Cyber Security and Critical Infrastructure Protection: Lessons Learned Marco Carvalho, Ph.D. Research Scientist mcarvalho@ihmc.us Institute for Human and Machine Cognition 40 South Alcaniz St., Pensacola, FL 32502 https://www.ihmc.us (850) 202-4446

Human Centered Computing

Cyber Security and Critical Infrastructure Protection Complex Infrastructures Multiple interacting systems Often under different administrative control Very large number of heterogeneous sensors and data streams Multiple operating time-scales for different components and subsystems Time-critical / Mission-critical Users generally track specific metrics at any given time. Difficult to model and predict

Automation in Complex System Monitoring Small scale systems were first monitored directly by users. User has a mental model of the system Single administrative domain Increasing scale and complexity requires some level of automation High-tempo events Large number of nodes Large number of events Complex very complex model Human becomes increasingly detached form the system Control/Defense becomes brittle and hard to understand/control Automation Automation

Our Research Focus: Human-Centered Defense Infrastructures Autonomic Defense Infrastructures Design security infrastructures to enhance human capabilities and performance on monitoring, diagnostics and control of complex and critical systems. Design new human-in-the-loop defense infrastructures that are semi-autonomous or autonomic in nature a required feature for effective defense systems. Build cognitive, mix-initiative systems for cyber defense and critical infrastructure protection.

Current Projects and Lessons Learned Enterprise Network Security Tactical Network Security and Mission Survivability Supervisory Control and Data Acquisition SCADA Systems Network Operations Center Intelligent Transportation Systems

Enterprise Network Security

Enterprise Network Security Network Map

Enterprise Network Security Technical Background Knowledge Network Map

Enterprise Network Security Technical Background Knowledge Network Map Corporate Background Knowledge

Enterprise Network Security Technical Background Knowledge Network Map Corporate Background Knowledge Sec.Tech. Advisories

Enterprise Network Security Technical Background Knowledge Network Map Corporate Background Knowledge Sec.Tech. Advisories Technical Background Knowledge Corporate Background Knowledge Technical Background Knowledge Other Analysts Corporate Background Knowledge

Proposed Approach Shared Knowledge Models between analysts Autonomous Software Agents acting as roaming security guards Better Coverage and enforcement of security policies Disconnected Operation Cognitive Software Agents for Analyst support Specialized Agents for Security and Network Discovery

Enterprise Network Security Agent Management Knowledge Management

Enterprise Network Security Agent Management Knowledge Management

Enterprise Network Security Agent Management Knowledge Management Mediating knowledge representation between humans Graphical notation using concepts, links, and attached resources NOT a formal representation like a conceptual graph or a semantic network Flexible and easy-to-use metaphor for expressing and browsing knowledge

Enterprise Network Security Agent Management Knowledge Management Agent Management Knowledge Management

Enterprise Network Security Agent Management Knowledge Management Simple security/admin operations Maintains state across multiple hosts Ensure system coverage Supports disconnected operations Multiple perspectives for network discovery Persistent operations (at shutdown) Off-site policy enforcement

The Agent Management Console mast.ihmc.us

Lessons Learned Building Agents System required the user to explicitly specify the functions of the agent (with few exceptions) Upfront investment for agent creation/customization Managing Agents Locating/understanding and launching agents Interfacing with Agents Large volume (overload) Difficult to Identify

Attaching Agents to Knowledge Models Building Chat Interfaces mast.ihmc.us

Biologically Inspired Tactical Security Infrastructure (Army Research Laboratory) Sponsor: Army Research Laboratory Collaborative Project with the Florida Institute of Technology Enabling Mission Survivability Fighting Through Capabilities)

Proof-of-Concept Implementation: Mission Survivability Maintain System operations in face of disruptions Reactive and proactive reconfiguration for mission continuity (slow the high-freq. effects)

Policy Estimation Prob. 0.18 0.16 0.14 0.12 0.1 0.08 0.06 0.04 0.02 0 1 2 3 4 5 6 7 8 9 10 11 12 Actions Prob. 0.5 0.4 0.3 0.2 0.1 0 1 2 3 4 5 6 7 8 9 10 11 12 Actions

Lessons Learned Understanding the environment Dynamics of the system Dynamics of the defense infrastructure Eventual dissonance between user s mental models and collective agent responses (poor mission mapping) Benefits in slowing down highfrequency effects for human response (engine failure at takeoff example) Maintain System operations in face of disruptions Reactive and proactive reconfiguration for mission continuity (slow the high-freq. effects)

Traffic Management Monitored by operators in centralized control centers Mostly used for traffic announcements and dispatches Thousands of data collection sensors (indirect measurements) MnDOT (54K Twin Cities Metro) Problem: Understand the interdependencies of the system (spatial/temporal) for corrective/preventive action (Greatly relies on user expertise)

Transportation Systems Automatic Regulatory Structure Discovery for Accident Prevention True Causal Graph Markov Equivalent Class

Transportation Systems Automatic Regulatory Structure Discovery for Accident Prevention

Lessons Learned Powerful in providing some insight on useful knobs Often known by experienced operators Lack of projection (what if) capabilities Structure discovery process is obscure at times Lack of trust in the process

Lessons Learned It is more than just a visualization issue (although visualization is very important) Understanding the collective actions and effects of individual agents Tracking and predicting the trajectory of the system Tracking the progress of Agents (Progress Appraisal) It is about teamwork! Collaborative environment Policy regulation Learning from experience Image Source: Sandia, cyber3d Informatique,armsflow

Ongoing Developments Separate Interfaces to different views of system Human is responsible for maintaining the mental model of the systems Advanced filters help improve the understanding of each perspective Mission Goals exist only at human level

Ongoing Developments Information Fusion Fusing multiple sources of data or perspectives in a common view Focus on visualization technologies Automatic data analysis may identify correlations between events and sources Mission goals still reside at the human level Filter/Fusion definition is done offline for the optimization of pre-defined tasks

IHMC Cyber SA Framework Policy-based multi-agent system for teamwork support Data Processing Agents Simple Data Processing for data filtering Pre-defined pattern search Self Organizing hierarchies Template hierarchies for specific tasks (created/ accepted) Randomized Patterns Search Explicit user feedback Through policies and configuration Implicit user feedback Visualization controls

Cognitive Software Agents Multi-user collaborative environment Cognitive Agents Collect information from multiple agents/sources Learn from human actions and explicit procedural descriptions Build hypothesis based on sequence of events Branch parallel test for validation/ negation Learn new system policies through task refinement

Cognitive Software Agents Agent functionality is represented in an ontology (using OWL). Analysts can assemble agents to create workflows at runtime. Mechanism for knowledge Capture (sharing) Agents publish their capabilities (functional descriptions) other agents can assemble flows automatically (self-organization) Data-driven model for flow tasking and organization

Current Application: Cyber Defense Situation Awareness Sponsor: DoD and Industry Mixed-Initiative Multi-Agent Systems for Cyber Situation Awareness CyberLab (Ocala, FL)

Acknowledgements Cyber Situation Awareness Jeff Bradshaw Larry Bunch Tom Eskridge Paul Feltovitch Matt Johnson Cyber Lab Carlos Perez Adrian Granados Marco Arguedas Massimiliano Marcon Giacomo Benincasa

Thank you! Marco Carvalho Research Scientist mcarvalho@ihmc.us (850) 202-4446 Institute for Human and Machine Cognition 15 SE Osceola Ave. Ocala, FL. www.ihmc.us

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information