ADSC researcher develops virtual environment for cybersecurity research

3/27/2020

Allie Arp, CSL

Evaluation of cybersecurity solutions in critical infrastructure, such as smart power grid systems, is an ongoing problem for many researchers. Potential solutions can obviously not be deployed on the real power system without extensive testing and evaluation. Finding a solution to this issue was the genesis of the project “Automated Framework for Generating Cyber-physical Range for Smart Grid.”

“Because modifying or upgrading the critical infrastructure requires intensive caution, it is highly
Daisuke Mashima
Daisuke Mashima
desired to scrutinize the compatibility and potential impact before they are deployed in the real system,” said Daisuke Mashima, senior research scientist for the Advance Digital Sciences Center (ADSC) and principal investigator on the project. “However, it is often impractical or even impossible to conduct such evaluation in the real, and ideally live, system infrastructure for fear that it may harm the operation or availability of the infrastructure.”

In order to address this problem, Mashima and his team, collaborating with National University of Singapore, are developing a cyber range, also known as a “digital twin.” This is a virtual environment that emulates the real cyber-physical infrastructure with high fidelity. The range will also generate data to further train machine learning algorithms and improve their capabilities. It would also provide a platform to train infrastructure operators, security operators, and even students.

The developed ‘twin’ could also be a building block for future security tools for cyber-physical systems.

“One application would be the implementation of honeypot system based on the cyber range to collect real-world attack vectors,” said David Nicol, ADSC director. “Other types of deception technologies to counter persistent, passive attackers could also be developed.”

According to Mashima and Partha Biswas, senior research engineer at ADSC and co-investigator of the project, a challenge in the development of the digital twin is that the process is complex and time-consuming because it requires detailed understanding of the cyber-physical system it’s replicating. This makes it unlikely that a research community could realistically create one that meets the complexity and scale needed by real-world infrastructure operators, device vendors, security solution providers, and the cybersecurity/AI research community as a whole.

“While a number of efforts have been devoted to develop such a cyber range, to our knowledge, there is no attempt made to automate and/or facilitate generation of the cyber range according to the user-desired configuration,” said Mashima. “We aim to design a modelling language of smart power grid system and toolchain to automatically process the model representing the smart grid system for instantiation of the twin. This way, template models developed by domain experts can be shared, recycled, and/or reproduced and the effort by each researcher can be minimized.”

The next step for the researchers is to utilize the developed cyber range for security training and research. Plans include using the range as a hacking competition venue, a training sandbox for emulated cyberattacks, and a way to predict the consequences of an attack.