Officials from CISA and DARPA spoke about their initiatives to support cybersecurity operations across critical infrastructure networks.
A Wednesday meeting of the President’s Council of Advisors on Science and Technology heard expert opinions on better constructing a cyber-resilient digital infrastructure at the national level, with current government officials advocating for a combination of emerging technologies and risk mitigation.
The Defense Advanced Research Projects Agency has spearheaded efforts to strengthen critical infrastructure with the help of advanced data analytics and cybersecurity technology.
Kathleen Fisher, the director for DARPA’s Information Innovation Office, described an experiment where her office developed sensor tools intended for power grids to differentiate cyber attacks from weather incidents.
“Failures caused by nature and by accidents are really really very different than the failures caused by a cyber adversary, because the cyber adversary, they can make the system lie,” she said during her presentation.
DARPA had tested a new sensor and corresponding algorithm to model power grids in their Rapid Attack Detection, Isolation and Characterization Systems, or RADICS program. RADICS was successful in training power engineers to black start a compromised power grid—or return part of an electric grid to operation without the use of external power—due to a cyberattack.
RADICS technology was designed to detect incorrect data, isolate compromised communication channels and nodes, and introduce new traffic analyses and IT protocols. Fisher said that DARPA’s RADICS algorithm is now being used by several utility companies and independent state systems operators.
A key feature provided electrical grid operators with a means to conduct forensic analyses via both software and hardware to gauge cyberattacks on a system and help recover grid operations in a short timeframe.
“RADICS was a good start, but much work remains to be done in this space, including continuing to develop fast modeling capabilities based on out-of-band sensors, to provide reliable situational awareness, deep forensic analysis capabilities and continued partnerships between power engineers and cyber experts, with the opportunity to practice and live fire exercises,” she said.
Fellow experts echoed the need for improved critical infrastructure digital protection, mainly through a more holistic organization-centered approach.
David Mussington, the Executive Assistant Director for Infrastructure Security at the Cybersecurity and Infrastructure Security Agency, noted that the past few years have seen increasingly severe cyberattacks on U.S. critical infrastructure and institutions. CISA has responded to these increasing threats through sector-specific mitigation efforts to focus on the unique challenges each industry faces.
“We worry about risks, systems that deliver vital digital and other services such as the American economy in particular,” he said. “We worry about it because it's a challenging risk environment that empowers particular adversaries, from nation states and otherwise, to interrupt the availability and accessibility of critical data and services.”
Mussington highlighted CISA’s Sector Risk Management Activity as an effort to examine critical infrastructure risk mitigation by different sectors. Examples include the Department of Homeland Security overseeing critical manufacturing systems and the Department of Transportation overseeing transportation infrastructure.
The goal with these resiliency measures is to develop plans to maintain commodity flow from the sectors. CISA and the Department of Homeland Security are tasked with facilitating these critical infrastructure assessments to gauge how prone they are to risk.
“A lot of the national coordination activity that CISA undertakes is designed to surface vulnerabilities and risks, and coordinate collaboration to mitigate risks which are prioritized,” he continued. “Sharing best practices across the sector is really our job one.”
Jim Platt, the acting associate director at CISA’s National Risk Management Center, added that approaching risk management from a deliverables perspective—that is, identifying what each individual infrastructure sector specifically produces—can better fortify their system capabilities.
“We need to take a look at this from a functional aspect,” Platt said. “What are the things that these critical infrastructure sectors are providing? And [we] look at them from an all hazards perspective and ensure that the continuity of operational procedures are in place as we go forward.”