The attack on Ukraine's power grid in 2015 impressively demonstrated, that cyber attacks on critical infrastructure have long been a reality. The ensuing attack in 2016 was even more impressive, because it was characterized by a high degree of automation. Automated business processes that ruthlessly or unwittingly damage critical infrastructure are also becoming increasingly common. The pose a threat, from the first report in 2012—the german newsmagazine SPIEGEL headlined of “gamblers who brought the power grid close to blackout”—to the “power shortages” in July 2017 and June 2019.
Critical infrastructures (CI) for energy, water, food, finance, insurance, and transportation and traffic are of critical importance for our modern society. Very high demands are placed on their operational safety, as failures or impairments of CI can have substantial negative consequences. The ongoing digitalization in many sectors increasingly affects critical infrastructures, whose operation must be automated, reliable, secure, and economically and resource-efficient. However, the growth in Information and Communications Technology (ICT) for monitoring, control and market-economy optimization is also making the infrastructure more complex and dependent on the smooth interaction of digital components and the physical infrastructure. The maintenance of operational reliability of these cyber-physical systems (CPS), in its complexity, poses a new challenge. This is all the more true when people are involved in their use and operation, or when modern technologies—such as learning systems—take over tasks on the application level. In addition, the integration of digital technologies in CI also leads to new dependencies and weaknesses, not only for actual malicious attackers, but especially in terms of systemic misconduct.
In the project PYRATE, which is funded by the Federal Ministry of Education and Research for three years, OFFIS is developing an intelligent, learning system for the analysis of CPS together with the University of Applied Sciences Bremen and the Leibniz University Hannover. Software agents are used for this purpose, which adapt fully automatically to the CPS—represented by a digital twin—solely on the basis of a description of the existing sensors and actuators. The PYRATE software agents independently develop a model of the system. For this purpose, software agents coordinate themselves to derive attack vectors, specifically those where the sub-domains of the system work within nominal parameters, but where the overall system is destabilized by emergent effects in the interaction of the domains.
Especially so-called attackers, who use “loopholes” in regulations, are the target of the analysis strategy. PYRATE enables experts to close these loopholes, which would not have been noticed by traditional analysis of a CPS. The attackers are also confronted with AI defenders who are supposed to keep the system reliable. They learn their strategy for maintaining operational security directly from the attackers.
Contact: Dr.-Ing. Eric MSP Veith