In this phase I initiative, KBSI is developing a toolkit that allows analysts to perform vulnerability assessments of cyber-physical systems (CPS).  The technology will benefit a diverse set of industries that are increasingly leveraging advances in CPS—networks of physical artifacts tied together via cyber sensors and computer systems—to integrate and better manage the components of large scale systems like electricity grids, health care monitoring, and the next generation battle space.

The reliance on CPS for these critical enterprises heightens the need for security that safeguards the cross-crossing connections among the network’s cyber and physical entities and the electromagnetic spectrum.  Most cyber protection research initiatives focus on defense and detection mechanisms in the cyber world exclusively, ignoring threats that target physical entities in the network (e.g., the power supply).  This oversight can have significant consequences.  Imagine, for example, the failure of a generator (physical domain) that powers a sensor (cyber domain) that helps control a missile defense system (physical domain) that defends a location (physical domain) that serves as the command, control, and communication center (cyber domain) for the battle space.  Any vulnerability assessment must consider all of the various orders of effects that can traverse these tightly networked domains.

The Cyber-Physical-Electromagnetic Spectrum Integrated Domain Mapping Toolkit for Vulnerability Analysis and Critical Resource Identification Enablement (CEPHEID VARIABLE) technology that KBSI is developing in this initiative will allow users to analyze assets, systems, and networks for vulnerabilities and risks, addressing a significant security void. 

CEPHEID VARIABLE will provide analysts with the capability to acquire, model, store, and map vulnerability and dependency analyses of information linking cyber and physical resources. The technology will allow analysts to perform both static analysis (e.g., topological vulnerability analysis and model-based vulnerability analysis in a large network) and dynamic analysis (e.g., simulation-based effects of cyber and physical attacks using coordinated goal-driven task analysis of enemy forces).

The CEPHEID VARIABLE technology will allow military analysts and enterprise infrastructure management stakeholders to assess the vulnerability of diverse cyber-physical systems including battle spaces, disaster regions, military bases and enterprise facilities, and classic cyber physical systems like SCADA and smart grids. The technology will also have commercial applications, including for analysts performing critical infrastructure protection and homeland security. The CEPHEID VARIABLE technologies will support vulnerability analysis to threats such as natural disasters, manmade safety hazards, and terrorism, and will help analysts identify critical infrastructure and resources that must be protected against threats like these.