Bruno Sinopoli is an assistant professor in Electrical and Computer Engineering. His research interest focuses on the analysis and design of networked embedded control systems, with applications to sensor actuators networks.
posted by Richard Power
CyLab Chronicles: Let's begin by talking about the current state of the infrastructure. In your presentation at the 2009 CyLab Partners Conference, you characterized the infrastructure as "unsafe, aging, insecure, and inefficient." Give us a sense of the scope of issues and problems we face.
Bruno Sinopoli: I feel that our infrastructure has suffered several major setbacks. There are several examples being offered as evidence of this. Let me use a characterizing one. As of today, about 25% (or 150,000) of the bridges have been declared structurally deficient or functionally obsolete, according to data collected by the Department of Transportation. Analogously we could speak of many other infrastructures, from water distribution networks to Power or Transportation networks. In my view infrastructures suffer from two major problems. The first is structural deficiency, intended as the inability of performing the function it was designed for safely and reliably. This is usually due to deterioration of the infrastructure usually caused by poor maintenance. The second is functional obsolescence referred to as the existence of alternative technologies that can improve performance, efficiency and safety of existing infrastructure, if installed. This nomenclature can be translated to most infrastructures to show how many are unfit to perform their functions. Water distribution systems are deficient in terms of quality (see New York Times September 12, 2009) and efficiency, with enormous estimated losses on the network. Power grid infrastructure, while still largely reliable, is definitely functionally deficient as it is unable to transition, as it is, to a “smart grid” that can safely integrate renewable sources and perform the necessary dynamic balancing of generation and demand to ensure its efficient operation.
CyLab Chronicles: We don't just need more infrastructure, we need "smarter" infrastructure, don't we? But a smarter infrastructure is not necessarily a more secure infrastructure is it? What are some of the opportunities and challenges involved in developing and deploying new, smart infrastructure?
Sinopoli: The defining characteristic of a smart infrastructure is the ability to extract and process, possibly in real time, vital data that can used for status monitoring, fault detection or to directly control the infrastructure itself. Gathering data from a possibly large infrastructure requires the existence of an extensive sensing, communication and computing infrastructure. This, in addition to providing several opportunities to improve functionality and safety, imposes a number of important challenges. First and foremost the benefits of a smarter infrastructure need to offset the cost of installing and maintaining the cyber infrastructure required to enable this vision. Second, the presence of a large, physically distributed sensing and communication infrastructure raises concerns from a security and privacy standpoint, as it provides numerous potential opportunities for security attacks. A secure infrastructure therefore becomes a necessary condition for the development of smart infrastructures, as national security can be deeply impacted by successful attacks. Privacy is as well of paramount importance as users can be tightly monitored and tracked in every moment of the day. While my research focuses more on the security aspects, I would refer the interested readers to the work of other CyLab faculty, such as Professors Lorrie Cranor and Alessandro Acquisti, to name a few.
CyLab Chronicles: What are cyber-physical systems (CSP)? What role will they play in the new infrastructure?
Sinopoli: We refer to systems that bridge the cyber-world of computing and communications with the physical world as cyber-physical systems. Cyber-physical systems (CPS) are physical and engineered systems whose operations are monitored, coordinated, controlled and integrated by a computing and communication infrastructure. CPS will transform how humans interact with and control the physical world around us. We will be able not only to customize our infrastructure in real time to fit our needs, but we will be able to make it safer and more reliable. I believe that the CPS paradigm will permeate most markets, from medical devices and systems to aerospace systems, transportation vehicles and intelligent highways, defense and robotic systems and the built environment.
CyLab Chronicles: Tell us about the nature of attacks on CPS and your work on modeling and analyzing such attacks?
Sinopoli: CPS raise significant engineering challenges because of their scale, their need to bridge the physical, information and communication technology domains and their need to operate efficiently, securely and reliably. Today’s methods and tools for control systems engineering are unable to systematically cope with such requirements. Security, in particular, must enter the design process and cannot be considered an afterthought. Today’s designs are mainly driven by performance/cost considerations, resulting in brittle systems susceptible to attacks starting from both the physical and cyber side. The problem arises because CPS tend to be open systems, accessible both physically and through the communication network. The increasing use of the Internet will allow attackers to execute their attacks remotely. CPS have to be able to detect malicious attacks and guarantee continuity of operations perhaps with decreased functionality through graceful degradation rather abrupt. They also need to be able to reconfigure to eradicate attacks and restore full functionality. Attacks on CPS can be both physical and cyber. The presence of a large, physically distributed infrastructure does not allow tight physical security, leaving some assets vulnerable. From a cyber perspective, the use of public switched networks and the increasing use of wireless technology as a cost effective solution to handle the massive information exchange necessary to coordinate the several subsystems is likely to introduce to the CPS world many of threats existing in the cyber world. A concern in CPS system security is that an attacker would gain remote access to a large set of sensing and actuation devices and modify their software to launch a coordinated attack against the system infrastructure. Such an attack can be effective in disabling the system infrastructure in a region despite any inherent redundancies in the physical infrastructure. If the attack spans multiple utilities then the inter-dependency could make the consequences of the attack worse. While at a first glance the existence of more attack points can be perceived as an additional weakness of CPS, it also offers new opportunities to tackle them. For example the coupling of a sensing, information and communication infrastructure with a physical one allows us to use them as each other’s watchdog. Simply put, we can use system models to compute the CPS expected behavior and trigger an alarm if the cyber infrastructure shows measure large discrepancies. A model based approach also allows the designer to enforce security a design time rather than as an afterthought. Combining formal models of attacks with mathematical models of the CPS enables the designer to perform critical analysis aimed at developing successful detection schemes, identifying the crucial elements to protect, and plan effective countermeasures that can be used at runtime, thus guaranteeing operation continuity of the CPS infrastructure.
See all CyLab Chronicles articles