D. DeLaurentis 1
School of Aeronautics & Astronautics
Security in a System of Systems Context: Insights
from Recent Initiatives
Panel: Security for Energy Infrastructures
28-AUG-2013
Dan DeLaurentis Associate Professor
School of Aeronautics & Astronautics and
Center for Integrated Systems in Aerospace http://www.purdue.edu/research/vpr/idi/cisa/
Purdue University [email protected]
765-494-0694 https://engineering.purdue.edu/people/daniel.a.delaurentis.1/
D. DeLaurentis 2
School of Aeronautics & Astronautics
Mat
eria
ls
Mec
hani
cal
Nuc
lear
Engi
neer
ing
Info., Comm. & Perception Tech's
Nanotech's & Nanophotonics
Aer
onau
tics
& A
stro
naut
ics
Agr
icul
tura
l & B
iolo
gica
l
Tissue & Cellular Eng.
System-of-Systems
Purdue's Signature Areas Engi
neer
ing
Dis
cipl
ines
Adv. Materials & Mnf.
Energy
Sustainable Industrial Systems
Healthcare Eng.
Civ
il
Indu
stria
l
Con
stru
ctio
n &
Man
agem
ent
Ele
ctric
al &
Com
pute
r
Edu
catio
n
Polic
y
Ope
ratio
ns
Econ
omic
s
Bio
med
ical
Che
mic
al
System-of-Systems spans disciplines, domains and
global problems
Context
D. DeLaurentis 3
School of Aeronautics & Astronautics
System Engineering AND (not vs.) System-of-Systems Engineering
• Distributed, network of independently operating systems that may collaborate
• Emergent Behavior (good or bad) • e.g., Net-Centric Defense, Energy, Air Transportation System
• Typically a single product or system • Well-defined requirements (ha ha!) • Still hard – Complex Systems • e.g., aircraft, tower, rocket
System Engineering System of Systems Engineering
D. DeLaurentis 4
School of Aeronautics & Astronautics
Types of SoS* • Directed
– SoS objectives, management, funding and authority; systems are subordinated to SoS
• Acknowledged – SoS objectives, management, funding and authority; however
systems retain their own management, funding and authority in parallel with the SoS
• Collaborative – No objectives, management, authority, responsibility, or funding at
the SoS level; Systems voluntarily work together to address shared or common interest
• Virtual – Like collaborative, but systems don’t know about each other
SoS SE Guide focuses on ‘Acknowledged’ SoS
*DoD SoS SE Guide, via J. Dahmann (MITRE)
D. DeLaurentis 5
School of Aeronautics & Astronautics
Structuring the Big Picture: SoS Hierarchy & Scope Dimensions • A flexible framework allows the various systems,
contexts, hierarchy and interrelationships to be identified and described.
• ROPE Table • Avoid lexicon confusion in trans-domain applications
Resources Operations Policy Economics α β
γ δ
D. DeLaurentis 6
School of Aeronautics & Astronautics
Multiple Networks that Evolve
Evolution of transport network topology is influenced by other network layers in the SoS . . .
Transport network = network of airports connected by flight service routes
Existing Route
New Route
Removed Route
Southwest Airlines Network (1990-2005)
(e.g., PAX demand network, infrastructure network, stakeholder network & policies)
D. DeLaurentis 7
School of Aeronautics & Astronautics
Networks in the real NAS*
• Transport network – Nodes: aircraft & ATC – Links: communication
• Capacity network – Nodes: airports – Links: service routes
• Crew network – Nodes: cities/airports – Links: crew missions
• Mobility network – Nodes: trip
origins/destinations – Links: PAX trips
picture
* Terminology courtesy of Bruce Holmes
D. DeLaurentis 8
School of Aeronautics & Astronautics
D. DeLaurentis 9
School of Aeronautics & Astronautics
Exemplar 1: FAA’s NextGen Transformation
• Ground-based technology • Dependent on human
interface and decisions made on the ground
• Limited use of automation • Single channel voice
control • Aging Infrastructure
• Satellite navigation • Digital non-voice
communication and advanced networking
• Collaborative operations with decisions made in the cockpit
• Flight crews have increased control over their trajectories
Today Enabled by NextGen
http://www.faa.gov/nextgen/
D. DeLaurentis 10
School of Aeronautics & Astronautics
Exemplar 2: Ballistic Missile Defense (MDA sponsored project at Purdue since August 2010)
Source: mda.mil
A clear example of a “system of systems”….or “agglomeration of systems”
D. DeLaurentis 11
School of Aeronautics & Astronautics
Pain Points Question
SoS Authority What are effective collaboration patterns in systems of systems?
Leadership What are the roles and characteristics of effective SoS leadership?
Constituent Systems What are effective approaches to integrating constituent systems into a SoS?
Autonomy, Interdependencies & Emergence
How can SE provide methods and tools for addressing the complexities of SoS interdependencies and emergent behaviors?
Capabilities & Requirements How can SE address SoS capabilities and requirements?
Testing, Validation & Learning
How can SE approach the challenges of SoS testing, including incremental validation and continuous learning in SoS?
SoS Principles What are the key SoS thinking principles, skills and supporting examples?
Survey identified seven ‘pain points’ raising a set of SoS SE questions
From: “Systems of Systems Pain Points”, Dr. Judith Dahmann, INCOSE Webinar Series on Systems of Systems, 22-FEB, 2013
D. DeLaurentis 12
School of Aeronautics & Astronautics
Define security risk • To develop a resilient SoS, it is necessary to define security risk and sources
of its generation. • Risk is a function of the threat, the vulnerabilities of the constituent systems
to be protected, and consequences of compromise of the systems.1 o Threat: - intent of the adversary (targeted attack vs. random attack) - capability (high or low probability to destroy a system) o Vulnerabilities: - inherent failure - operationally introduced failure by cyber-security attack o Consequences: - fixable to the impacted systems
- fatal to the impacted systems
𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅 = 𝑓𝑓(𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡, 𝑣𝑣𝑣𝑣𝑣𝑣𝑣𝑣𝑡𝑡𝑡𝑡𝑡𝑡𝑣𝑣𝑅𝑅𝑣𝑣𝑅𝑅𝑡𝑡𝑅𝑅𝑡𝑡𝑅𝑅, 𝑐𝑐𝑐𝑐𝑣𝑣𝑅𝑅𝑡𝑡𝑐𝑐𝑣𝑣𝑡𝑡𝑣𝑣𝑐𝑐𝑡𝑡𝑅𝑅)
1P. Kaminski, "Task force report: resilient military systems and the advanced cyber threat," Office of the under secretary of defense for acquisitioin, technology and logistics, Washington, D.C., January 2013.
D. DeLaurentis 13
School of Aeronautics & Astronautics
Represent risk levels
Intent
o intent of the adversary (targeted attack vs. random attack)
o Capability (high vs. low probability to destroy a system)
o inherent failure
o operationally introduced failure by cyber-security attack
o Consequences (fixable vs. fatal )
D. DeLaurentis 14
School of Aeronautics & Astronautics
Three types of interdependency failure/attacks
Link failure No communication between systems
Node failure System failure
& No communication between systems
Infected link Communication with
wrong information between systems
D. DeLaurentis 15
School of Aeronautics & Astronautics
Big Picture Summary: • There exists a variety of SoS types • SoS spans dimensions of Resources (Hardware &
Software), Operations, Policy, Economics …. (ROPE) • SoS spans multiple layers of hierarchy of
components…need ability to abstract properly in modeling and thinking
• SoS brings new opportunities and new risks • Different stakeholders have different needs for decision-
tools to influence SoS – System builders – Technology developers – SoS architects – Regulators – Threat agents
D. DeLaurentis 16
School of Aeronautics & Astronautics
MODELING INSIGHTS
D. DeLaurentis 17
School of Aeronautics & Astronautics
Manage Complexity and Trade Objectives Across Levels
• Requirements & ops uncertainty • Modeled & un-modeled interdependencies Within and between levels of abstraction
• Dynamic connectivity & porous boundary Nature of an open system
• Multiplicity of perspectives in participants A root cause of interoperability issues
Aggregation
α
β
γ One notion of Complexity:
the amount of information necessary to describe regularities in the system effectively
Sour
ces
of C
ompl
exity
D. DeLaurentis 18
School of Aeronautics & Astronautics
SoS Methods Focus at Purdue
• Frameworks and quantitative methods needed to design, plan and operate systems of systems, e.g.: – Optimization – Game theory – Behavioral decision-making – Dynamics, sensing and control – Stochastic and uncertainty assessment – Networks – Simulation and modeling
D. DeLaurentis 19
School of Aeronautics & Astronautics Solberg Chart (Retired) Prof. James Solberg, School of IE, Purdue University
D. DeLaurentis 20
School of Aeronautics & Astronautics
Why study networks for SoS
20
SoS Models
Operating SoS in the World
Generate data
Observe, record data Develop networks from patterns/structure in data
Correlate w/SoS performance
Analyze patterns/structure
or cost
(static)
(dynamic) Evolution Prediction
Theories Adaptation Polices
Complexity
Sensitivity Analysis, Monte Carlo, etc.
D. DeLaurentis 21
School of Aeronautics & Astronautics
An Agent-based + Network Simulation
Aeronautics & Astronautics
* ODAS Stated-Pref Survey
D. DeLaurentis 22
School of Aeronautics & Astronautics
RT-44b: SoS Analytic Workbench (sponsored by DoD SERC UARC)
Examples of “where they live”
D. DeLaurentis 23
School of Aeronautics & Astronautics
Analytic Workbench – Inputs for SoS Analysis
Data elements for analysis
LegendCOD Criticality of DependencySOD Strength of DependencyConnectivity Connection between systems
based on individual capabilities
Connectivity, COD, SOD
Candidate System Data >Capabilities
>Requirements
Distribution Data: P(failure), risks, develop time,
reliability
Directional connectivity, event rule
trigger
Methods Inputs for Method
FDNA/DDNA Criticality of Dependency (COD), Strength of dependency (SOD), Connectivity
Bayesian Networks
Failure probabilities of constituent systems, directional connectivity
Architecture alternatives
Robust Portfolio Capabilities, Development & Integration time for each system
System compatibilities, cost Petri Nets System capabilities, rules for event triggering Architecture alternatives Stand-In Redundancy System reliability data, system capabilities
System costs (operating, downtime, cost), Architecture alternatives
D. DeLaurentis 24
School of Aeronautics & Astronautics
Analytic Workbench - Outputs of SoS Analysis
& Verification
Workbench – Verification via ‘Truth Model’ (e.g. Agent Based Model) Output of SoS Analysis
SoS new architecture
Chosen SoS systems &
connections
Inputs to ‘Truth Model’ (e.g. system capabilities,
connections) of ‘new architecture’
SoS Performance evaluation based on
‘new architecture’
D. DeLaurentis 25
School of Aeronautics & Astronautics
Evaluating a SoS resilience using Bayesian Nets
Bayesian Networks Model Assumption:
- Directional graph
Inputs: Failure probabilities
of constituent systems
Conditional probabilities
Architectures
Outputs: Critical systems
(Criticality of systems)
Resilience patterns
0.40.50.60.70.80.9
11.11.2
Cond
ition
al R
esili
ence
Entity names in LCS systems
architecture 1 architecture 2
00.10.20.30.40.50.60.70.80.9
1
0 60 120 180 240 300 360 420 480 540 600
Prob
abili
ty to
com
plet
e a
mis
sion
Time (mins)
architecture 1
architecture 2
D. DeLaurentis 26
School of Aeronautics & Astronautics
Faults in the Sensor Network
• Types of faults (in Sensor measurement) – Change in measurement covariance (R) – Outliers in sensor measurements – Bias in sensor measurement
Our Goal: ExtendKalman Consensus Filter (KCF) to detect faults in the sensor network.
Note: There is no Fusion Center
T Sensor network tracking the target T
1 2
3
4
(𝐻𝐻1)𝑇𝑇(𝑅𝑅1)−1𝑧𝑧1
Target trajectory
(𝐻𝐻3)𝑇𝑇(𝑅𝑅3)−1𝑧𝑧3
(𝐻𝐻4)𝑇𝑇(𝑅𝑅4)−1𝑧𝑧4
(𝐻𝐻2)𝑇𝑇(𝑅𝑅2)−1𝑧𝑧2
D. DeLaurentis 27
School of Aeronautics & Astronautics
ONGOING ACTIVITIES IN EUROPE
D. DeLaurentis 28
School of Aeronautics & Astronautics
Emerging Strategic Research and Education Agenda in SoS
Trans-Atlantic Research and Education Agenda in System of Systems
Prof. Michael Henshaw NDIA Presentation, 08th April 2013
D. DeLaurentis 29
School of Aeronautics & Astronautics
T-AREA-SoS • SoS(E) - important area for economic and societal development within the EU • European Commission FP7 Support Action
– Support to the commission in developing priority research areas – Support to programmes through facilitating collaboration
• 24 Month Project, currently in the Month 20
D. DeLaurentis 30
School of Aeronautics & Astronautics
Objectives of T-AREA-SoS
• Identify research themes in SoSE • Create an Expert Community • Identify state of the art and gaps in research • Create a common language and expression of the SoS
concepts
• Create a strategic research agenda in SoSE
• Identify the skills for system developers and system users • Make recommendations on training and education
D. DeLaurentis 31
School of Aeronautics & Astronautics
T-AREA-SoS Consortium
D. DeLaurentis 32
School of Aeronautics & Astronautics
Expert Community
Register yourself as an expert: www.tareasos.eu/registration.php
Currently 70+ Experts, and growing Manufacturing
ICT Defense
Energy
Healthcare
Transport
D. DeLaurentis 33
School of Aeronautics & Astronautics Eric Honour
+1 (615) 614-1109 [email protected] Designing for Adaptability and.
evolutioN in System of systems Engineering (DANSE)
D. DeLaurentis 34
School of Aeronautics & Astronautics
DANSE in a Nutshell • Develop approaches for SoS engineering (design +
manage) – Methodology to support evolution, adaptive and iterative SoS life-
cycle – Contracts as semantically-sound model for SoS interoperations – Approaches for SoS architecting – continuous and non-disruptive
system component integration – Supportive tools for SoS analysis, simulation and optimization
• Validation by real-life test cases – Air Traffic Management; Autonomous Ground Transport; Integrated
Water Treatment and Supply
• Exploitation & dissemination of SoS technology
D. DeLaurentis 35
School of Aeronautics & Astronautics
DANSE Consortium Loughborough
University
EADS France
THALES
INRIA Rennes
SODIUS Advanced Laboratory on Embedded Systems
OFFIS Co-ordinator
EADS Germany
Carmeq
Israel Aerospace Industries
IBM Haifa
Contact: Bernhard Josko [email protected]
Honourcode (technical support)
D. DeLaurentis 36
School of Aeronautics & Astronautics
Big Picture Summary: • There exists a variety of SoS types • SoS spans dimensions of Resources (Hardware &
Software), Operations, Policy, Economics …. (ROPE) • SoS spans multiple layers of hierarchy of
components…need ability to abstract properly in modeling and thinking
• SoS brings new opportunities and new risks • Different stakeholders have different needs for decision-
tools to influence SoS – System builders – Technology developers – SoS architects – Regulators – Threat agents
D. DeLaurentis 37
School of Aeronautics & Astronautics
Thank You
D. DeLaurentis 38
School of Aeronautics & Astronautics
Security for Energy Infrastructures • What is a SoS and why is it Relevant here?
– Defns & Types – Examples: ATS, DoD/MDA, Energy – ROPE Scope – Key challenges (openess vs security)
• Modeling – ABM, Nets, Kneema, Analytic Workbench – Soutwest chart
• Who and Where – EU projects – SERC Analytic Workbench – LSS, Requirements Enginineering, Sensor Nets, etc
D. DeLaurentis 39
School of Aeronautics & Astronautics
Backup
D. DeLaurentis 40
School of Aeronautics & Astronautics
MDA & ATS studies
D. DeLaurentis 41
School of Aeronautics & Astronautics
Agents Enable SoS Behaviors
• Instantiation of a system – Human, business, technological
(aircraft, sensor), communications, etc.
• Described in terms of – Desires or goals – Capability – Beliefs, knowledge, information
• Attributes, resources • Physics-based, heuristic, and/or
organizational behavior models • Decision logic/rules
• Functions can be placed in different locations
Approved for Public Release 12- MDA-6880 (6 June 12)
From: Mane, M., DeLaurentis, D., “Airborne Platform Management Strategies in a Many-Threat Environment,”
proceedings of AIAA InfoTech, June, 2012. AIAA-2012-2546.
Top Related