Automated Red Teaming for Cyber-Physical Systems

PI: Arnab Bhattacharya
Cyber red teaming (CRT) is an offensive testing exercise widely used to assess and detect underlying vulnerabilities in cyber-physical systems (CPS). Examples of CRT include offensive exercises for the power grid, grid-efficient building systems with renewable integration, and next-generation transportation networks for electric-vehicle fleets. CRT provides a comprehensive security assessment via adversary emulation, allowing system administrators to identify, contain, and mitigate cyber threats and determine post-compromise resilience of cyber systems.
Current CRT exercises require a highly skilled team of cybersecurity experts to manually draft attack sequences, which can be time-consuming, costly, and personnel constrained. CRT becomes even more challenging in CPS that integrate highly intertwined layers of computing resources, communication protocols, control systems, and physical processes. The complex interdependencies between multiple sources of operational uncertainties, complexity of the physical dynamics, and severity of service disruptions in critical infrastructures pose unique challenges to traditional CRT procedures that require the need for more automated methods.
Researchers at PNNL are developing a novel artificial intelligence-assisted automated approach to adaptively learn and generate feasible attack scenarios for CPS. This automated scenario generation pipeline operates at machine speed and accommodates expert input to augment the learning strategy. This approach uses a closed-loop, offline, machine learning framework built using reinforcement learning to accomplish multi-step attacks over both the cyber and physical layers. A high-fidelity system emulator provides domain-aware feedback to generate realistic synthetic attack scenarios. The impact of this work will be to provide improved confidence in detecting and protecting against real adversarial attacks in mission critical national security applications.