S. Warnick, A. Brown & S. Roy
Washington State University, Washington, United States
Keywords: cyber security, dynamic systems, security assessment, cyber attack, AIAchilles Heel Technologies is a novel technology for analyzing complex cyber-physical-human systems to discover the weak spots an attacker would target, if they could. Target systems include critical infrastructures, such as theater-wide power, water, transportation, or air-traffic control systems, in addition to more focused targets, such as specific chemical manufacturing facilities, etc. Results are platform-independent, computed from how information diffuses through the system to achieve functionality rather than specific protocols currently used to move such information. The technology can analyze an insider model as easily as an outsider model, leading to insights about insider threats in addition to external threats. It has an automatic attack design feature, giving it both red and blue hat capabilities, and it helps a user explore mitigation strategies by enabling counter-factual “what if” analyses. The current prototype focuses on three types of attacks: 1) denial of service via instability attacks leveraging hidden triggers for cascading failure, 2) state hijacking attacks, enabling the commandeering of parts of a system to foreign control and 3) state inference attacks, empowering unauthorized access to system-wide critical information.