Subs, Ships, & Satellites: "The Internet of Invisible Things"
“When worlds collide!” is not just another random Seinfeld reference, it is the wake-up call for all security practitioners and cyber-savvy citizens to better understand Cyber-Physical Systems. Humans depend upon such systems in order to survive and yet the web of interdependencies that we spin up for more efficiency require us to depend upon such systems to understand our quickly-evolving cyber-physical environments. Although necessary, convenient, and less costly, the increase in general-purpose computational devices has the potential to introduce ‘weird machines’ into our critical infrastructure as well as the systems used to make sense of their interdependencies.
“When worlds collide!” is not just another random Seinfeld reference, it is the wake-up call for all security practitioners and cyber-savvy citizens to better understand Cyber-Physical Systems. Humans depend upon such systems in order to survive and yet the web of interdependencies that we spin up for more efficiency require us to depend upon such systems to understand our quickly-evolving cyber-physical environments. Although necessary, convenient, and less costly, the increase in general-purpose computational devices has the potential to introduce ‘weird machines’ into our critical infrastructure as well as the systems used to make sense of their interdependencies.
New threat catalogs are required to design systems that are safe, secure and resilient. No longer is it enough to understand that a threat exists, but the context in which that threat may exist can determine its potential impact. Our talk moves beyond the hype, and takes a “deep dive” into the maritime eco-system—a nexus of critical infrastructure and commerce upon which 21st century supply chains depend. Based on interactions with practitioners around the world, we will present a type system that captures cyber-physical dependencies within an artificial but realistic shipping port system. Although such a type system of Cyber-Physical modeling primitives—based on the principles of LangSec—is used in current academic research, in this talk we will demonstrate its use in the PacketWars cyber-simulation and gaming environment as a tool to evaluate risk assessment methodologies, CPS visualization, and the impact of threats based on actual intelligence.
We view this platform as a tool by which researchers can evaluate their analysis and response algorithms within the context of a realistic gaming environment. Furthermore, it is a platform for training others how to navigate an increasingly complex, interconnected environment; a web woven by the Internet of Invisible Things.