Vulnerability Analysis - Center for Infrastructure Defense
When it comes to critical infrastructure systems, NPS has a unique perspective and capability.
- We have been studying critical infrastructure for decades.
- We look at our own domestic infrastructure through the eyes of intelligent adversaries.
- We have conducted over 150 “red team analyses” to plan attacks on our own infrastructure, and determine how to mount effective hardening and defensive efforts ("blue team analyses")
Systems Modeling: We model the operation of a system.
Our view of critical infrastructure systems holds that the function of each system, and especially continuity
of that function, is of primary importance. We view an infrastructure as a collection of interconnected components that work together as a system to achieve a particular, domain-specific function. It does this through either human or automated decision making that responds to the demands placed on the system to provide the best possible function in any given situation. This decision making is commonly termed the operation of the system, and an operational model of a system is any mathematical model that evaluates the performance of a system (through a cost function, or some other quantitative evaluation of its operation) and that explicitly includes this operational decision making in its formulation.
System operation can be almost anything,but we often model it as a network flow. Electricity flows through the power grid. Water flows through a pipeline network. Vehicles flow through a network of highways and roads. Information flows through communication networks. Goods and materials flow through supply chains. Continuity of operation for many critical infrastructures can be understood in terms of the ability to deliver flow in the presence of disruptions.
Red Teaming: We identify worst-case disruptions.
In practice, infrastructure owners and operators must contend with both non-deliberate hazards (e.g.,
accidents, failures, and Mother Nature) and deliberate threats (e.g., vandalism, sabotage, competitors,
and terrorism). Military planners have learned to deal with deliberate threats, primarily through the analysis of worst-case outcomes—one assumes that the adversary is intelligent and will act to inflict the most possible harm based on his capability. The key idea is to base assessments on what the adversary can do, as opposed to guesses about what the adversary wants to do. This is conservative, but prudent, and the use of red-teaming techniques provides an effective way of discovering hidden dependencies between system components.
We can also use scenarios of interest or probabilities into traditional risk-based analyses. However, principles of reliability andrisk are—by necessity—based on knowledge of past events. They are not suited to adapt
infrastructure to dramatic change and/or future surprising events.
Blue Teaming: We identify optimal investments to improve system resilience
Determining how we should invest limited resources to make our infrastructures resilient to disruption is a system design problem. We use of our models to assess improvements from potential investments, ranging from (i) hardening andreinforcement, to (ii) redundancy and backup functionality, to (iii) capacity expansion and/or new construction. In some military applications, this is known as mission assurance, and such analysis adds another layer of difficulty to the general problem of using appropriate analyses to protect infrastructure systems.
Fundamental Contributions: Network Interdiction Models.
Network interdiction problems (also called Attacker-Defender problems) focus on situations where an attacker will target one or more arcs in a network in a way that most impacts its performance (e.g., minimizing the maximum flow or maximizing the shortest path). The defender is the operator of the network that will select decisions so the network performs as well as possible after the perturbation. The modern study of network interdiction problems was started by fundamental contributions of Prof. Kevin Wood (1993), along with other faculty at NPS. [Picture of Kevin Wood by electric transmission tower to go somewhere here]
- Wood, R.K., 1993, “Deterministic Network Interdiction,” Mathematical and Computer Modelling, 17, pp. 1-18.
- Washburn, A. and Wood, K., 1995 “Two-Person Zero Sum Games for Network Interdiction,” Operations Research, 43, pp. 243-251.
- Israeli, E. and Wood, R.K., 2002, “Shortest-Path Network Interdiction,” Networks, 40, pp. 97-111.
- Brown, G., Carlyle, M., Salmerón, J. and Wood, K., 2006, “Defending Critical Infrastructure,” Interfaces, 36, pp. 530-544.
- Wood, R.K., 2011, “Bilevel Network Interdiction Models: Formulations and Solutions,” in Wiley Encyclopedia of Operations Research and Management Science. DOI: 10.1002/9780470400531.eorms0932