Covert Cognizance: Embedded Intelligence for Industrial Systems

Can a critical industrial system, such as a nuclear reactor, be made self-aware and cognizant of its operational history? Can it alert authorities covertly to malicious intrusion without exposing its  defense  mechanisms?  What  if  the  intruders  are  highly  knowledgeable  adversaries,  or  even  insiders that may have designed the system? This thesis addresses these research questions through a novel physical process defense called Covert Cognizance (C2). 

C2  serves  as  a  last  line  of  defense  to  industrial  systems  when  existing  information  and  operational technology defenses have been breached by advanced persistent threat (APT) actors or insiders. It is an active form of defense that may be embedded in an existing system to induce intelligence,  i.e.,  self-awareness,  and  make  various subsystems  aware  of  each  other.  It  interacts with the system at the process level and provides an additional layer of security to the process data therein without the need of a human in the loop. 

The C2 paradigm is  founded on two core requirements – zero-impact and zero-observability. Departing from contemporary active defenses, zero-impact requires a successful implementationto leave no footprint on the system ensuring identical operation while zero-observability requires that the embedding is immune to pattern-discovery algorithms.  In other words, a third-party such as  a  malicious  intruder  must  be  unable  to  detect  the  presence  of  the  C2  defense  based  on  observation of the process data, even when augmented by machine learning tools that are adept at pattern discovery. 

In the present work, nuclear reactor simulations are embedded with the C2 defense to induce awareness across subsystems and defend them against highly knowledgeable adversaries that have bypassed existing safeguards such as model-based defenses.  Specifically, the subsystems are made aware  of  each  other  by  embedding  critical information from  the  process  variables  of  one sub-module  along  the  noise of  the  process  variables  of  another,  thus  rendering  the  implementation  covert and  immune  to  pattern  discovery.   The  implementation  is  validated  using  generative adversarial  nets,  representing  a  state-of-the-art  machine  learning  tool,  and  statistical  analysis  of  the  reactor  states,  control  inputs,  outputs  etc. The  work  is  also  extended  to  data  masking  applications  via  the  deceptive  infusion  of  data  (DIOD)  paradigm.  Future  work  focuses  on  the  development of automated C2 modules for “plug ‘n’ play” deployment onto critical infrastructure and/or their digital twins.