A wide array of complex systems that rely on computers — from public water supply systems and electric grids to chemical plants and self-driving vehicles — increasingly come under not just digital but physical attacks. Bruce McMillin, professor and interim chair of computer science at Missouri S&T, is looking to change that by developing stronger safeguards for cyber-physical systems (CPS), thanks to a nearly $1 million grant from the National Science Foundation.
The consequences of such attacks could be catastrophic and range from financial ruin to loss of life, says McMillin, the project’s principal investigator. And the myriad access points to such data — from smart meters and security cameras to autonomous cars and wearable devices — only exacerbate the risks.
“The nation’s critical infrastructure is increasingly dependent upon systems that use computers to control vital physical components,” he says.
“The research aims to ensure that such systems ‘do what they’re supposed to do’ despite an attack by building in defenses that make sure each component behaves and works well with others,” McMillin adds. “The objective: produce from untrusted components a trusted CPS that is resilient to security attacks and failures.”
Jonathan Kimball, Missouri S&T professor of electrical and computer engineering, and Rui Bo, an S&T assistant professor of electrical and computer engineering, are co-principal investigators. The research team also includes Jennifer Leopold, associate professor of computer science from S&T, and Aditya Mathur, a Purdue University computer science professor.
The project will test the more robust cyber-physical systems on a high-fidelity water treatment system as well as an electrical power test bed to align “concepts from distributed computing, control theory, machine learning and estimation theory to synthesize a complete mitigation of the security and operational threats to a CPS,” McMillin says.
“The key difference from current methods is that security holes will be identified and plugged automatically at system design times, then enforced during run time without relying solely on secure boundaries or firewalls,” he says.
The NSF grant includes an outreach component to develop educational games to introduce cyber-physical security concepts to children from kindergarten through eighth grade.