Cyber Analytics, Behavior and Resilience

Beyond the focus on technical aspects of cybersecurity, the Cyber Analytics, Behaviors and Resilience efforts investigate aspects of security practice that involve human behavior, address trust of code and networks and try to measure resilience of individuals and societies to cyber events. Six projects are currently underway.

US-UK Collaboration on Resilience and Security (ColoRS)
Next-Generation Communications and Interoperability (NGCI)
Cyber Identity (Cy-dentity)
Visual Analytics for Security Applications (VASA)
Super Identity (SuperID)
Spatiotemporal Network Dynamics for Community Detection

US-UK Collaboration on Resilience and Security (ColoRS)

CSD continues to work with the United Kingdom’s (U.K.) Home Office on a number of joint cybersecurity efforts to enable cost-sharing, shared IP rights and shared access to project results. These engagements consider technical topics, such as insider threat, national critical infrastructure security, big data, and cyber forensics. The overall intent is to develop longer term strategic collaborations with partners that have complementary interests to help ensure the maximum impact and value. As an extension of this relationship, in 2013, S&T and the U.K. Home Office signed an Information Sharing Annex to support a joint project called Collaboration on Resiliency and Security (ColoRS). ColoRS is a collaboration between CSD and the U.K. Science and Technology Facilities Council. The purpose of this project is to identify areas of mutual interest related to resilient critical or societal infrastructures, which will lead to further focus and research. This work will focus on three topical areas:

Securing Infrastructure from Cyber Disruptions
Modeling and Measuring Societal Resilience during a Cyber Event
Streaming Analytics for Effective Data Exploitation

Visual Analytics for Security Applications (VASA)

The Visual Analytics for Security Applications (VASA) project is applying visual analytics to disaster prevention and crisis response, with a focus on critical infrastructures in logistics, transportation, food safety, digital networks, and power grids at the national levels. The connectedness and dependency of these critical infrastructures make the problem of monitoring and understanding their functioning and dependencies one of the most complex analytical tasks faced by our societies. Their proper functioning is crucial for the well-being of the population, economic viability and most of all to prevent loss of life. A number of U.S. universities and the Pacific Northwest National Laboratory are actively engaged in research under VASA focusing on the key aspects of interdependencies of failures, cascading effects, response, resiliency and holistic risk management across infrastructures.

Cyber Identity (Cy-dentity)

The Cyber Identity (Cy-dentity) seedling project will combine provenance, network security, and identity management in a process that would secure cyber and critical infrastructure networks through high-precision identity attribution. This project complements current protection-focused cyber security measures, such as those being investigated in most CSD projects, and offers a method for measuring, quantifying and expressing the relative security of cyber infrastructures. This seedling will fund an exploratory activity to further develop various approaches for demonstrating this concept.

Super Identity (SuperID)

The Super Identity (SuperID) project merges identity artifacts across the biometric, cyber, psychological and biographical domains to enable identification and attribution across physical and online environments. Use cases from DHS operational components, law enforcement, intelligence, and consumer applications guide the focus on bridging across these domains. The project employs cognitive psychologists, social psychologists, cyber security experts, forensic anthropologists, biometric engineers, user researchers and designers to discover connections between the different domains of a person’s identity. This project is a collaboration between six U.K. universities funded by the Engineering and Physical Sciences Research Council (EPSRC) (Southampton, Leicester, Oxford, Dundee, Bath, Kent) and the Pacific Northwest National Laboratory (PNNL). The goal of all research efforts within the Super Identity team is to contribute to an integrated model of the cyber, biometric, psychological and biographical elements of identity. Taking a data driven approach, a 120-person data collection study was performed in the U.K. to identify potential connections among these elements. In order to organize and annotate all the results from the research, the elements and transforms between them are represented as a graph called the “Super Identity Model.” To bind the problem to realistic applications, use cases were researched through several interviews with law enforcement and intelligence communities. At the end of the project, PNNL will deliver an interactive visual environment that supports identification and attribution decisions through the Super Identity Model.

Spatiotemporal Network Dynamics for Community Detection (SNDCD)

Within social networks, there exist communities of users that grow and shrink over time. These communities share information, and their network links and shared information can provide additional information about the spread of topics and information exchange in both the real and virtual world. These connections can provide direct clues as to the nature of an individual’s identity and their role within both online and offline communities, allowing for the creation of cyber-geodemographic profiles. In order to extract such information, the “Who Do You Think You Are?” (WDYTYA) Spatiotemporal Network Dynamics for Community Detection (SNDCD) project will explore the overall characterization of social network structure with respect to its relationship with geographic places. The goal of SNDCD is to link information pertaining to real and virtual worlds in order to better manage the uncertainties inherent in establishing human identity. The basic premise is that uncertainty in identifying and characterizing individuals may be managed and understood by: (a) exploring and analyzing spatiotemporal profiles of lifestyles and activity patterns; (b) concatenating and conflating detailed but under-exploited datasets in the virtual and real domains; and, more speculatively (c) seeking and analyzing crowd sourced volunteered data that link physical and virtual identities. Through these actions it may be possible to improve our ability to characterize and validate an individual’s identity, to devise improved profiles of individuals and groups that bridge the real and virtual domains, and to document and manage the uncertainties inherent in these tasks.