Peer Reviewed Journal and Conference Proceedings
When Satellites Attack: Satellite-to-Satellite Cyber Attack, Defense and Resilience
AIAA ASCEND 2020 Conference
The United States is increasingly reliant on space systems for civil and military operations. Therefore, it is no surprise that adversaries are interested in compromising these systems via cyber attack. This paper describes a new class of satellite-to-satellite cyber attacks. While such attacks were previously limited to a select group of nation-states, low-cost cubesats and ground station cloud services make these attacks increasingly feasible and accessible to adversaries. There are no publicly documented instances of satellite-to-satellite cyber attacks occurring at the time of publication, but the technical feasibility is described herein along with proposed defense and resilience techniques. Policy recommendations to help manage the risk of satellite-to-satellite attacks are also discussed.
A Distributed `Black Box' Audit Trail Design Specification for Connected and Automated Vehicle Data and Software Assurance
SAE International Journal of Transportation Cybersecurity and Privacy
Automotive software is increasingly complex and critical to safe vehicle operation, and related embedded systems must remain up-to-date to ensure long-term system performance. Update mechanisms and data modification tools introduce opportunities for malicious actors to compromise these cyber-physical systems, and for trusted actors to mistakenly install incompatible software versions. A distributed and stratified “black box” audit trail for automotive software and data provenance is proposed to assure users, service providers, and original equipment manufacturers (OEMs) of vehicular software integrity and reliability. The proposed black box architecture is both layered and diffuse, employing distributed hash tables (DHT), a parity system and a public blockchain to provide high resilience, assurance, scalability, and efficiency for automotive and other high-assurance systems.
A Smart City Internet for Autonomous Systems
IEEE Symposium on Security and Privacy, Workshop on Assured Autonomous Systems, 2020
A smart city involves critical infrastructure systems that have been digitally enabled. Increasingly, many smart city cyber-physical systems are becoming automated. The extent of automation ranges from basic logic gates to sophisticated, artificial intelligence (AI) that enables fully autonomous systems. Because of modern society's reliance on autonomous systems in smart cities, it is crucial for them to operate in a safe manner; otherwise, it is feasible for these systems to cause considerable physical harm or even death. Because smart cities could involve thousands of autonomous systems operating in concert in densely populated areas, safety assurances are required. Challenges abound to consistently manage the safety of such autonomous systems due to their disparate developers, manufacturers, operators and users. A novel network and a sample of associated network functions for autonomous systems is proposed that aims to provide a baseline of safety for autonomous systems in a smart city ecosystem. A proposed network called the Assured Autonomous Cyber-Physical Ecosystem (AACE) would be separate from the Internet, and enforces certain functions that enable safety through active networking. Each smart city could dictate the functions for their own AACE, providing a means for enforcing safety policies across disparate autonomous systems operating in the city's jurisdiction. Such a network design sits at the margins of the end-to-end principle, which is warranted considering the safety of autonomous systems is at stake as is argued in this paper. Without a scalable safety strategy for autonomous systems as proposed, assured autonomy in smart cities will remain elusive.
Cyber Risk Research Impeded By Disciplinary Barriers
Falco, Eling, Jablanski, Weber, Miller, Gordon, Wang, Schmit, Thomas, Elvedi, Maillart, Donavan, Dejung, Durand, Nutter, Arazi, Ohana, Scheffer, Lin
Cyber risk encompasses a broad spectrum of risks to digital systems, such as data breaches or full-fledged cyber attacks on the electric grid. Efforts to systematically advance the science of cyber risk must draw on not only computer science but also fields such as behavioral science, economics, law, management science, and political science. Yet, many scholars believe that they have sufficient understanding of other fields to comprehensively address the inherently cross-disciplinary nature of cyber risk. For example, a statistician might apply Bayesian modeling to predict future cyber events, even though it is not entirely clear what bearing historical cyber events have on future ones. Computer scientists might write on data protection laws, yet with little knowledge of legal jurisdiction issues. Such questions of disciplinary ownership, the inability to coordinate across disciplines, and the undefined scope of the problem domain have thus plagued inherently cross-disciplinary cyber risk research. Drawing on global expertise and challenges from industry, academia, nonprofit organizations, and governments, we adapted the classical risk-management process to identify core research questions for cyber risk, gaps in knowledge that need to be addressed for advances in security, and opportunities for cross-disciplinary collaboration for each area. Although we mention specific disciplines reflective of our backgrounds, these are not the only ones that should be conducting cyber risk research.
NeuroMesh: IoT Security Enabled by a Blockchain Powered Botnet Vaccine
IEEE International Conference on Omni-Layer Intelligent Systems (COINS), 2019
Falco, Li, Fedorov, Caldera, Arora, Jackson
Internet-of-Things (IoT) devices are ubiquitous and growing rapidly in number. However, IoT manufacturers have focused on the functionality and features of the devices and made security an afterthought. Since IoT devices have small memory capacities and low-power processors, many security firms have not been able to develop anti-malware software for these devices. Current IoT security solutions are heavy and unreliable. We have developed a lightweight IoT security solution that uses hacker tools against the hackers-in essence, a vaccine for IoT. Our software provides managed security and intelligence to IoT devices using a "friendly" botnet operated through a proven, existing communication infrastructure for distributed systems-the Bitcoin blockchain.
Journal of Cyber Policy, 2019
Falco, Noriega, Susskind
Technical tools dominate the cyber risk management market. Social cybersecurity tools are severely underutilized in helping organizations defend themselves against cyberattacks. We investigate a class of non-technical risk mitigation strategies and tools that might be particularly effective in managing and mitigating the effects of certain cyberattacks. We call these social-science-grounded methods Defensive Social Engineering (DSE) tools. Through interviews with urban critical infrastructure operators and cross-case analysis, we devise a pre, mid and post cyber negotiation framework that could help organizations manage their cyber risks and bolster organizational cyber resilience, especially in the case of ransomware attacks. The cyber negotiation framework is grounded in both negotiation theory and practice. We apply our ideas, ex post, to past ransomware attacks that have wreaked havoc on urban critical infrastructure. By evaluating how to use negotiation strategies effectively (even if no negotiations ever take place), we hope to show how non-technical DSE tools can give defenders some leverage as they engage with cyber adversaries who often have little to lose.
Enhancing Cybersecurity Education through High-Fidelity Live Exercises (HiFLiX)
The Hawaii International Conference on System Sciences, 2019
Sigholm, Falco, Viswanathan
The people responsible for building the IT products and infrastructure of tomorrow-today's students of the computing disciplines-oftentimes do not have the opportunity or proper motivation to develop cybersecurity skills meeting the needs of the job market. This paper introduces High Fidelity Live eXercises (HiFLiX) a teaching/learning activity designed to expose students to cybersecurity challenges resembling those they could face in a future work environment. We describe a HiFLiX prototype study, conducted as a collaboration between the Massachusetts Institute of Technology's CyberSecurity @CSAIL research group and NASA's Jet Propulsion Laboratory. Our analysis indicates that the proposed delivery method met the stipulated cybersecurity educational outcomes and increased the motivation for future cybersecurity studies in the majority of participants. Two previously unknown software flaws were also discovered.
Cybersecurity Principles for Space Systems
Journal of Aerospace Information Systems, 2018
Space systems, ranging from satellites to mission control centers, are frequently the target of cyberattacks. Despite the space industry’s technical sophistication, their cybersecurity efforts have lagged behind that of other high–technology sectors. Evidenced by the prevalence of vulnerabilities and attack vectors that go unchecked, space systems ranging from CubeSats to sophisticated rovers have considerable cybersecurity challenges. Although some of these issues are no different than other industries, space systems are met with a unique confluence of cybersecurity risks that complicates the sector’s remediation capabilities. This paper explores factors that led to the space sector’s poor cybersecurity posture, various cyberattacks against space systems, and existing mitigation techniques employed by the sector. Analyzing the current state of the industry along with security practices across similar sectors, several security principles for satellites and space assets are proposed to help reorient the sector toward designing, developing, building, and managing cyber secure systems. These security principles address both technical and policy issues in order to address all space system stakeholders.
The Vacuum of Space Cybersecurity
AIAA SPACE and Astronautics Forum and Exposition, 2018
Space assets, including both ground systems and satellites are fundamental, underlying components of most critical infrastructure. Despite their importance, space systems are riddled with cybersecurity issues - both cubesats and sophisticated systems alike. There is little support infrastructure for improving space asset security such as space-specific standards or space system information sharing organizations, which exacerbates the problem. While space assets suffer similar cybersecurity issues to other industries, they are faced with a unique confluence of challenges making their cybersecurity risk mitigation considerably more complex. This paper explores the cybersecurity challenges of space systems, various attacks against space systems, and current mitigation techniques being employed by space asset organizations. Based on the analysis of these challenges and looking towards what other critical infrastructure sectors are doing to improve their cybersecurity posture, we propose a series of cybersecurity core principles. These principles should be employed by space system stakeholders including space asset organizations, policymakers and a proposed space system Information Security Analysis Center (ISAC). Should stakeholders adopt these cybersecurity principles, space assets could have a stronger cybersecurity baseline than their current state, thereby raising the barrier for attacks across the industry.
A Master Attack Methodology for an AI-Based Automated Attack Planner for Smart Cities
IEEE Access Journal, 2018
Falco, Viswanathan, Caldera, Shrobe
America’s critical infrastructure is becoming "smarter" and increasingly dependent on highly specialized computers called industrial control systems (ICS). Networked ICS components now called the Industrial Internet of Things (IIoT) are at the heart of the "smart city," controlling critical infrastructure such as CCTV security networks, electric grids, water networks and transportation systems. Without the continuous, reliable functioning of these assets, economic and social disruption will ensue. Unfortunately, IIoT are hackable and difficult to secure from cyberattacks. This leaves our future smart cities in a state of perpetual uncertainty and the risk that the stability of our lives will be upended. Local government has largely been absent from conversations about cybersecurity of critical infrastructure, despite its importance. One reason for this is public administrators do not have a good way of knowing which assets and which components of those assets are at the greatest risk. This is further complicated by the highly technical nature of the tools and techniques required to assess these risks. Using AI planning techniques, an automated tool can be developed to evaluate the cyber risks to critical infrastructure. It can be used to automatically identify the adversarial strategies (attack trees) that can compromise these systems. This tool can enable both security novices and specialists to identify attack pathways. We propose and provide an example of an automated attack generation method that can produce detailed, scalable and consistent attack trees – the first step in securing critical infrastructure from cyberattack.
IIoT Cybersecurity Risk Modeling for SCADA Systems
IEEE Internet of Things Journal, 2018
Falco, Caldera and Shrobe
Urban critical infrastructure such as electric grids, water networks and transportation systems are prime targets for cyberattacks. These systems are composed of connected devices which we call the Industrial Internet of Things (IIoT). An attack on urban critical infrastructure IIoT would cause considerable disruption to society. Supervisory Control and Data Acquisition (SCADA) systems are typically used to control IIoT for urban critical infrastructure. Despite the clear need to understand the cyber risk to urban critical infrastructure, there is no data-driven model for evaluating SCADA software risk for IIoT devices. In this paper, we compare non-SCADA and SCADA systems and establish, using cosine similarity tests, that SCADA as a software subclass holds unique risk attributes for IIoT. We then disprove the commonly accepted notion that the Common Vulnerability Scoring System (CVSS) risk metrics of Exploitability and Impact are not correlated with attack for the SCADA subclass …
Water Microgrids: The Future of Water Infrastructure Resilience
Procedia Engineering, 2015
Falco and Webb
Microgrids have recently come into vogue as a potential solution to address the increasing number of power outages caused by extreme weather events that impact our cities and communities. Such events–often precipitated by increasing global temperatures and climate change–have repercussions that expand beyond damages to a city's electric infrastructure. Water infrastructure is similarly vulnerable to extreme weather events, resulting in significant impacts to clean water distribution, wastewater treatment, and stormwater management. Given this similarity, and other value drivers to be outlined, this paper proposes leveraging concepts behind electricity microgrids to develop a unified framework for microgrid application to promote water resilience in the face of our changing climate. Many parallels can be drawn between the electric grid and water infrastructure considering both are utilities that generate, store, and distribute an essential product that has been identified …
City Resilience through Data Analytics: A Human-Centric Approach
Procedia Engineering, 2015
Our cities are being redefined daily based on social, political and environmental factors. This creates substantial challenges for those that attempt to develop resilience strategies for cities. Resilience planning requires a set of assumptions often based on data; however, the dynamic nature of our growing urban environments has impeded our ability to rely on these suppositions. To account for the unpredictable ebb and flow of changes in our cities we have become heavily dependent on data modeling and analytics. The ability to collect and store data from a variety of systems in a cloud infrastructure has enabled the potential for resilience planning to be based on historical scenarios and societal context–prioritizing risks and issues based on multiple factors. As our infrastructure becomes “smarter” with the ability to capture more data and make decisions through machine learning algorithms, resilience plans may become less in touch with the citizens for whom the resilience strategies exist. Thusly, an emergent risk to the inhabitants of cities is the imbalance of qualitative versus quantitative feedback that is leveraged to develop and improve a city’s resilience strategy. Cities are living organisms that cannot be purely defined through machine data. A modern way to establish policies and plans for major urban centers is to leverage machine data collected through various “smart” technology programs. Such data-aggregation mechanisms feed into analytics tools that often fail to account for historical context or citizens’ perspectives. Without leveraging this information, a resilience plan cannot be complete as it will not address the city as a system, but only a component thereof. This paper proposes a new model for developing a city’s comprehensive …
Op-Eds and Interviews
Baltimore Restores Some Email Service, Introduces Workarounds For Water Bills And Traffic Tickets
NPR All Things Considered - WYPR
June 4, 2019
Our Satellites are Prime Targets for a Cyberattack
May 7, 2019
Negotiating with Infrastructure Cyberterrorists
March 4, 2019
How Greater Boston Could Benefit From A Space Force
NPR News - WBUR
October 19, 2018
Invaders from space — hacks against satellites threaten our critical infrastructure
San Francisco Chronicle
August 24, 2018
A most curious Hotelie: Gregory Falco’s wide-ranging path to MIT and beyond
March 21, 2018
To defend cities from cyberattack, think like a hacker
San Francisco Chronicle
April 6, 2018
Gregory Falco: Protecting urban infrastructure against cyberterrorism
September 5, 2017
Diseases infect people—but cyberattacks infect x-rays and MRIs machines
July 7, 2017
White Papers and Reports
Job One for Space Force: Space Asset Cybersecurity
Harvard's Belfer Center's Cyber Security Project, 2018
Despite efforts to improve the cybersecurity of critical infrastructure in the U.S., there has been little focus on cybersecurity for space systems. While security standards for critical infrastructure are often technically sufficient to deter many attacks, they remain a challenge to implement due to time and resource constraints. Space systems, however, are more complex than critical infrastructure from a technology development, ownership and management perspective. Thus far, this has led to a lack of guidance in the form of standards that govern space system security and, ultimately, policies that enforce these standards. I will first review some of the major cybersecurity threats to space systems and the potential motivations for why cyber criminals or nation states would be interested in compromising space systems. Next, I will evaluate the challenges for managing space system cybersecurity. I will then evaluate steps currently being taken by companies and government agencies to secure these systems. Finally, I will propose policy recommendations to streamline cybersecurity for space systems across the public and private sectors. A selection of these recommendations are below.
Climate Resilience Goes Digital: Using digital strategies to manage risk
Falco and McNamara
Digital technology is rarely on the agenda for either city or business leaders. In this context, this paper describes how digital can bolster both city and organizational resilience, providing tangible examples—from monitoring and analyzing city data to providing new mobile tools that help proactively alert citizens and employees to potential risks. In doing so, it hopes to showcase how digital can be used to prepare for, and adapt to, climate change. This is considered through three distinct areas, all of which are vital to organizations and communities: Resource access, Infrastructure and People.
Driving Climate Resilience through Carbon Mitigation
CDP Canada 200 Climate Change Report 2014
Carbon Disclosure Project, 2014
Crist, Khachkhechyan, Falco, Keeble, Iyalla, Maxfield
Recent extreme weather events in Canada have brought the importance of corporate climate resiliency measures and emissions mitigation to the core of business planning. Flash flooding and disastrous winter ice storms have led to increased uncertainty, interrupted supply chains, and physical damage to property for Canadian companies. In response, shareholders and Boards of Directors are increasingly looking to companies to demonstrate clearly their short- and long-term resilience to climate events.
Energy-Smart Buildings: Demonstrating how information technology can cut energy use and costs of real estate portfolios
Smith, Henretig, Pittenger, Bernard, Kofmehl, Levine, Falco, Schmidt, Granderson, Piette
This report, authored in collaboration between Microsoft, Accenture and the Lawrence Berkeley National Laboratory, examines how building owners, operators and occupants can achieve significant energy and cost savings through the use of smart building solutions. It is based on insights from a detailed case study of a smart building pilot program being conducted by Microsoft at its corporate headquarters’ campus.
Climate Change Adaptation and Sustainable Design at the Port Authority of New York & New Jersey
Columbia University, 2011
Mills-Knapp, Bourdeau, Falco, Resler, Tovar, Zoegall
With more than 500 miles of coastline exposed to sea level, much of it supporting high populations and dense infrastructure, New York City stands to benefit greatly from adaptation planning to potential climate change impacts. Most major cities around the world at or near coastlines – Singapore, Tokyo, Amsterdam, London, Los Angeles, and Brisbane among others – have either already implemented or are planning to implement extensive protective measures against climate change impacts. Many of these interventions are applicable to New York and New Jersey infrastructure and are outlined in detail in this report.