This article is part of an op-ed series on engineering projects that will change the world by Rutgers School of Engineering faculty.
By Saman Zonouz
Cozy Bear tried to steal research on a potential COVID-19 vaccine from the University of North Carolina and other facilities.
Sandworm turned off the lights on 250,000 Ukrainians and attacked the 2018 Olympics.
And Energetic Bear swiped voter information from local governments in California and Indiana just before this month’s national election.
This is how war is waged today.
Cyber – or computer – warfare, which involves remote attacks and reconnaissance through nation-funded channels, is emerging – and being increasingly deployed – in place of more costly conventional attacks. These attacks, like recent ones by Russia and Iran to try to interfere with the 2020 election, confirm the urgent need for government, industry and university researchers to develop innovative approaches to thwart even more devastating possible cyberattacks on everything from voting machines to power grids and military systems.
Headway has been made, for instance, by the U.S. Naval Academy’s renewed insistence on teaching seamen how to use celestial navigation to limit their reliance on sophisticated GPS systems on modern vessels. Other steps are being taken to overcome inherent risks of cloud data and vulnerabilities in the Internet of Things, which controls everything from a community’s traffic lights to the lock on an individual’s front door. There’s also increased pressure to establish cyberwarfare rules to mitigate future state-on-state cyber conflicts.
As this cybersecurity arms race escalates, Rutgers researchers are increasingly determined to see that our elections truly reflect the will of the people by remaining secure and free of foreign interference, that our lights stay on, our power plants are inviolable and our military systems are well-defended. Any security attack against our critical systems could cause safety risks to users and operators and cause fatalities. For instance, a cyberattack against a power grid transformer could cause an explosion killing people, or a compromised Tesla car controller could cause a car crash while the car is in autonomous driving mode.
We are leading the fight against cyber-attackers by asking: How can we protect vulnerable infrastructures from the disruption of cyberattacks? Much of our research is funded by the National Science Foundation’s CPS, or cyber-physical systems program.
We know attackers find few things that are more harmful to a society’s economy, public health and safety than the disruption of essential services provided by our national critical infrastructures, such as the power grid, healthcare/hospitals, transportation, additive manufacturing, industrial control systems. These sites have been targeted in an increasing number of disruptive global attacks – from 2015 Russian attacks by Sandworm on Ukraine’s power grid to a 2019 attack by hackers on western U.S. power companies.
Our research will revolutionize how cyber-physical systems – systems where physical components are monitored/controlled by computers/controllers – are designed, deployed and operated.
Over the past few decades, engineers and computer scientists developed conventional cybersecurity protections for conventional computing systems, such as those found in banks or financial institutions. But these solutions are not directly applicable to more complex systems like cyber-physical systems, which include a combination of computers and physical components, such as power generators and motors.
Many of the conventional cyber defense solutions are reactive. When an attack occurs, they react and adapt. We are, instead, developing proactive cyber defense solutions able to anticipate and respond effectively to cyberattacks. We’re also designing secure mechanisms for the cyber-physical systems that control our critical infrastructure by probing weaknesses. This way effective safeguards can be designed so that if an attack happens, built-in defenses will exist.
While our solutions are inherently complicated, they should be truly resilient. These solutions don’t guarantee absolute protection against any attack, yet it enables them to analyze, predict, tolerate, respond to – and recover from – highly debilitating cybersecurity attacks in near real-time.
To date, we have successfully developed automated intrusion detection systems and automated response systems that we are sharing with some of our industry partners. Lasting solutions to pressing societal problems often result from productive research collaborations, which is why Rutgers researchers are also working with Siemens, Texas A&M University, the University of Illinois at Urbana-Champaign, Pacific Northwest National Labs and Sandia National Labs on a recently funded U.S. Department of Energy project to enhance the reliability and resilience of our energy infrastructure.
Our joint efforts will create systems to safeguard some of our most critical cyber-physical infrastructures. In turn, this not only protects system users and operators, but also the general public.
Saman Zonouz, an associate professor in the Department of Electrical and Computer Engineering, a recent recipient of a Presidential Early Career Award for Scientists and Engineers (PECASE) at the White House in 2019.
Our journalism needs your support. Please subscribe today to NJ.com.
Here’s how to submit an op-ed or Letter to the Editor. Bookmark NJ.com/Opinion. Follow us on Twitter @NJ_Opinion and on Facebook at NJ.com Opinion. Get the latest news updates right in your inbox. Subscribe to NJ.com’s newsletters.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.