The Critical Infrastructure Resilience Institute (CIRI), led and managed by the University of Illinois at Urbana-Champaign, will conduct research and education to enhance the resiliency of the Nation's critical infrastructures and the businesses and public entities that own and operate those assets and systems. The Institute will explore the organizational, policy, business, and technical dimensions of critical infrastructure's dependence on cyber assets. CIRI will examine how computer hardware and software both contribute to and threaten resiliency and how industry makes decisions about cyber assets which contribute to resilience.
Theme 1: Understanding Resilient Critical Infrastructure Systems
Regulatory Options for Managing Systemic Risks Project
PI: Rebecca Slayton, Cornell University
Co-PI: Herb Lin, Stanford University
Risk management is the foundation of critical infrastructure resilience, especially for the electrical power grid. Current regulations assess risk at the individual organization level, which may neglect systemic risks posed by cyber weapons. Such weapons may be able to compromise a large number of low risk assets, causing a catastrophic failure without impacting any high risk assets. This project identifies specific sources of systemic risk across organizations and explores a method for evaluating the potential effectiveness of regulatory strategies for protection from systemic cybersecurity risks.
Supply Chain Cybersecurity Assurance For Critical Infrastructure Project
PI: John Villasenor, University of California at Los Angeles
The nation’s critical infrastructure is extremely complex and becoming more so as the number of devices and linkages increases. Critical infrastructure involves a complex mix of legacy systems and new technologies, resulting in interactions and dependencies that the designers of legacy systems could not have envisioned. This project examines challenges posed by cyberattacks in the critical infrastructure supply chain, with the goal of producing new assessment methods to preemptively detect intentionally compromised hardware and software. The project also evaluates strategies for rapid and effective mitigation of attacks after they are launched. We will develop, test, and disseminate a set of methodologies and associated solutions that will enable more effectively identification, mitigation, and response to attacks on systemic supply chain-related vulnerabilities.
Evaluation of Potential Vulnerability Assessment Methodologies and Tools
PI: Santanu Chaudhuri, University of Illinois at Urbana-Champaign
Co-PI: Maria Jaromin, University of Illinois at Urbana-Champaign
The Office of Infrastructure Protection primarily relies on two vulnerability assessment mechanisms to collect data, analyze information, and deliver vulnerability assessments: the Infrastructure Survey Tool, and the since-retired Site Assistance Visit. This comparative study evaluates vulnerability assessment methodologies applicable to a range of critical infrastructures. The project consists of three tasks:
- Conduct a literature review to identify and evaluate vulnerability assessments used by DHS for specific critical infrastructure sectors.
- Evaluate and compare available tools, assess the applied models, suggest improvements, and conduct a gap analysis.
- Develop recommendations to address the near- and long-term needs of DHS and the critical infrastructure community.
Theme 2: Application of Critical Infrastructure in the Real World
Resilience Governance Project
PIs: Stephen Flynn, Northeastern University; Matthias Ruth, Northeastern University
Co-PIs: Sean Burke, Northeastern University; Noah Dormady, Ohio State University
This project analyzes the governance challenges associated with advancing greater awareness and management of the risks arising from regional lifeline infrastructure interdependencies. The project examines any existing disincentives to improving cross-sector, multi-jurisdictional collaboration. With the goal of informing decisions about national education and training programs, this effort relies on an extended case study approach looking specifically at the metro-Boston area. The research team will develop and deploy a decision matrix designed to help decision makers prioritize their efforts for addressing lifeline infrastructure interdependencies.
Changing Flood Risk - Extreme Precipitation, Sea Level Rise, and Inundation Project
PI: Eric P Salathé, University of Washington Bothell
Climate change is a major driver of changing flood risk due to impacts on sea level rise, heavy rainfall events, and the accumulation and persistence of snow. In particular, relatively little is known about the future changes of extreme precipitation at the regional level. The goals of this project are to link models and approaches, spanning from global-scale to regional climate models, to hydrologic models and ultimately to reach-scale hydrodynamic modeling. The analysis is developing pilot studies using river basins in the Pacific Northwest that are subject to both rain and snowmelt driven floods. Results will be generalized for application to other regions. This work will directly integrate with the companion project on Scenario-based Flood Risk Mapping, which will translate the geophysical flood scenarios to develop non-stationary risk projections.
Scenario-based Flood Risk Mapping Project
PI: Bob Freitag, University of Washington; Himanshu Grover, University of Washington
New techniques in predicting flood levels will incorporate information about variability in possible flood levels, variability that captures changes in climate conditions and uncertainty in the climate model variables used to make the predictions. This project explores how to present new kinds of predictive information to community life-line infrastructure stakeholders, and how to get data from those stakeholders that allows them to integrate predictions of potential flood levels with the corresponding impacts on infrastructure.
Theme 3: The Business Case for Infrastructure Resiliency
Analyzing and Supporting the Development of the Cyber-insurance Market as a Market-Based Solution for Cyber Resiliency Project
PI: Jay Kesan, University of Illinois at Urbana-Champaign
Co-PIs: David Nicol, University of Illinois at Urbana-Champaign; Sachin Shetty, Tennessee State University
This project applies methodologies for assessing cyber-risk to the area of cyberinsurance, to understand the business case for offering insurance for cyber events. It will define a resulting set of initiatives and prescriptions to facilitate expansion of a cyber-insurance market. It will develop a database of court cases involving cyber-insurance.
Measuring and Rewarding Resilience Project
PIs: Howard Kunreuther, University of Pennsylvania; Erwann Michel-Kerjan, University of Pennsylvania; Stephen Flynn, Northeastern University
Co-PI: Sean Burke, Northeastern University
This project supports the development of market-based incentives for advancing critical infrastructure resilience. It does this by identifying the barriers and opportunities for the insurance industry and financial sector to reward investments in measures that mitigate risk and speed recovery from disruptions to regional lifeline infrastructures. The project will determine, in a systematic, quantifiable and holistic way, why it is that lifeline critical infrastructure sectors are currently uninsured or underinsured. It will evaluate possible metrics for resilience that are likely to generate flexible resilience investments. In so doing, it will provide a roadmap for creating an important source of demand for the critical infrastructure resilience solutions developed by science and engineering researchers.
Measuring Business and Economic Resilience in Disasters
PI: Adam Rose, University of Southern California
Co-PIs: Noah Dormady, Ohio State University; Kathleen Tierney, University of Colorado Boulder
This project is advancing the theory and measurement of economic resilience – how businesses utilize remaining resources as efficiently as possible in the aftermath of a disaster to maintain functionality. The work will provide new insights and suggest transition products that DHS and other agencies can use to strengthen the resilience of our critical infrastructure and provide more efficient planning for disaster and risk management.
Theme 4: Future of Resilience
Enabling Resilient Manufacturing via Trustworthy Digital Threads Project
PI/Co-PIs: William P. King, University of Illinois at Urbana-Champaign; Marianne Winslett, University of Illinois at Urbana-Champaign
The digital thread for a manufactured product consists of all the data generated during its lifecycle, including the information captured during design, fabrication, supply chain, customer delivery, and in-service usage and maintenance. The ability to access this information in highly granular detail offers significant advantages to manufacturing organizations, including business metrics such as manufacturing cost and time to market. Digital thread also offers new vulnerabilities for manufacturing organizations. The purpose of this five-year project is to conceive, design, develop, test, and transition to the field a production-grade architecture for trustworthy digital threads that satisfies the needs of the critical manufacturing sector, enhances manufacturing productivity, and significantly improves the robustness and resilience of the manufacturing sector. The project team’s industrial partners, connections to the digital thread research underway at DMDII, and access to the cybersecurity modeling and specification work at NIST ensure that trust, data provenance, and data integrity are integrated into digital thread industry standards as they evolve and coalesce.
First Responder Cybersecurity: Responsive Connectivity in Critical Infrastructure and the Internet of Things Project
PI: David Manz, Pacific Northwest National Laboratories
Current emergency response notification of events is often slow and disconnected. A small structure fire or commercial natural gas leak usually requires a human witness who would then use 9-1-1 emergency response or directly contact an emergency management authority. Even if there is automated detection, it is often not tied directly into all the relevant emergency response stakeholders. The ubiquitous Internet of Things (IoT) will provide an avenue for this information to be either detected or passed on to the appropriate authorities. If some part of the IoT was onsite, the automated information logged could be used to detect and promulgate the emergency event information more quickly. The DHS highlights the key role emergency response and disaster preparedness plays in securing our communities and protecting critical infrastructure. The ability to symbiotically benefit both elements will leverage greater responsiveness and effectiveness for first responders and provide enhanced availability and resiliency for national critical infrastructure.
Theme 5: Education and Workforce Development
Advancing Resiliency in Critical Power and Industrial Control Infrastructure through Workforce Education and Real-World Testing Project
PI/Co-PIs: Danny Reible, Annette Sobel, Texas Tech University; Mark Harral, Group NIRE; and Susan Williams, Angelo State University
The project will develop and train homeland security professionals through a workforce development program directed at rural and small urban communities and in the underserved Hispanic population. The initial efforts will focus on the development of seminars and CEU modules that will serve as training tools in critical infrastructure resilience for both TTU and ASU students and outside professionals. Two of the seminars will feature industry experts as well as Group NIRE staff to show examples of issues like extreme weather and extreme mechanical failure/post event analysis. One of the seminars will include potential cyber security attacks and a trip to Group NIRE’s field site to trouble shoot a loss of communication issue and detail how to restore communications utilizing radio networks and other troubleshooting techniques. Funding provided by DHS will establish a simple way to create more CEU and education modules in future years and also start the development of aggregator software to train students remotely via a hands-on simulator approach.
Student Opportunities at CIRI
CIRI is looking for enthusiastic, qualified students to work on a wide variety of projects that address critical infrastructure resilience. We can be reached by submitting a resume and areas of interest via the University of Illinois Applied Research Institute website here.
Our work is made possible through a network of partnerships with some of the best minds and most innovative organizations from within the academic world and the private sector.
- Angelo State University
- Cornell University
- Northeastern University
- Ohio State University
- Pacific Northwest National Laboratories
- Stanford University
- Tennessee State University
- Texas Tech University
- University of California at Los Angeles
- University of Colorado Boulder
- University of Illinois at Urbana-Champaign
- University of Pennsylvania Wharton School
- University of Washington
- American Transmission Company
- Argonne National Laboratory
- Digital Manufacturing and Design Innovation Institute
- Illinois Emergency Management Agency
- Illinois Law Enforcement Alert System
- Midcontinent Independent System Operator
- Sacramento Municipal District
- Sandia National Laboratories