|
| |
| Activity title | Tools and Methods for Analyzing Cyber Security for Federated Autonomous Vehicles | Activity Reference | IST-211 | Panel | IST | Security Classification | NATO UNCLASSIFIED | Status | Active | Activity type | RTG | Start date | 2023-09-04T00:00:00Z | End date | 2026-09-04T00:00:00Z | Keywords | AI, Assurance, Autonomy, Cyber, Digital twins, Federated missions, Risk, Security | Background | The previous IST-RTG-164 – “Securing unmanned and autonomous vehicles for mission assurance” started the development of a framework to analyze cyber security risk for military autonomous vehicles in support of mission assurance. Despite an extensive discussion about the need for new security capabilities and the challenges in the implementation of already well-established ones, there is still much work left to be done. The ET-122-“Designing resilient autonomous vehicles” was therefore formed to perform a prioritization of the required work. ET-122 has decided that the next natural step is to integrate the physical and autonomy aspects more tightly with cyber security requirements in order to establish guidelines to identify, analyze and resolve the potential trade-offs that will emerge in the design of vehicles with a specific emphasis on multi-domain federated missions. The overarching objective when resolving these issues should be current and future mission assurance so that the contribution of and relationship between the various risk components (security, safety, performance, etc.) can be analyzed using a holistic framework of tools and methods without having to define their individual scope. | Objectives | The overarching objective is to develop and demonstrate better tools and methods to analyze and design an acceptable level of security for autonomous vehicles in the context of collaborative missions. We believe that because of the complexity of the task, abstraction will be needed in order to make the problem tractable and only parts of the scientific objectives will be achieved. A sub-objective will be to identify “suitable” levels of abstraction at which to perform the analysis and refine the scope of the activity accordingly. A possibility would be to start the RTG by organizing a specialist meeting to explore the state-of-art and ongoing activities in this field of research.
Simulation and testing are expected to play a key role to achieve meaningful results for various reasons. Firstly, it might not be feasible to run extensive tests on physical vehicles due to time and cost; using real-time sensor data from hardware-in-the-loop (HWIL) while simulating the rest of the platforms and mission could still give acceptable fidelity while saving resources. Secondly, the amount of individual risk factors and their relationships will likely be too large to be analyzed manually, and some acceptable trade-offs might have to be identified empirically. Therefore, another scientific objective will be to develop new analysis algorithms and possibly extend existing tools to run simulations, possibly with hardware-in-the-loop.
Work packages (not necessarily in this order):
• Analysis:
? Select a subset of NATO vehicles capabilities to be studied and describe their autonomous functions
? Define use-cases (missions, necessary protocols, threat scenarios)
? Identify/develop/extend suitable models, catalogs and data-sets needed for analysis
? Identify metrics to infer the effect of security controls on threats and mission effect
? Define a framework for continuous (possibly real-time) risk assessment
? Resilience and robustness
• Simulation tools:
? Identify suitable simulation tools for mission and vehicles
? Leverage existing testbeds (hardware, HWIL)
? Integrate tools and identify necessary security-specific add-ons/interfaces
• Report and Demo
| Topics | 1. Cyber security for autonomous vehicles
a. Extend RTG-164 framework with the secure collaboration of heterogeneous systems
b. Develop, or extend an existing threat and attack catalogue and other databases like the MITRE ATT&CK for autonomous vehicles
2. Modelling, simulation and analysis
a. Digital twins for autonomous vehicles in federated missions
b. Other types of simulations to identify bottlenecks on platforms and missions
c. (Formal) methods to model the relationships and prove some performance guarantees
3. Robustness and resilience
a. Analyze robustness and resilience requirements
b. Metrics to define trade-offs of different design and operational decisions
c. Autonomous cyber defense and recovery (generation of possible CoA)
4. Security risk assessment
a. Automated reasoning for risk modelling
| | Contact Panel Office |
| |
|
|
|
