My talk was entitled “Models and algorithms for protecting critical information technology infrastructure”
This talk is motivated by a cyber-security planning application, where we explore how to mitigate vulnerabilities within information technology (IT) supply chains for securing cyber-infrastructure. To do so, we formulate new optimization models based on the coverage models and network interdiction models. In this research, we investigate how to identify a best combination of cost-effective mitigations that maximally delays supply chain attacks when there exist multiple adversaries. We present new Stackelberg game models that explicitly formulate the interaction between a defender and multiple attackers. We propose max-min interdiction models for critical infrastructure protection that prioritizes cost-effective security mitigations to maximally delay adversarial attacks. We consider attacks originating from multiple adversaries, each of which aims to find a “critical path” through the attack surface to complete the corresponding attack as soon as possible. Decision makers can deploy mitigations to delay attack exploits, however, mitigation effectiveness is sometimes uncertain. We propose a Lagrangian heuristic that identifies near-optimal solutions efficiently.
I discussed the following two papers in my talk:
- Zheng, K., Albert, L.A., Luedtke, J.R., Towle, E. 2017. A budgeted maximum multiple coverage model for cybersecurity planning and management.
- Zheng, K., and Albert, L.A. 2018. Interdiction models for delaying adversarial attacks against critical information technology infrastructure.
I had a delightful visit. I have visited Pittsburgh several times before, and I always enjoy seeing the Cathedral of Learning. The highlight this time was meeting with the faculty and students at CMU. Dr. Alex Jacquillat was my faculty host. Carnegie Mellon is a university with a lot of collaboration, and this was evident during my visit. My schedule included meetings with faculty and students from Heinz College, the Tepper School, computer science, and engineering.
I saw Dr. Al Blumstein of Heinz College give a talk about criminal justice and operations research when I was a graduate student, and he is part of the reason why I pursued research in public safety in emergency medical services. I gave my seminar in the Alfred Blumstein Classroom at CMU. It was an honor.