Brajendra Panda to improve recovery methods for critical infrastructure systems following a cyber-attack
Brajendra Panda, an Indian American professor of computer science and computer engineering at University of Arkansas has been awarded $637,223 to improve recovery methods for critical infrastructure systems following a cyber-attack.
The award from the National Centers of Academic Excellence in Cybersecurity, located within the National Security Agency, is aimed at protecting critical infrastructure like the power grid, gas and oil pipelines, military installations and hospitals.
In his proposal Panda notes that the interdependence and interconnection of CI systems make them more vulnerable to cyber-attacks and can cause initial damage to spread quickly to other systems, according to a university release.
“Thus, a small vulnerability in one of these systems can result in crippling a large number of them,” Panda says. “These systems are of heterogeneous type by nature, meaning they contain both heterogeneous software and data.”
An example of a recent attack on critical infrastructure is the ransomware attack on the Colonial Pipeline last year.
The attack on computerized equipment left the pipeline down for six days while the company forked over an estimated $4.4 million in Bitcoin to pay the attackers (though much of it was subsequently recovered).
Due to the complexity of CI systems, recovering them can cause significant delays, which is concerning given the time-sensitive nature of the functions these systems provide, such as electricity.
Panda’s goal is to develop fast, accurate and efficient recovery mechanisms that, when coupled with the expeditious damage assessment techniques he has already developed, will offer an “integrated suite solution,” according to the release. This will allow affected CI systems to continue running while providing as many critical functionalities as possible.
The two-year grant, with an option for a third year, builds on a previous $287,000 grant from the same funding agency that focused on expediting assessment of damage following a cyber-attack.