Cyber Monitoring, Metrics, and Event Detection
CREDC is addressing key gaps in cyber event detection and continuous monitoring. Some approaches involve:
- identifying metrics that correlate with cyber events
- monitoring that does not perturb the energy delivery control system under observation
- integrating knowledge of physical system behavior with physical measurements as a validity check on data, state, and other behaviors reported by the cyber infrastructure
- detection algorithms and response decision algorithms that balance uncertainties in measurements, uncertainties in correlations of measurements to intrusion or corruption of data, risks of not responding to actual intrusions, costs of a dynamic response, and effectiveness of a response