Associate Professor, Information Sciences and Technology
As critical infrastructures, including the power grid, undergo modernization efforts and become “smarter” to meet resilience and sustainability objectives, both government and commercial organizations face increasingly sophisticated and potentially devastating threats from state actors, organized crime, and other malicious actors. A 2018 report of the White House’s Council of Economic Advisers estimates that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016 alone, and indicates that cyberattacks against critical infrastructure could cause up to $1 trillion in damage. My research aims at mitigating such threats by tackling the problem on multiple fronts. First, my work on cyber situational awareness aims at improving the defender’s understanding of the cyber landscape in which organizations operate, including potential threats and attacker’s objectives. Second, my work on moving target defense and adaptive cyber defense aims at developing advanced techniques to continuously adapt to an evolving security landscape, create uncertainty for the attacker, and increase the cost for malicious actors to conduct attack campaigns.
■ Secure Configuration for the IoT Based on Optimization & Reasoning on Graphs. In collaboration with PARC, this project aims at developing a framework to automatically optimize the configuration of complex IoT systems, balancing security and functionality constraints.
■ Adversarial and Uncertain Reasoning for Adaptive Cyber Defense: Building the Scientific Foundation. This MURI project aims at defining the scientific foundation of Adaptive Cyber Defense, focusing on modeling the behavior of adversaries and reasoning in the presence of uncertainty.
■ Center for Cybersecurity Analytics and Automation (CCAA). Established under the NSF IUCRC program, CCAA aims at advancing cyber defense on multiple fronts.