PNNL team tests PageRank algorithm for stopping ‘cascading failures’

Pacific Northwest National Laboratory mathematician Bill Kay had been talking with a data scientist concerned about “cascading failures.”

Not to be confused with the compounded catastrophe of losing your MetroCard, missing your train, arriving late for work, and ultimately missing out on free office bagels, “cascading failure,” in this case, refers to critical infrastructure.

Downtime at a power station, for example, could cause failure at a water treatment plant, which could impact a hospital that can no longer operate without clean water.

This is a PageRank problem, Kay thought, referring to the tool known for ranking websites in order of importance.

Kay and his team used the computational library SciPy’s open-source version of the PageRank model to effectively identify key assets within a critical infrastructure system. Their work was published recently in the journal Homeland Security Affairs—a site that could be facing a PageRank challenge of its own, given its current lack of links.

“Your bias can color your feelings about which things are important to protect. And this just leans on the network structure and says, there’s no bias here. I just know what the dependencies are, and I’m going to rank importance from that,” Kay told IT Brew.

Critical thinking. A May 2021 ransomware attack on the 5,500-mile Colonial Pipeline demonstrates the cascading consequences of one cyber hit. The pipeline compromise shut down the chute for around five days, impacting gas prices and supply. An attack in 2017 against Maersk led to a “paralyzing” of 17 of the shipping carrier’s 76 international ports, according to a Columbia University study. Other attacks have recently disrupted water facilities and energy companies.

The PageRank model, developed in 1998 by Google’s founders Sergey Brin and Larry Page, rates a webpage’s importance by determining if important sites link to it. Kay figured PageRank’s algorithm could also find important facilities by looking at their connection points.

High PageRank scores, when talking about critical infrastructure, mean high vulnerability, the report asserts. And those highly vulnerable assets might deserve the most security resources.

“Analysts in the world are looking for ways to make sure that our infrastructure is robust. And they’re resource-limited. They can’t just make sure every piece of infrastructure never fails,” Kay said.

A test run. The PNNL team used a giant, precurated dataset from the Idaho National Laboratory. The All Hazards Analysis (AHA) collection featured 679,794 nodes (hospitals, for example) and 851,747 edges (relationships between the assets).

The team ran several simulations and found its multilayer PageRank approach, which weighs “many streams of information simultaneously” and outperformed another sometimes-used prioritization method that protects assets by “out-degree,” or whether or not an asset appears at the head or tail of a chain reaction.

The researchers protected the top 5% of resources, according to the traditional out-degree method, Kay said, and looked to see how much of the network collapsed given the failures. They did the same experiment but ranking by PageRank, and observed that less of the network collapsed.

“The team did not quantify exactly how much it would limit an attack compared to the other methods, instead treating the study as evidence that the approach is worth exploring,” PNNL wrote in its March 17 news release.

“The fact that a simple algorithm could provide those insights, to me, is astounding, and it’s worth researching further,” Grant Geyer, chief strategy officer at infrastructure-protection platform Claroty, told IT Brew, noting the ranking is “incredibly important for policymakers to understand.” A whole other challenge however, remains:

“Now that you can understand and focus your investment dollars around those key lynchpins, how do you secure them?” Geyer asked.