Alessia Garofalo,Cesario Di Sarno,Ilaria Matteucci,Marco Vallini,Valerio Formicola

DOI: https://doi.org/10.48550/arXiv.1405.2995

2014-05-13

Abstract:Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.

Cryptography and Security

Chunming Zhang,Fengji Luo,Mingyang Sun,Gianluca Ranzi

DOI: https://doi.org/10.1109/tnse.2020.3015220

IF: 6.6

2021-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Advanced Metering Infrastructure (AMI) is a critical and fundamental component of smart grids. Cyber security of AMI thus has direct implications to smart grid's secure and reliable operations. This paper establishes analytical models for studying AMI system's robustness with presence of Distributed Denial-of-Service (DDoS) attacks. This paper firstly proposes a state transition model for individual smart meter nodes and data collector nodes in an AMI communication network; based on this, a dynamic differential system is formulated to describe the network's state evolution. We analyze the dynamic differential system's stability under DDoS attacks and propose a defending strategy, which optimally allocate defending resources in the AMI network, aiming at mitigating the DDoS's threaten with minimum defending loss and cost. Extensive simulations are conducted to validate the proposed method under different AMI network topologies.

Ming Wan,Minglei Hao,Yang Li,Jianming Zhao,Ying Li

DOI: https://doi.org/10.1145/3586102.3586127

2022-01-01

Abstract:Due to the rapid development of industrial automation, ICSs (Industrial Control Systems) gradually expose their potential security vulnerabilities, and are facing more and more serious security risks. Although different industrial security technologies have been developed to strengthen industrial security protection, they always struggle for their own because of their standalone and non-related functions, and their actual defense effects are not encouraging. This paper first summarizes some intrinsic security vulnerabilities in ICSs, and analyzes the main causes to generate each class of vulnerabilities. Furthermore, five popular security technologies which have been successfully applied in today's ICSs are introduced, and their advantages and shortages are also compared by explaining each working mechanism. In order to take full advantage of various industrial security technologies, this paper proposes one novel cooperative defense model based P2DR (Policy, Protection, Detection and Response), which establishes the dynamical defense process to integrate five different industrial security technologies. Under the guidance of security policies, this model can comprehensively utilize the resources of various industrial security technologies to learn and judge current security status of the whole system, and effectively adjust the optimum deployment to provide the strongest protection with the lowest risk. Finally, one applicable case based on the proposed model is designed to verify the feasibility of cooperative defense in ICSs.

Alessandro Fausto,Giovanni Battista Gaggero,Fabio Patrone,Paola Girdinio,Mario Marchese

DOI: https://doi.org/10.3390/s21216970

IF: 3.9

2021-10-20

Sensors

Abstract:Critical Infrastructures (CIs) are sensible targets. They could be physically damaged by natural or human actions, causing service disruptions, economic losses, and, in some extreme cases, harm to people. They, therefore, need a high level of protection against possible unintentional and intentional events. In this paper, we show a logical architecture that exploits information from both physical and cybersecurity systems to improve the overall security in a power plant scenario. We propose a Machine Learning (ML)-based anomaly detection approach to detect possible anomaly events by jointly correlating data related to both the physical and cyber domains. The performance evaluation showed encouraging results—obtained by different ML algorithms—which highlights how our proposed approach is able to detect possible abnormal situations that could not have been detected by using only information from either the physical or cyber domain.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Sebastian Sporrer,Norman Niemann,Christof Hammer

DOI: https://doi.org/10.1140/epjp/s13360-024-05583-4

2024-09-04

The European Physical Journal Plus

Abstract:The malicious misuse of CBRNe agents can inflict extensive damage to critical infrastructure and terrorize public society. The effects of such attacks can range from financial or structural drawbacks to significant casualties. Recent terror attacks in Cucuta (2021) or Kabul (2021) demonstrate the need to protect infrastructures such as airports, power plants, and transportation infrastructure. In the face of these modern-day threats, the need for a reliable and effective monitoring system for critical infrastructure has become increasingly important. In a first contribution to the long-term development, we present an initial version of a concept that requires the implementation paradigm of diverse redundancy and secure communication using MQTTS relying on the included cipher suite. An initial set of node types is defined and assigned requirements for implementation. The software tools architecture we propose based on these requirements is designed to support network operators and developers by providing standard features for network management and sensor node implementation. This includes the definition of a secure semi-automatic onboarding process for new sensor nodes, which is presented in detail. We strive for independency from specific hardware platforms, software frameworks, and network technologies to enable an open standard for communication within a critical infrastructure sensor network and also between such networks in the future.

physics, multidisciplinary

Bright Ojo,Justine Chilenovu Ogborigbo,Maureen Oluchukwuamaka Okafor

DOI: https://doi.org/10.30574/wjarr.2024.22.3.1921

2024-06-30

World Journal of Advanced Research and Reviews

Abstract:Critical infrastructure must withstand cyber and physical assaults in today's interconnected world. This study explores innovative strategies to shield these systems from cyber-physical threats. As networks become more connected, cyberattacks grow more sophisticated, making it imperative to safeguard sectors like transportation, energy, water, and information. The paper analyzes the present and future threat landscape, identifying vulnerabilities within critical infrastructures and proposing targeted mitigation strategies to enhance security. The research leverages AI and machine learning to develop detection tools that identify and predict cyber-physical attacks, enhancing response times and preventive measures. Additionally, resilience engineering and architecture are crucial in fortifying infrastructure, enabling it to withstand and recover from attacks while maintaining essential functions. The study also reviews legislation and policies surrounding infrastructure protection, pinpointing shortcomings and recommending improvements to bolster national security. Effective countermeasures against cyber-physical threats require collaboration and information sharing among government bodies, industry stakeholders, and educational institutions. These partnerships facilitate the exchange of knowledge, best practices, and tools to address threats efficiently. Furthermore, the paper highlights the importance of training programs that equip professionals with skills to integrate cyber and physical security defenses. Exploring the integration of blockchain, IoT, and autonomous technologies could further enhance the resilience of critical systems. These technologies foster secure communications and automated responses to incidents. Lastly, community awareness initiatives play a vital role in preparing for and mitigating cyber-physical attacks, ensuring that public readiness and resilience are maintained. This comprehensive approach aims to fortify critical infrastructure against evolving cyber threats, ensuring continuous operation and security.

Andrea Pinto,Luis-Carlos Herrera,Yezid Donoso,Jairo A Gutierrez

DOI: https://doi.org/10.3390/s23052415

2023-02-22

Abstract:Industrial control systems (ICSs), supervisory control and data acquisition (SCADA) systems, and distributed control systems (DCSs) are fundamental components of critical infrastructure (CI). CI supports the operation of transportation and health systems, electric and thermal plants, and water treatment facilities, among others. These infrastructures are not insulated anymore, and their connection to fourth industrial revolution technologies has expanded the attack surface. Thus, their protection has become a priority for national security. Cyber-attacks have become more sophisticated and criminals are able to surpass conventional security systems; therefore, attack detection has become a challenging area. Defensive technologies such as intrusion detection systems (IDSs) are a fundamental part of security systems to protect CI. IDSs have incorporated machine learning (ML) techniques that can deal with broader kinds of threats. Nevertheless, the detection of zero-day attacks and having technological resources to implement purposed solutions in the real world are concerns for CI operators. This survey aims to provide a compilation of the state of the art of IDSs that have used ML algorithms to protect CI. It also analyzes the security dataset used to train ML models. Finally, it presents some of the most relevant pieces of research on these topics that have been developed in the last five years.

Georgios Michail Makrakis,Constantinos Kolias,Georgios Kambourakis,Craig Rieger,Jacob Benjamin

DOI: https://doi.org/10.48550/arXiv.2109.03945

2021-09-08

Cryptography and Security

Abstract:Critical infrastructures (CI) and industrial organizations aggressively move towards integrating elements of modern Information Technology (IT) into their monolithic Operational Technology (OT) architectures. Yet, as OT systems progressively become more and more interconnected, they silently have turned into alluring targets for diverse groups of adversaries. Meanwhile, the inherent complexity of these systems, along with their advanced-in-age nature, prevents defenders from fully applying contemporary security controls in a timely manner. Forsooth, the combination of these hindering factors has led to some of the most severe cybersecurity incidents of the past years. This work contributes a full-fledged and up-to-date survey of the most prominent threats against Industrial Control Systems (ICS) along with the communication protocols and devices adopted in these environments. Our study highlights that threats against CI follow an upward spiral due to the mushrooming of commodity tools and techniques that can facilitate either the early or late stages of attacks. Furthermore, our survey exposes that existing vulnerabilities in the design and implementation of several of the OT-specific network protocols may easily grant adversaries the ability to decisively impact physical processes. We provide a categorization of such threats and the corresponding vulnerabilities based on various criteria. As far as we are aware, this is the first time an exhaustive and detailed survey of this kind is attempted.

Simon D. Duque Anton,Mathias Strufe,Hans Dieter Schotten

DOI: https://doi.org/10.48550/arXiv.1905.05984

2019-05-15

Cryptography and Security

Abstract:The concept of Industry 4.0 brings a disruption into the processing industry. It is characterised by a high degree of intercommunication, embedded computation, resulting in a decentralised and distributed handling of data. Additionally, cloud-storage and Software-as-a-Service (SaaS) approaches enhance a centralised storage and handling of data. This often takes place in third-party networks. Furthermore, Industry 4.0 is driven by novel business cases. Lot sizes of one, customer individual production, observation of process state and progress in real-time and remote maintenance, just to name a few. All of these new business cases make use of the novel technologies. However, cyber security has not been an issue in industry. Industrial networks have been considered physically separated from public networks. Additionally, the high level of uniqueness of any industrial network was said to prevent attackers from exploiting flaws. Those assumptions are inherently broken by the concept of Industry 4.0. As a result, an abundance of attack vectors is created. In the past, attackers have used those attack vectors in spectacular fashions. Especially Small and Mediumsized Enterprises (SMEs) in Germany struggle to adapt to these challenges. Reasons are the cost required for technical solutions and security professionals. In order to enable SMEs to cope with the growing threat in the cyberspace, the research project IUNO Insec aims at providing and improving security solutions that can be used without specialised security knowledge. The project IUNO Insec is briefly introduced in this work. Furthermore, contributions in the field of intrusion detection, especially machine learning-based solutions, for industrial environments provided by the authors are presented and set into context.

Manuel Cheminod,Luca Durante,Adriano Valenzano

DOI: https://doi.org/10.1109/tii.2012.2198666

IF: 12.3

2013-02-01

IEEE Transactions on Industrial Informatics

Abstract:Although awareness is constantly rising, that industrial computer networks (in a very broad sense) can be exposed to serious cyber threats, many people still think that the same countermeasures, developed to protect general-purpose computer networks, can be effectively adopted also in those situations where a physical system is managed/controlled through some distributed Information and Communication Technology (ICT) infrastructure. Unfortunately, this is not the case, as several examples of successful attacks carried out in the last decade, and more frequently in the very recent past, have dramatically shown. Experts in this area know very well that often the peculiarities of industrial networks prevent the adoption of classical approaches to their security and, in particular, of those popular solutions that are mainly based on a detect and patch philosophy. This paper is a contribution, from the security point of view, to the assessment of the current situation of a wide class of industrial distributed computing systems. in particular, the analysis presented in this paper takes into account the process of ensuring a satisfactory degree of security for a distributed industrial system, with respect to some key elements such as the system characteristics, the current state of the art of standardization and the adoption of suitable controls (countermeasures) that can help in lowering the security risks below a predefined, acceptable threshold.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Vincenzo Giuliano,Valerio Formicola

DOI: https://doi.org/10.48550/arXiv.1909.01910

2019-09-04

Cryptography and Security

Abstract:Maintenance staff of Industrial Control Systems (ICS) is generally not aware about information technologies, and even less about cyber security problems. The scary impact of cyber attacks in the industrial world calls for tools to train defensive skills and test effective security measures. Cyber range offers this opportunity, but current research is lacking cost-effective solutions verticalized for the industrial domain. This work proposes ICSrange, a simulation-based cyber range platform for Industrial Control Systems. ICSrange adopts Commercial-Off-The-Shelf (COTS) technologies to virtualize an enterprise network connected to Industrial Control Systems. ICSrange is the outcome of a preliminary study intended to investigate challenges and opportunities to build a configurable and extensible cyber range with simulated industrial processes. Literature shows that testbeds based on realistic mock-ups are effectively employed to develop complex exploits like Advanced Persistent Threats (APTs), hence motivating their usage to train and test security in ICS. We prove the effectiveness of ICSrange through the execution of a multi-staged attack that breaches an enterprise network and progressively intrudes a simulated ICS with water tanks. The attack mimics lateral movements as observed in APTs.

Sanskeun Lee,Liangzhe Chen,Sisi Duan,Supriya Chinthavali,Mallikarjun Shankar,B. Aditya Prakash

DOI: https://doi.org/10.1109/bigdata.2016.7840902

2016-01-01

Abstract:Critical Infrastructures (CIs) such as energy, water, and transportation are complex networks that are crucial for sustaining day-to-day commodity flows vital to national security, economic stability, and public safety. The nature of these CIs is such that failures caused by an extreme weather event or a man-made incident can trigger widespread cascading failures, sending ripple effects at regional or even national scales. To minimize such effects, it is critical for emergency responders to identify existing or potential vulnerabilities within CIs during such stressor events in a systematic and quantifiable manner and take appropriate mitigating actions. We present here a novel critical infrastructure monitoring and analysis system named URBAN-NET. The system includes a software stack and tools for monitoring CIs, pre-processing data, interconnecting multiple CI datasets as a heterogeneous network, identifying vulnerabilities through graph-based topological analysis, and predicting consequences based on "what-if" simulations along with visualization. As a proof-of-concept, we present several case studies to show the capabilities of our system. We also discuss remaining challenges and future work.

F. Adamsky,M. Aubigny,F. Battisti,M. Carli,F. Cimorelli,T. Cruz,A. Di Giorgio,C. Foglietta,A. Galli,A. Giuseppi,F. Liberati,A. Neri,S. Panzieri,F. Pascucci,J. Proenca,P. Pucci,L. Rosa,R. Soua

DOI: https://doi.org/10.1016/j.ijcip.2018.04.004

IF: 3.683

2018-06-01

International Journal of Critical Infrastructure Protection

Abstract:Industrial and Automation Control systems traditionally achieved security thanks to the use of proprietary protocols and isolation from the telecommunication networks. Nowadays, the advent of the Industrial Internet of Things poses new security challenges. In this paper, we first highlight the main security challenges that advocate for new risk assessment and security strategies. To this end, we propose a security framework and advanced tools to properly manage vulnerabilities, and to timely react to the threats. The proposed architecture fills the gap between computer science and control theoretic approaches. The physical layers connected to Industrial Control Systems are prone to disrupt when facing cyber-attacks. Considering the modules of the proposed architecture, we focus on the development of a practical framework to compare information about physical faults and cyber-attacks. This strategy is implemented in the ATENA architecture that has been designed as an innovative solution for the protection of critical assets.

engineering, multidisciplinary,computer science, information systems

Giusj Digioia,Chiara Foglietta,Stefano Panzieri,Alessandro Falleni

DOI: https://doi.org/10.1109/eisic.2012.30

2012-08-01

Abstract:Recently issues about cyber-war have gained relevant attention, especially because of gravity of damages that could be caused by cyber attacks to strategic targets, mining security of citizens. Examples of targets might include national civil and military airports, command and control systems of civil and military transportation means electronic military systems for national defense, national infrastructures for water and electricity distribution, industries and also hospitals or firefighters informatics systems. The risk of cyber attacks for the mentioned systems and infrastructures has grown because of the introduction of general-purpose and open (not proprietary)communication protocols, widely interconnecting systems and services. With this regard, it is of great importance the problem of evaluating the impact that cyber attacks could generate and to select effective countermeasures to protect military and civil heterogeneous and interconnected systems. In this paper the Mixed Holistic Reductionist (MHR) model is proposed as a conceptual methodology to evaluate the impact of a set of cyber attacks to military and civil infrastructures of strategic interest. The reductionist approach allows modeling of heterogeneous systems using the simplest elements and then coming to assess the interaction of basic components. The holistic paradigm instead allows to analyze complex systems by evaluating their behavior in complex and thus as a monolithic unit. This model allows combining the holistic method with the reductionist, trying to maintain the benefits of both paradigms. The two methods are linked together through an additional layer which is an intermediate level of abstraction, usually represented by the services of any infrastructure. Services are defined as logical objects, in order to obtain useful functionality to the customer, or other infrastructure. The validity of MHR model has been already tested within the context of Critical Infrastructure protection. In particular, it has been implemented in CISIA, a system-interdependency simulator, developed by “Roma Tre”University. In this work, the effectiveness of the model is studied with regard to government infrastructure protection from cyber attacks and, with this regard, an explicative case study is presented.

Abhijeet Sahu,Patrick Wlazlo,Nastassja Gaudet,Ana Goulart,Edmond Rogers,Katherine Davis

2023-06-27

Abstract:Electric power delivery relies on a communications backbone that must be secure. SCADA systems are essential to critical grid functions and include industrial control systems (ICS) protocols such as the Distributed Network Protocol-3 (DNP3). These protocols are vulnerable to cyber threats that power systems, as cyber-physical critical infrastructure, must be protected against. For this reason, the NERC Critical Infrastructure Protection standard CIP-005-5 specifies that an electronic system perimeter is needed, accomplished with firewalls. This paper presents how these electronic system perimeters can be optimally found and generated using a proposed meta-heuristic approach for optimal security zone formation for large-scale power systems. Then, to implement the optimal firewall rules in a large scale power system model, this work presents a prototype software tool that takes the optimization results and auto-configures the firewall nodes for different utilities in a cyber-physical testbed. Using this tool, firewall policies are configured for all the utilities and their substations within a synthetic 2000-bus model, assuming two different network topologies. Results generate the optimal electronic security perimeters to protect a power system's data flows and compare the number of firewalls, monetary cost, and risk alerts from path analysis.

Systems and Control

Weiming Tong,Lei Lu,Zhongwei Li,Jingbo Lin,Xianji Jin

DOI: https://doi.org/10.1109/imccc.2016.193

2016-01-01

Abstract:The security issues of smart grid have drawn more and more attention in the recent years. As a foundational part of smart grid, the cyber and physical security of advanced metering infrastructure (AMI) is of critical importance. Various securing solutions for AMI have been proposed, most of which based on cryptographic technology. However, as learned from experiences in IT environment, intrusion detection system (IDS) can dynamically monitoring the status of network-based systems and provide supplementary defensive capability besides the conventional static solutions, such as encryption, authentication, firewall, etc. In this paper, we analyze the potential threats in AMI and investigate the current academic approaches on intrusion detection systems and techniques for AMI. Then we give some recommendations in designing and deploying a practical AMI-IDS, and propose a comprehensive distributed IDS architecture suitable for AMI. In addition, the existing research problems and challenges are concluded to promote the future progress in this field.

A. Chavez,N. Jacobs,C. B. Jones,J. Johnson,A. Summers,S. Hossain‐McKenzie,C. Lai

DOI: https://doi.org/10.1109/CyberPELS.2019.8925064

2019-04-01

Abstract:The integration of communication-enabled grid-support functions in distributed energy resources (DER) and other smart grid features will increase the U.S. power grid's exposure to cyber-physical attacks. Unwanted changes in DER system data and control signals can damage electrical infrastructure and lead to outages. To protect against these threats, intrusion detection systems (IDSs) can be deployed, but their implementation presents a unique set of challenges in industrial control systems (ICSs), New approaches need to be developed that not only sense cyber anomalies, but also detect undesired physical system behaviors. For DER systems, a combination of cyber security data and power system and control information should be collected by the IDS to provide insight into the nature of an anomalous event. This allows joint forensic analysis to be conducted to reveal any relationships between the observed cyber and physical events. In this paper, we propose a hybrid IDS approach that monitors and evaluates both physical and cyber network data in DER systems, and present a series of scenarios to demonstrate how our approach enables the cyber-physical IDS to achieve more robust identification and mitigation of malicious events on the DER system.

Environmental Science,Engineering,Computer Science

Tim Ackermann,Markus Karch,Jörg Kippe

DOI: https://doi.org/10.1515/auto-2023-0057

2023-09-09

at - Automatisierungstechnik

Abstract:With the increasing frequency of cyberattacks on Industrial Control Systems (ICS), the subject of cybersecurity is becoming increasingly important. Cyber Threat Intelligence (CTI) provides information about cyber adversaries, including their intentions and attack techniques. This paper analyzes the availability of open-source CTI for ICS, with a particular focus on technical indicators that can aid in detecting cyberattacks. Furthermore, this paper examines the automated integration of CTI data into SIEM systems and introduces CTIExchange as a tool that facilitates this integration by connecting Threat Intelligence Platforms with detection tools.

automation & control systems

Massimiliano Leone Itria,Enrico Schiavone,Nicola Nostro

DOI: https://doi.org/10.1109/csr51186.2021.9527928

2021-07-26

Abstract:This paper describes the architecture and the fundamental methodology of an anomaly detector, which by continuously monitoring Simple Network Management Protocol data and by processing it as complex-events, is able to timely recognize patterns of faults and relevant cyber-attacks. This solution has been applied in the context of smart grids, and in particular as part of a security and resilience component of the Information and Communication Technologies (ICT) Gateway, a middleware-based architecture that correlates and fuses measurement data from different sources (e.g., Inverters, Smart Meters) to provide control coordination and to enable grid observability applications. The detector has been evaluated through experiments, where we selected some representative anomalies that can occur on the ICT side of the energy distribution infrastructure: non-malicious faults (indicated by patterns in the system resources usage), as well as effects of typical cyber-attacks directed to the smart grid infrastructure. The results show that the detection is promisingly fast and efficient.

Yi Yang,Hai-Qing Xu,Lei Gao,Y.B. Yuan,Kieran McLaughlin,Sakir Sezer

DOI: https://doi.org/10.1109/TPWRD.2016.2603339

IF: 4.825

2017-01-01

IEEE Transactions on Power Delivery

Abstract:Emerging cybersecurity vulnerabilities in supervisory control and data acquisition (SCADA) systems are becoming urgent engineering issues for modern substations. This paper proposes a novel intrusion detection system (IDS) tailored for cybersecurity of IEC 61850 based substations. The proposed IDS integrates physical knowledge, protocol specifications, and logical behaviors to provide a comprehens...