Pavlos Cheimonidis,Konstantinos Rantos

DOI: https://doi.org/10.1007/s10207-024-00858-4

2024-05-10

International Journal of Information Security

Abstract:The convergence of information and communication technologies has introduced new and advanced capabilities to Industrial Control Systems. However, concurrently, it has heightened their vulnerability to cyber attacks. Consequently, the imperative for new security methods has emerged as a critical need for these organizations to effectively identify and mitigate potential threats. This paper introduces an innovative approach by proposing a dynamic vulnerability severity calculator. Our methodology encompasses the analysis of environmental topology and the effectiveness of deployed security mechanisms, coupled with the utilization of the Common Vulnerability Scoring System framework to adjust detected vulnerabilities based on the specific environment. Moreover, it evaluates the quantity of vulnerabilities and their interdependencies within each asset. Additionally, our approach integrates these factors into a comprehensive Fuzzy Cognitive Map model, incorporating attack paths to holistically assess the overall vulnerability score. To validate the efficacy of our proposed method, we present a relative case study alongside several modified scenarios, demonstrating its effectiveness in practical applications.

computer science, information systems, theory & methods, software engineering

Yinan Wang,Gangfeng Yan,Ronghao Zheng

DOI: https://doi.org/10.3390/app8050768

2018-01-01

Applied Sciences

Abstract:The integration of modern computing and advanced communication with power grids has led to the emergence of electrical cyber-physical systems (ECPSs). However, the massive application of communication technologies makes the power grids become more vulnerable to cyber attacks. In this paper, we study the vulnerability of ECPSs and develop defence strategies against cyber attacks. Detection and protection algorithms are proposed to deal with the emergency of cascading failures. Moreover, we propose a weight adjustment strategy to solve the unbalanced power flows problem which is caused by splitting incidents. A MATLAB-based platform with advantages of easy programming, fast calculation, and no damage to systems is built for the offline simulation and analysis of the vulnerability of ECPSs. We also propose a five-aspect method of vulnerability assessment which includes the robustness, economic costs, degree of damage, vulnerable equipment, and trip point. The study is of significance to decision makers as they can get specific advice and defence strategies about a special power system.

Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9346835

2020-01-01

Abstract:With the development of information technology and Power Internet of Things, the increasing number of networked terminals presents new network security threats. Industrial control equipment and systems have vulnerabilities in hardware, software and firmware, and advanced persistent threat against ICS has become more complex and diverse. However, most of the research are aimed at the detection of single vulnerability, and lack attack mechanism analysis and threat assessment for attack chain. We proposed a threat assessment method based on vulnerability descriptive text and described the attributes of attack samples according to the classification results in attack targets, methods and consequences. We constructed attack graphs based on attack sample attributes and cyber-physical topology to quantitatively evaluate the feasibility and benefits of each attack path from vulnerability capabilities and the impact of devices in the physical world. Finally, we took the substation device status monitoring system as an example to verify the feasibility of this method.

Peng Huang,Yinan Wang,Gangfeng Yan

DOI: https://doi.org/10.1109/iecon.2017.8216086

2017-01-01

Abstract:This paper considers a framework of electrical cyber-physical systems (ECPSs) in which each bus and branch in a power grid is equipped with a controller and a sensor. By means of measuring the damages of cyber attacks in terms of cutting off transmission lines, three solution approaches are proposed to assess and deal with the damages caused by faults or cyber attacks. Splitting incident is treated as a special situation in cascading failure propagation. A new simulation platform is built for simulating the protection procedure of ECPSs under faults. The vulnerability of ECPSs under faults is analyzed by experimental results based on IEEE 39-bus system.

Georgios Michail Makrakis,Constantinos Kolias,Georgios Kambourakis,Craig Rieger,Jacob Benjamin

DOI: https://doi.org/10.48550/arXiv.2109.03945

2021-09-08

Cryptography and Security

Abstract:Critical infrastructures (CI) and industrial organizations aggressively move towards integrating elements of modern Information Technology (IT) into their monolithic Operational Technology (OT) architectures. Yet, as OT systems progressively become more and more interconnected, they silently have turned into alluring targets for diverse groups of adversaries. Meanwhile, the inherent complexity of these systems, along with their advanced-in-age nature, prevents defenders from fully applying contemporary security controls in a timely manner. Forsooth, the combination of these hindering factors has led to some of the most severe cybersecurity incidents of the past years. This work contributes a full-fledged and up-to-date survey of the most prominent threats against Industrial Control Systems (ICS) along with the communication protocols and devices adopted in these environments. Our study highlights that threats against CI follow an upward spiral due to the mushrooming of commodity tools and techniques that can facilitate either the early or late stages of attacks. Furthermore, our survey exposes that existing vulnerabilities in the design and implementation of several of the OT-specific network protocols may easily grant adversaries the ability to decisively impact physical processes. We provide a categorization of such threats and the corresponding vulnerabilities based on various criteria. As far as we are aware, this is the first time an exhaustive and detailed survey of this kind is attempted.

Xuan Li,Chunjie Zhou,Yu-Chu Tian,Naixue Xiong,Yuanqing Qin

DOI: https://doi.org/10.1109/tii.2017.2740571

IF: 12.3

2017-01-01

IEEE Transactions on Industrial Informatics

Abstract:With the evolution of information, communications, and technologies, modern industrial control systems (ICSs) face more and more cybersecurity issues. This leads to increasingly severe risks in critical infrastructure and assets. Therefore, risk analysis becomes a significant yet not well investigated topic for prevention of cyberattack risks in ICSs. To tackle this problem, a dynamic impact assessment approach is presented in this paper for risk analysis in ICSs. The approach predicts the trend of impact of cybersecurity dynamically from full recognition of asset knowledge. More specifically, an asset is abstracted with properties of construction, function, performance, location, and business. From the function and performance properties of the asset, object-oriented asset models incorporating with the mechanism of common cyberattacks are established at both component and system levels. Characterizing the evolution of behaviors for single asset and system, the models are used to analyze the impact propagation of cyberattacks. Then, from various possible impact consequences, the overall impact is quantified based on the location and business properties of the asset. A special application of the approach is to rank critical system parameters and prioritize key assets according to impact assessment. The effectiveness of the presented approach is demonstrated through simulation studies for a chemical control system.

Yuan Peng,Kaixing Huang,Weixun Tu,Chunjie Zhou

DOI: https://doi.org/10.1109/ddcls.2018.8516022

2018-01-01

Abstract:Rapid development and application of ICT technologies in industrial control systems (ICS) has introduced serious security problem, as the cyber-attack can cause physical damage, ensuring the cyber security is extremely important. Risk assessment is a key component in security protection process, but existing methods of risk assessment generally lack the capacity of quantification and the adaptability to the dynamic evolution of ICS. In this paper, we discuss a model-data integrated risk assessment method. In the proposed method, Bayesian network model is applied to achieve quantitative risk assessment, and the model is optimized dynamically using an online data-driven parameter learning strategy, which can improve the accuracy of real-time dynamic assessment result. The effectiveness of proposed method is demonstrated with a case study on a simulated process control system.

Navid Aftabi,Dan Li,Ph.D.,Thomas Sharkey,Ph.D

2024-01-31

Abstract:Industrial Control Systems (ICSs) are widely used in critical infrastructures that face various cyberattacks causing physical damage. With the increasing integration of the ICSs and information technology (IT), ensuring the security of ICSs is of paramount importance. In an ICS, cyberattacks exploit vulnerabilities to compromise sensors and controllers, aiming to cause physical damage. Maliciously accessing different components poses varying risks, highlighting the importance of identifying high-risk cyberattacks. This aids in designing effective detection schemes and mitigation strategies. This paper proposes an optimization-based cyber-risk assessment framework that integrates cyber and physical systems of ICSs. The framework models cyberattacks with varying expertise and knowledge by 1) maximizing physical impact in terms of failure time of the physical system, 2) quickly accessing the sensors and controllers in the cyber system while exploiting limited vulnerabilities, 3) avoiding detection in the physical system, and 4) complying with the cyber and physical restrictions. These objectives enable us to jointly model the interactions between the cyber and physical systems and study the critical cyberattacks that cause the highest impact on the physical system under certain resource constraints. Our framework serves as a tool to understand the vulnerabilities of an ICS with a holistic consideration of cyber and physical systems and their interactions and assess the risk of existing detection schemes by generating the worst-case attack strategies. We illustrate and verify the effectiveness of our proposed method in a numerical and a case study. The results show that a worst-case strategic attacker causes almost 19% further acceleration in the failure time of the physical system while remaining undetected compared to a random attacker.

Optimization and Control,Systems and Control

He Wen

DOI: https://doi.org/10.48550/arXiv.2306.08631

2023-06-15

Abstract:Cyberattacks on industrial control systems (ICS) have been drawing attention in academia. However, this has not raised adequate concerns among some industrial practitioners. Therefore, it is necessary to identify the vulnerable locations and components in the ICS and investigate the attack scenarios and techniques. This study proposes a method to assess the risk of cyberattacks on ICS with an improved Common Vulnerability Scoring System (CVSS) and applies it to a continuous stirred tank reactor (CSTR) model. The results show the physical system levels of ICS have the highest severity once cyberattacked, and controllers, workstations, and human-machine interface are the crucial components in the cyberattack and defense.

Cryptography and Security,Artificial Intelligence

Kaixing Huang,Chunjie Zhou,Yu-Chu Tian,Shuanghua Yang,Yuanqing Qin

DOI: https://doi.org/10.1109/tie.2018.2798605

IF: 7.7

2018-10-01

IEEE Transactions on Industrial Electronics

Abstract:Industrial cyber-physical systems (ICPSs) are widely applied in critical infrastructures such as chemical plants, water distribution networks, and power grids. However, they face various cyberattacks, which may cause physical damage to these industrial facilities. Therefore, ensuring the security of ICPSs is of paramount importance. For this purpose, a new risk assessment method is presented in this paper to quantify the impact of cyberattacks on the physical system of ICPSs. This method helps carry out appropriate attack mitigation measures. The method uses a Bayesian network to model the attack propagation process and infers the probabilities of sensors and actuators to be compromised. These probabilities are fed into a stochastic hybrid system (SHS) model to predict the evolution of the physical process being controlled. Then, the security risk is quantified by evaluating the system availability with the SHS model. The effectiveness of the proposed method is demonstrated with a case study on a hardware-in-the-loop simulation test bed.

automation & control systems,engineering, electrical & electronic,instruments & instrumentation

Bruno Paes Leao,Jagannadh Vempati,Siddharth Bhela,Tobias Ahlgrim,Daniel Arnold

2024-05-31

Abstract:Modern industrial systems face a growing threat from sophisticated cyberattacks that can cause significant operational disruptions. This work presents a novel methodology for identification of the most critical cyberattacks that may disrupt the operation of such a system. Application of the proposed framework can enable the design and development of advanced cybersecurity solutions for a wide range of industrial applications. Attacks are assessed taking into direct consideration how they impact the system operation as measured by a defined Key Performance Indicator (KPI). A simulation model (SM), of the industrial process is employed for calculation of the KPI based on operating conditions. Such SM is augmented with a layer of information describing the communication network topology, connected devices, and potential actions an adversary can take based on each device or network link. Each possible action is associated with an abstract measure of effort, which is interpreted as a cost. It is assumed that the adversary has a corresponding budget that constrains the selection of the sequence of actions defining the progression of the attack. A dynamical system comprising a set of states associated with the cyberattack (cyber-states) and transition logic for updating their values is also proposed. The resulting augmented simulation model (ASM) is then employed in an artificial intelligence-based sequential decision-making optimization to yield the most critical cyberattack scenarios as measured by their impact on the defined KPI. The methodology is successfully tested based on an electrical power distribution system use case.

Systems and Control

Alan Raveling,Yanzhen Qu

DOI: https://doi.org/10.24018/ejece.2023.7.4.546

2023-07-12

European Journal of Electrical Engineering and Computer Science

Abstract:This paper has examined the application of the Common Vulnerability Scoring System applied to operational technology or industrial control system-based cybersecurity controls and demonstrated that the unique considerations and aspects of these environments are more accurately captured when compared against a traditional IT based evaluation. Multiple business drivers are compelling consumer goods manufacturers to augment and connect their manufacturing systems bringing with it increases in potential for experiencing a cybersecurity incident [1]. While other business verticals are able to utilize cybersecurity standards and control documents tailored for their industry, manufacturers do not have a set of materials that directly correlate to the operational technology environments in which their systems reside [2]. Cybersecurity practitioners face additional challenges in developing an understanding of the severity of the risks within these environments due to the lack of current quantifiable methods of evaluating the risks. The findings from this research provide cybersecurity practitioners with a repeatable and extensible method to derive the operational risk present to an organization due to the technologies and business strategies employed in the pursuit of business objectives.

P A S Ralston,J H Graham,J L Hieb

DOI: https://doi.org/10.1016/j.isatra.2007.04.003

Abstract:The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

Shaharyar Khan,Stuart Madnick,Stuart E Madnick

DOI: https://doi.org/10.1109/tdsc.2021.3093214

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recent cyber-physical attacks, such as Stuxnet, Triton etc., have invoked an ominous realization about the vulnerability of critical infrastructure, including water, power and gas distribution systems. Traditional IT security-biased protection methods that focus on improving cyber hygiene are largely impotent in the face of targeted attacks by advanced cyber-adversaries. Thus, there is an urgent need to analyze the safety and security of critical infrastructure in a holistic fashion, leveraging the physics of the cyber-physical system. System-Theoretic Accident Model & Processes (STAMP) offers a powerful framework to analyze complex systems; hitherto, STAMP has been used extensively to perform safety analyses but an integrated safety and cybersecurity analysis of industrial control systems (ICS) has not been published. This paper uses the electrical generation and distribution system of an archetypal industrial facility to demonstrate the application of a STAMP-based method – called Cybersafety – to identify and mitigate cyber-vulnerabilities in ICS. The key contribution of this work is to differentiate the additional steps required to perform a holistic cybersecurity analysis for an ICS of significant size and complexity and to present the analysis in a structured format that can be emulated for larger systems with many interdependent subsystems.

computer science, information systems, software engineering, hardware & architecture

Georgios Kavallieratos,Christos Grigoriadis,Angeliki Katsika,Georgios Spathoulas,Panayiotis Kotzanikolaou,Sokratis Katsikas

DOI: https://doi.org/10.20517/jsss.2022.17

2022-10-31

Journal of Surveillance, Security and Safety

Abstract:Aim: The paper proposes a novel risk assessment method ology for complex cyber-physical systems: The proposed method ology may assist risk assessors to: (a) assess the risks deriving from cyber and physical interactions among cyber-physical components; and (b) prioritize the control selection process for mitigating these risks. Methods: To achieve this, we combine and modify appropriately two recent risk assessment method ologies targeted to cyber physical systems and interactions, as underlying building blocks. By applying the existing method ology, we enable the utilization of well-known software vulnerability taxonomies, to extract vulnerability and impact submetrics for all the interactions among the system components. These metrics are then fed to the risk analysis phase in order to assess the overall cyber-physical risks and to prioritize the list of potential mitigation controls. Results: To validate the applicability and efficiency of the proposed method ology, we apply it in a realistic scenario involving supply chain tracking systems. Conclusion: Our results show that the proposed method ology can be effectively applied to capture the risks deriving from cyber and physical interactions among system components in realistic application scenarios, while for large scale networks further testing should be carried out.

English Else

Xiaming Ye,Junhua Zhao,Yan Zhang,Fushuan Wen

DOI: https://doi.org/10.3390/en8065266

IF: 3.2

2015-01-01

Energies

Abstract:The distribution automation system (DAS) is vulnerable to cyber-attacks due to the widespread use of terminal devices and standard communication protocols. On account of the cost of defense, it is impossible to ensure the security of every device in the DAS. Given this background, a novel quantitative vulnerability assessment model of cyber security for DAS is developed in this paper. In the assessment model, the potential physical consequences of cyber-attacks are analyzed from two levels: terminal device level and control center server level. Then, the attack process is modeled based on game theory and the relationships among different vulnerabilities are analyzed by introducing a vulnerability adjacency matrix. Finally, the application process of the proposed methodology is illustrated through a case study based on bus 2 of the Roy Billinton Test System (RBTS). The results demonstrate the reasonability and effectiveness of the proposed methodology.

Alexey Poletykin

DOI: https://doi.org/10.1109/rusautocon.2018.8501811

2018-09-01

Abstract:The cyber security formula-based risk evaluation method is outlined for using SCADA in Industrial Control System (ICS) of Critical National Infrastructure (CNI) plants. The main feature of the method is taking into account not only information security methods but all safety and security and reliability measures available. Another feature concerns assets definition by means of explicit and hidden functions for which damage values from feasible cyber-attacks are estimated. The method deals with the scales of order. An example of the scale is proposed for damage and risk values. The essence of the method, its application domain restrictions, the stages of risk management addressed, key risk management concepts covered are described in the paper.

Yuanqing Qin,Qi Zhang,Chunjie Zhou,Naixue Xiong

DOI: https://doi.org/10.1109/tsmc.2018.2861715

2018-01-01

IEEE Transactions on Systems Man and Cybernetics Systems

Abstract:Decision-making is a key component of industrial control system (ICS) security. However, due to the stability and real-time requirements of ICSs, current decision-making approaches typically designed for IT systems are not entirely suitable for ICSs. In this paper, with consideration of the characteristics of ICSs, a risk-based multistep dynamic decision-making approach for protecting ICSs is proposed. Following this proposal, multiple models, including multilayer Bayesian network, process model, and attack-defense strategy model are built first. On this basis, a state controller is designed to ensure the safe degradation/upgradation of ICSs. Finally, a game theory-based optimal defense strategy generation approach is presented. To verify the effectiveness of the proposed approach, a simulation on a simplified chemical reactor control system is conducted in MATLAB. The simulation results clearly demonstrate that the proposed dynamic decision-making approach has the ability to generate the optimal defense strategy to minimize system loss.

Hao Huang,Dustin Gray,Juan Mendoza,Katherine Davis

DOI: https://doi.org/10.1109/naps52732.2021.9654646

2021-01-01

Abstract:Obtaining enough situational awareness is a critical task for power system security and reliability. With thousands of devices and various adversaries, it is hard to assess the impact of those devices under adversaries on power systems. The lack of enough situational awareness can lead the operators to misunderstand the system and make inappropriate decisions. Thus, this paper presents a framework to consider different types of contingencies for a comprehensive device-oriented risk assessment. The proposed framework considers three aspects, including the Steady State Contingency, Transient State Contingency, and Device Model Validation. Corresponding metrics have been utilized to evaluate the power system elements with respect to power system security. With the input information, the proposed framework streamlines and automates the process of quantifying the risk of different devices through different types of contingency analyses and metrics. In this way, operators can get comprehensive situational awareness to ensure the security of the system and avoid potential cascading failures. This paper uses the synthetic 200-bus case (ACTIVSg200) to illustrate the process of quantifying cyber-physical risk using the proposed framework.

Keren CHEN,Fushuan WEN,Junhua ZHAO,Li LI,Yinguo YANG,Yan TAN

DOI: https://doi.org/10.16081/j.issn.1006-6047.2017.12.009

2018-01-01

Abstract:The wide applications of the ever-developing automation and communication technologies have significantly enhanced the operation level of modem power system,while the interactions between the power information system and the power physical system are becoming more extensively and more in-depth,and hence the cyber-physical power system is formed.In the cyber-physical power system,the failure of information equipment has impacts on the security and reliability of power physical system,while attacks from outsiders against either physical or information equipment may result in power supply interruptions.On this background,the cyber-physical power system is simulated as five elements:physical node,physical-physical link,cyber-node,cyber-cyber link and cyber-physical link,to analyze the interactive influence between physical equipment and information equipment,based on which,the influence of information system failure on the operation of physical system is assessed.A bi-level mathematic programming model under the game theory framework is established for distributing defending resources on information and power modules,to quantify the importance degrees of modules under given attacks.The modified IEEE 14-bus power system is simulated and calculated,whose results verify the feasibility and effectiveness of the proposed method.