P A S Ralston,J H Graham,J L Hieb

DOI: https://doi.org/10.1016/j.isatra.2007.04.003

Abstract:The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9346835

2020-01-01

Abstract:With the development of information technology and Power Internet of Things, the increasing number of networked terminals presents new network security threats. Industrial control equipment and systems have vulnerabilities in hardware, software and firmware, and advanced persistent threat against ICS has become more complex and diverse. However, most of the research are aimed at the detection of single vulnerability, and lack attack mechanism analysis and threat assessment for attack chain. We proposed a threat assessment method based on vulnerability descriptive text and described the attributes of attack samples according to the classification results in attack targets, methods and consequences. We constructed attack graphs based on attack sample attributes and cyber-physical topology to quantitatively evaluate the feasibility and benefits of each attack path from vulnerability capabilities and the impact of devices in the physical world. Finally, we took the substation device status monitoring system as an example to verify the feasibility of this method.

Jianxin Xu,Dongqin Feng

DOI: https://doi.org/10.1155/2017/2430835

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:This paper discusses two aspects of major risks related to the cyber security of an industrial control system (ICS), including the exploitation of the vulnerabilities of legitimate communication parties and the features abused by unauthorized parties. We propose a novel framework for exposing the above two types of risks. A state fusion finite state machine (SF-FSM) model is defined to describe multiple request-response packet pair sequence signatures of various applications using the same protocol. An inverted index of keywords in an industrial protocol is also proposed to accomplish fast state sequence matching. Then we put forward the concept of scenario reconstruction, using state sequence matching based on SF-FSM, to present the known vulnerabilities corresponding to applications of a specific type and version by identifying the packet interaction characteristics from the data flow in the supervisory control layer network. We also implement an anomaly detection approach to identifying illegal access using state sequence matching based on SF-FSM. An anomaly is asserted if none of the state sequence signatures in the SF-FSM is matched with a packet flow. Ultimately, an example based on industrial protocols is demonstrated by a prototype system to validate the methods of scenario reconstruction and anomaly detection.

Kaixing Huang,Chunjie Zhou,Yu-Chu Tian,Shuanghua Yang,Yuanqing Qin

DOI: https://doi.org/10.1109/tie.2018.2798605

IF: 7.7

2018-10-01

IEEE Transactions on Industrial Electronics

Abstract:Industrial cyber-physical systems (ICPSs) are widely applied in critical infrastructures such as chemical plants, water distribution networks, and power grids. However, they face various cyberattacks, which may cause physical damage to these industrial facilities. Therefore, ensuring the security of ICPSs is of paramount importance. For this purpose, a new risk assessment method is presented in this paper to quantify the impact of cyberattacks on the physical system of ICPSs. This method helps carry out appropriate attack mitigation measures. The method uses a Bayesian network to model the attack propagation process and infers the probabilities of sensors and actuators to be compromised. These probabilities are fed into a stochastic hybrid system (SHS) model to predict the evolution of the physical process being controlled. Then, the security risk is quantified by evaluating the system availability with the SHS model. The effectiveness of the proposed method is demonstrated with a case study on a hardware-in-the-loop simulation test bed.

automation & control systems,engineering, electrical & electronic,instruments & instrumentation

Feng Li,Mozhong Zhu,Ling Lin

DOI: https://doi.org/10.3233/jifs-234686

2024-01-24

Journal of Intelligent & Fuzzy Systems

Abstract:Once industrial control systems are targeted by cyber-attacks, the consequences can be severe, including asset loss, environmental pollution, and public security risks. Risk assessment is an important way to ensure that industrial control systems operate efficiently, steadily and safely. The purpose of this paper is to develop a risk assessment model for industrial control systems based on asymmetric connection cloud and Choquet integral, which fully takes into account the fact that values of risk indicators are often fuzzy, random, asymmetrically distributed in finite intervals, and there are interactions among different indicators. To do so, we first establish a risk assessment index system to ensure the full reflection of availability, integrity, and confidentiality in the results of risk assessment for industrial control systems. Then we establish classification standards for each evaluation indicator based on the importance of assets, vulnerabilities, and threats in evaluating the risk of industrial control systems. Next we develop a risk assessment model based on asymmetric connection cloud and Choquet integral to determine the risk level of industrial control systems. In the following, an example is provided to demonstrate the feasibility and reliability of this proposed model. The experimental results have demonstrated a high level of credibility in assessing cyber-attacks by the proposed model, indicating its potential for analyzing the current security and risk posture of industrial control systems.

Pavlos Cheimonidis,Kontantinos Rantos

2024-03-20

Abstract:The convergence of information and communication technologies has introduced new and advanced capabilities to Industrial Control Systems. However, concurrently, it has heightened their vulnerability to cyber attacks. Consequently, the imperative for new security methods has emerged as a critical need for these organizations to effectively identify and mitigate potential threats. This paper introduces an innovative approach by proposing a dynamic vulnerability criticality calculator. Our methodology encompasses the analysis of environmental topology and the effectiveness of deployed security mechanisms, coupled with the utilization of the Common Vulnerability Scoring System framework to adjust detected vulnerabilities based on the specific environment. Moreover, it evaluates the quantity of vulnerabilities and their interdependencies within each asset. Additionally, our approach integrates these factors into a comprehensive Fuzzy Cognitive Map model, incorporating attack paths to holistically assess the overall vulnerability score. To validate the efficacy of our proposed method, we present a relative case study alongside several modified scenarios, demonstrating its effectiveness in practical applications.

Cryptography and Security

Pavlos Cheimonidis,Konstantinos Rantos

DOI: https://doi.org/10.1007/s10207-024-00858-4

2024-05-10

International Journal of Information Security

Abstract:The convergence of information and communication technologies has introduced new and advanced capabilities to Industrial Control Systems. However, concurrently, it has heightened their vulnerability to cyber attacks. Consequently, the imperative for new security methods has emerged as a critical need for these organizations to effectively identify and mitigate potential threats. This paper introduces an innovative approach by proposing a dynamic vulnerability severity calculator. Our methodology encompasses the analysis of environmental topology and the effectiveness of deployed security mechanisms, coupled with the utilization of the Common Vulnerability Scoring System framework to adjust detected vulnerabilities based on the specific environment. Moreover, it evaluates the quantity of vulnerabilities and their interdependencies within each asset. Additionally, our approach integrates these factors into a comprehensive Fuzzy Cognitive Map model, incorporating attack paths to holistically assess the overall vulnerability score. To validate the efficacy of our proposed method, we present a relative case study alongside several modified scenarios, demonstrating its effectiveness in practical applications.

computer science, information systems, theory & methods, software engineering

He Wen

DOI: https://doi.org/10.48550/arXiv.2306.08631

2023-06-15

Abstract:Cyberattacks on industrial control systems (ICS) have been drawing attention in academia. However, this has not raised adequate concerns among some industrial practitioners. Therefore, it is necessary to identify the vulnerable locations and components in the ICS and investigate the attack scenarios and techniques. This study proposes a method to assess the risk of cyberattacks on ICS with an improved Common Vulnerability Scoring System (CVSS) and applies it to a continuous stirred tank reactor (CSTR) model. The results show the physical system levels of ICS have the highest severity once cyberattacked, and controllers, workstations, and human-machine interface are the crucial components in the cyberattack and defense.

Cryptography and Security,Artificial Intelligence

Irina Kolosok,Liudmila Gurina,,

DOI: https://doi.org/10.21681/2311-3456-2021-6-2-11

2021-01-01

Voprosy kiberbezopasnosti

Abstract:Purpose of the study: The study aims to design an algorithm for determining the cyber resilience indices of information collection, transmission, and processing systems (SCADA, WAMS) to control electric power systems. This algorithm makes it possible to factor in possible states and measures to restore such systems when cyber resilience is lost. Research methods include the probability theory, methods of power system reliability analysis, and Markov methods. Result of the research: The analysis of the reliability of WAMS, which is necessary for assessing the cyber resilience of the EPS, has been carried out. A cyber resilience model is proposed, on the basis of which an algorithm for determining the cyber resilience index of SCADA, WAMS systems with a low quality of measurement information used in EPS control has been developed. To take into account possible states of SCADA, WAMS systems and measures for their restoration (detection, mitigation and response) in case of violation of cyber resilience, the algorithm uses the tools of probability theory and Markov methods. The effectiveness of the application of the developed algorithm is confirmed by the example of calculating the WAMS cyber resilience index with a low quality of PMU data. The results obtained can be useful in making decisions on the formation of control actions on the EPS to ensure its cybersecurity in the context of cyber-attacks on information collection, transmission, and processing systems.

Shaharyar Khan,Stuart Madnick,Stuart E Madnick

DOI: https://doi.org/10.1109/tdsc.2021.3093214

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recent cyber-physical attacks, such as Stuxnet, Triton etc., have invoked an ominous realization about the vulnerability of critical infrastructure, including water, power and gas distribution systems. Traditional IT security-biased protection methods that focus on improving cyber hygiene are largely impotent in the face of targeted attacks by advanced cyber-adversaries. Thus, there is an urgent need to analyze the safety and security of critical infrastructure in a holistic fashion, leveraging the physics of the cyber-physical system. System-Theoretic Accident Model & Processes (STAMP) offers a powerful framework to analyze complex systems; hitherto, STAMP has been used extensively to perform safety analyses but an integrated safety and cybersecurity analysis of industrial control systems (ICS) has not been published. This paper uses the electrical generation and distribution system of an archetypal industrial facility to demonstrate the application of a STAMP-based method – called Cybersafety – to identify and mitigate cyber-vulnerabilities in ICS. The key contribution of this work is to differentiate the additional steps required to perform a holistic cybersecurity analysis for an ICS of significant size and complexity and to present the analysis in a structured format that can be emulated for larger systems with many interdependent subsystems.

computer science, information systems, software engineering, hardware & architecture

Zachary A. Collier,Mahesh Panwar,Alexander A. Ganin,Alex Kott,Igor Linkov

DOI: https://doi.org/10.48550/arXiv.1512.08515

2015-12-26

Abstract:Risk is the best known and perhaps the best studied example within a much broader class of cyber security metrics. However, risk is not the only possible cyber security metric. Other metrics such as resilience can exist and could be potentially very valuable to defenders of ICS systems. Often, metrics are defined as measurable properties of a system that quantify the degree to which objectives of the system are achieved. Metrics can provide cyber defenders of an ICS with critical insights regarding the system. Metrics are generally acquired by analyzing relevant attributes of that system. In terms of cyber security metrics, ICSs tend to have unique features: in many cases, these systems are older technologies that were designed for functionality rather than security. They are also extremely diverse systems that have different requirements and objectives. Therefore, metrics for ICSs must be tailored to a diverse group of systems with many features and perform many different functions. In this chapter, we first outline the general theory of performance metrics, and highlight examples from the cyber security domain and ICS in particular. We then focus on a particular example of a class of metrics that is different from the one we have considered in earlier chapters. Instead of risk, here we consider metrics of resilience. Resilience is defined by the National Academy of Sciences (2012) as the ability to prepare and plan for, absorb, recover from, or more successfully adapt to actual or potential adverse events. This chapter presents two approaches for the generation of metrics based on the concept of resilience using a matrix-based approach and a network-based approach. Finally, a discussion of the benefits and drawbacks of different methods is presented along with a process and tips intended to aid in devising effective metrics.

Cryptography and Security,Computers and Society,Software Engineering,Data Analysis, Statistics and Probability

Fan Zhang,Kevin Kelly

DOI: https://doi.org/10.1080/00295450.2022.2092356

IF: 1.667

2022-09-04

Nuclear Technology

Abstract:Digital instrumentation and control (I&C) systems are being deployed in nuclear power plants (NPPs) for both existing and advanced reactor designs. As I&C systems become more digitized to allow features like near autonomous control and remote operation, they introduce greater cyber risk to NPPs. Cyberattacks targeting industrial control systems (ICSs) are growing in both qualities and capabilities, which indicates that cybersecurity needs to be an integral part of risk assessment in the industry. Although there are some risk assessment methods in traditional information technology (IT) cybersecurity, the differences between IT and ICS cybersecurity make it infeasible to apply these risk assessment methods directly to ICSs. Some research has focused on risk assessment methods for ICSs, but few studies focus on applications to NPPs. Ideal risk frameworks for the nuclear industry are dynamic and account for system dependencies; this survey review focuses on such risk assessment methods both in and outside the nuclear field. The major challenges in cybersecurity risk assessment research are pointed out, and further research suggestions and considerations for cyber risk assessment in I&C systems are identified.

nuclear science & technology

Anees Ara

DOI: https://doi.org/10.1088/1755-1315/1026/1/012030

2022-07-09

IOP Conference Series: Earth and Environmental Science

Abstract:Industrial control systems (ICS) play a vital role in monitoring and controlling the plants like power grids, oil and gas industries, manufacturing industries, and nuclear power plants. Present research and development in information and communication technologies have changed the domains of industrial control systems from traditional electromagnetic to network- based digital systems. This domain shift has created better interfaces for communication between physical processes and the control units. Eventually, making the complex process of monitoring and controlling the industries easier, with the help of internet connections and computing technologies. The field instruments such as sensors and actuators and the physical processes in industries are controlled and monitored by programmable logic controllers (PLC), remote telemetric units (RTU), and supervisory control and data acquisition systems (SCADA) with the help of communication protocols. The seamless integration of the information technologies (IT) and operational technologies (OT) make the management of the industrial environment foster. However, the inclusion of new technologies that increase the number of internet connections, the new communication protocols, and interfaces that run on open-source software, brings up new threats and challenges in addition to existing vulnerabilities in these classical legacy-based heterogeneous hardware and software systems. Due to the increase in the number of security incidents on critical infrastructures, the security considerations for SCADA systems/ICS are gaining interest among researchers. In this paper, we provide a description of SCADA/ICS components, architecture, and communication protocols. Additionally, we discuss details of existing vulnerabilities in hardware, software, and communication protocols. Further, we highlight some prominent security incidents and their motives behind them. We analyse the existing state of OT and IT security in SCADA systems by classifying the SCADA components among them. Finally, we provide security recommendations based on current trends and also discuss open research problems in SCADA security.

Chuangxin Guo,Bin Yu,Jia Guo,Bojian Wen,Jinjiang Zhang,Li Zhang,Haibo Lu,Bo Li

DOI: https://doi.org/10.13334/j.0258-8013.pcsee.2014.04.022

2014-01-01

Abstract:Substation automation system (SAS) based on IEC61850 is the development direction of SAS. The security issues of the SAS have become increasingly prominent, so it is meaningful to carry out security risk assessment for the SAS. This paper proposed a methodology for the security risk assessment of the SAS. The function-based model (FBM) was proposed according to IEC 61850, by which the SAS could be decomposed into functions and described in mathematical language, and the security risk of the SAS was divided into "system risk" and "function risk". Secondly, a method for calculating the function failure probability was presented. And concepts, such as logical connection value, logical node value and function value, were defined to measure the loss of function failure. A 9-level risk assessment criteria and a system risk integration method based on analytic hierarchy process were established. Taking T1-1 substation SAS system as an example, the feasibility and applicability of the proposed method was verified. ? 2014 Chin. Soc. for Elec. Eng.

Chuan Sheng,Yu Yao,Qiang Fu,Wei Yang

DOI: https://doi.org/10.1016/j.comnet.2020.107677

IF: 5.493

2021-02-01

Computer Networks

Abstract:<p>Supervisory Control and Data Acquisition (SCADA) systems are becoming increasingly susceptible to the sophisticated and targeted cyber attacks which are typically carried out by exploiting the vulnerabilities of industrial control devices or protocols. However, most of the existing network intrusion detection methods only focus on detecting and characterizing cyber attacks against the SCADA system, but cannot fully describe their real impact on the system. In this paper, we propose a cyber-physical model for the SCADA system to detect intrusions from the SCADA network and evaluate their risk levels against the industrial process. The model aims at characterizing the network structure and industrial process of the SCADA system through extracting and correlating the communication patterns and states of ICS devices. And any violation of the model is considered abnormal behavior, which can be caused by false operation or network attacks. Through associating network intrusions with the status of the SCADA system, a risk assessment method is proposed to estimate the potential damage degree of the attack on the system, which provides network administrators with richer information about network attacks. Moreover, the comprehensive performance evaluation conducted on public SCADA network data sets shows that the proposed method outperforms the existing methods in detecting and analyzing various cyber attacks against the SCADA system.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Qiangsheng Dai,Libao Shi,Yixin Ni

DOI: https://doi.org/10.1109/pesgm.2018.8586312

2018-01-01

Abstract:The operating conditions of distribution system can be perceived and optimized rapidly and effectively with the help of information and communication technology. However, some potential cybersecurity risk needs to arouse enough attention. In this paper, a novel and practical cyber-attack method targeting remote terminal unit (RTU) is proposed firstly. Regarding the enormous cyber-physical devices in a distribution system and the high maintenance costs, this paper also introduces a risk index to identify the vulnerability of a distribution system to be studied under cyber-attack. A Bayesian attack graph model is applied to quantify the probability of successfully exploiting known and zero-day vulnerabilities, and the relationship between the attack behavior and the feeder automation action is further analyzed. Simulation results demonstrate the effectiveness and validity of the proposed model and method.

Nastaran Mahmoudyar,Yaser Baseri,Ali A. Ghorbani,Mahdi Daghmehchi Firoozjaei

DOI: https://doi.org/10.1016/j.ijcip.2021.100487

IF: 3.683

2022-03-01

International Journal of Critical Infrastructure Protection

Abstract:Industrial control systems (ICSs) and critical infrastructure are targeted by sophisticated cyber incidents launched by skillful and persistent attackers. Due to political, public image, or industrial competition reasons, most incidents are not publicly reported. Therefore, their consequences and threats are not as known as well as those in information technology (IT) systems. This paper aims to provide a foundation for cyber risk assessment for operational technology (OT) systems. To this end, we review the adversarial tactics and techniques employed by attackers to launch ICS cyberattacks and analyze the attack mechanisms of six significant ICS cyber incidents in the energy and power industries, namely Stuxnet, BlackEnergy, Crashoverride, Triton, Irongate, and Havex. We introduce an evaluation framework to evaluate the threat level of the ICS cyber incidents based on their sophistication and incident consequences. Finally, we rate the analyzed ICS cyber incidents based on their threat scores. Our evaluation rates Stuxnet as the most sophisticated and high-threat ICS malware and Irongate the lowest. We hope our evaluation can shed light on the design of protection solutions for OT systems.

engineering, multidisciplinary,computer science, information systems

Jia Guo,Yingkai Bao,Bin Yu,Zhian Zeng,Liangyi Wang,Chuangxin Guo

DOI: https://doi.org/10.1109/powercon.2014.6993773

2014-01-01

Abstract:Due to the popularity of intelligent electronic device and digital information transmission in intelligent substation, the security issues of the SAS have become increasingly prominent, it is necessary to carry out security risk assessment for the SAS. This paper proposed a methodology for the security risk assessment of the SAS, the function-based model (FBM) was proposed according to IEC 61850, by which the SAS could be decomposed into functions. Secondly, a method for calculating the function failure probability was presented, referring to information security risk assessment norms, function value was defined to measure the loss of function failure. Based on AHP (analytic hierarchy process, AHP), the transmission weights of function risk were calculated, to integrate function risk into system risk Based on the sensitivity analysis, the assessment and ranking for different parts of SAS are completed, and the weaknesses of SAS are found. Finally, Taking Tl-1 substation SAS system as an example, the feasibility and applicability of the proposed method was verified.

Joshua Taylor

DOI: https://doi.org/10.48550/arXiv.2012.11375

2020-12-18

Cryptography and Security

Abstract:Since the 1960s Supervisory Control and Data Acquisition (SCADA) systems have been used within industry. Referred to as critical infrastructure (CI), key installations such as power stations, water treatment and energy grids are controlled using SCADA. Existing literature reveals inherent security risks to CI and suggests this stems from the rise of interconnected networks, leading to the hypothesis that the rise of interconnectivity between corporate networks and SCADA system networks pose security risks to CI. The results from studies into previous global attacks involving SCADA and CI, with focus on two highly serious incidents in Iran and Ukraine, reveal that although interconnectivity is a major factor, isolated CIs are still highly vulnerable to attack due to risks within the SCADA controllers and protocols.

Hao Wang,Nathan Lau,Ryan M Gerdes

DOI: https://doi.org/10.1177/0018720818769250

Abstract:Objective: The aim of this study was to apply work domain analysis for cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems. Background: Adoption of information and communication technology in cyberphysical systems (CPSs) for critical infrastructures enables automated and distributed control but introduces cybersecurity risk. Many CPSs employ SCADA industrial control systems that have become the target of cyberattacks, which inflict physical damage without use of force. Given that absolute security is not feasible for complex systems, cyberintrusions that introduce unanticipated events will occur; a proper response will in turn require human adaptive ability. Therefore, analysis techniques that can support security assessment and human factors engineering are invaluable for defending CPSs. Method: We conducted work domain analysis using the abstraction hierarchy (AH) to model a generic SCADA implementation to identify the functional structures and means-ends relations. We then adopted a case study approach examining the Stuxnet cyberattack by developing and integrating AHs for the uranium enrichment process, SCADA implementation, and malware to investigate the interactions between the three aspects of cybersecurity in CPSs. Results: The AHs for modeling a generic SCADA implementation and studying the Stuxnet cyberattack are useful for mapping attack vectors, identifying deficiencies in security processes and features, and evaluating proposed security solutions with respect to system objectives. Conclusion: Work domain analysis is an effective analytical method for studying cybersecurity of CPSs for critical infrastructures in a psychologically relevant manner. Application: Work domain analysis should be applied to assess cybersecurity risk and inform engineering and user interface design.