Visible to the public Biblio

Filters: Keyword is critical infrastructure  [Clear All Filters]
2023-08-04
Hyder, Burhan, Majerus, Harrison, Sellars, Hayden, Greazel, Jonathan, Strobel, Joseph, Battani, Nicholas, Peng, Stefan, Govindarasu, Manimaran.  2022.  CySec Game: A Framework and Tool for Cyber Risk Assessment and Security Investment Optimization in Critical Infrastructures. 2022 Resilience Week (RWS). :1–6.
Cyber physical system (CPS) Critical infrastructures (CIs) like the power and energy systems are increasingly becoming vulnerable to cyber attacks. Mitigating cyber risks in CIs is one of the key objectives of the design and maintenance of these systems. These CPS CIs commonly use legacy devices for remote monitoring and control where complete upgrades are uneconomical and infeasible. Therefore, risk assessment plays an important role in systematically enumerating and selectively securing vulnerable or high-risk assets through optimal investments in the cybersecurity of the CPS CIs. In this paper, we propose a CPS CI security framework and software tool, CySec Game, to be used by the CI industry and academic researchers to assess cyber risks and to optimally allocate cybersecurity investments to mitigate the risks. This framework uses attack tree, attack-defense tree, and game theory algorithms to identify high-risk targets and suggest optimal investments to mitigate the identified risks. We evaluate the efficacy of the framework using the tool by implementing a smart grid case study that shows accurate analysis and feasible implementation of the framework and the tool in this CPS CI environment.
2023-06-30
Libicki, Martin C..  2022.  Obnoxious Deterrence. 2022 14th International Conference on Cyber Conflict: Keep Moving! (CyCon). 700:65–77.
The reigning U.S. paradigm for deterring malicious cyberspace activity carried out by or condoned by other countries is to levy penalties on them. The results have been disappointing. There is little evidence of the permanent reduction of such activity, and the narrative behind the paradigm presupposes a U.S./allied posture that assumes the morally superior role of judge upon whom also falls the burden of proof–-a posture not accepted but nevertheless exploited by other countries. In this paper, we explore an alternative paradigm, obnoxious deterrence, in which the United States itself carries out malicious cyberspace activity that is used as a bargaining chip to persuade others to abandon objectionable cyberspace activity. We then analyze the necessary characteristics of this malicious cyberspace activity, which is generated only to be traded off. It turns out that two fundamental criteria–that the activity be sufficiently obnoxious to induce bargaining but be insufficiently valuable to allow it to be traded away–may greatly reduce the feasibility of such a ploy. Even if symmetric agreements are easier to enforce than pseudo-symmetric agreements (e.g., the XiObama agreement of 2015) or asymmetric red lines (e.g., the Biden demand that Russia not condone its citizens hacking U.S. critical infrastructure), when violations occur, many of today’s problems recur. We then evaluate the practical consequences of this approach, one that is superficially attractive.
ISSN: 2325-5374
2023-06-09
Carvalho, Gonçalo, Medeiros, Nadia, Madeira, Henrique, Cabral, Bruno.  2022.  A Functional FMECA Approach for the Assessment of Critical Infrastructure Resilience. 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS). :672—681.
The damage or destruction of Critical Infrastructures (CIs) affect societies’ sustainable functioning. Therefore, it is crucial to have effective methods to assess the risk and resilience of CIs. Failure Mode and Effects Analysis (FMEA) and Failure Mode Effects and Criticality Analysis (FMECA) are two approaches to risk assessment and criticality analysis. However, these approaches are complex to apply to intricate CIs and associated Cyber-Physical Systems (CPS). We provide a top-down strategy, starting from a high abstraction level of the system and progressing to cover the functional elements of the infrastructures. This approach develops from FMECA but estimates risks and focuses on assessing resilience. We applied the proposed technique to a real-world CI, predicting how possible improvement scenarios may influence the overall system resilience. The results show the effectiveness of our approach in benchmarking the CI resilience, providing a cost-effective way to evaluate plausible alternatives concerning the improvement of preventive measures.
2023-03-17
Pardee, Jessica W., Schneider, Jennifer, Lam, Cindy.  2022.  Operationalizing Resiliency among Childcare Providers during the COVID-19 Pandemic. 2022 IEEE International Symposium on Technologies for Homeland Security (HST). :1–7.
Childcare, a critical infrastructure, played an important role to create community resiliency during the COVID-19 pandemic. By finding pathways to remain open, or rapidly return to operations, the adaptive capacity of childcare providers to offer care in the face of unprecedented challenges functioned to promote societal level mitigation of the COVID-19 pandemic impacts, to assist families in their personal financial recoveries, and to provide consistent, caring, and meaningful educational experiences for society's youngest members. This paper assesses the operational adaptations of childcare centers as a key resource and critical infrastructure during the COVID-19 pandemic in the Greater Rochester, NY metropolitan region. Our findings evaluate the policy, provider mitigation, and response actions documenting the challenges they faced and the solutions they innovated. Implications for this research extend to climate-induced disruptions, including fires, water shortages, electric grid cyberattacks, and other disruptions where extended stay-at-home orders or service critical interventions are implemented.
2023-02-17
Gao, Xueqin, Shang, Tao, Li, Da, Liu, Jianwei.  2022.  Quantitative Risk Assessment of Threats on SCADA Systems Using Attack Countermeasure Tree. 2022 19th Annual International Conference on Privacy, Security & Trust (PST). :1–5.
SCADA systems are one of the critical infrastructures and face many security threats. Attackers can control SCADA systems through network attacks, destroying the normal operation of the power system. It is important to conduct a risk assessment of security threats on SCADA systems. However, existing models for risk assessment using attack trees mainly focus on describing possible intrusions rather than the interaction between threats and defenses. In this paper, we comprehensively consider intrusion likelihood and defense capability and propose a quantitative risk assessment model of security threats based on attack countermeasure tree (ACT). Each leaf node in ACT contains two attributes: exploitable vulnerabilities and defense countermeasures. An attack scenario can be constructed by means of traversing the leaf nodes. We set up six indicators to evaluate the impact of security threats in attack scenarios according to NISTIR 7628 standard. Experimental results show the attack probability of security threats and high-risk attack scenarios in SCADA systems. We can improve defense countermeasures to protect against security threats corresponding to high-risk scenarios. In addition, the model can continually update risk assessments based on the implementation of the system’s defensive countermeasures.
Frauenschläger, Tobias, Mottok, Jürgen.  2022.  Security-Gateway for SCADA-Systems in Critical Infrastructures. 2022 International Conference on Applied Electronics (AE). :1–6.
Supervisory Control and Data Acquisition (SCADA) systems are used to control and monitor components within the energy grid, playing a significant role in the stability of the system. As a part of critical infrastructures, components in these systems have to fulfill a variety of different requirements regarding their dependability and must also undergo strict audit procedures in order to comply with all relevant standards. This results in a slow adoption of new functionalities. Due to the emerged threat of cyberattacks against critical infrastructures, extensive security measures are needed within these systems to protect them from adversaries and ensure a stable operation. In this work, a solution is proposed to integrate extensive security measures into current systems. By deploying additional security-gateways into the communication path between two nodes, security features can be integrated transparently for the existing components. The developed security-gateway is compliant to all regulatory requirements and features an internal architecture based on the separation-of-concerns principle to increase its security and longevity. The viability of the proposed solution has been verified in different scenarios, consisting of realistic field tests, security penetration tests and various performance evaluations.
ISSN: 1805-9597
2023-01-13
Clausen, Marie, Schütz, Johann.  2022.  Identifying Security Requirements for Smart Grid Components: A Smart Grid Security Metric. 2022 IEEE 20th International Conference on Industrial Informatics (INDIN). :208—213.
The most vital requirement for the electric power system as a critical infrastructure is its security of supply. In course of the transition of the electric energy system, however, the security provided by the N-1 principle increasingly reaches its limits. The IT/OT convergence changes the threat structure significantly. New risk factors, that can lead to major blackouts, are added to the existing ones. The problem, however, the cost of security optimizations are not always in proportion to their value. Not every component is equally critical to the energy system, so the question arises, "How secure does my system need to be?". To adress the security-by-design principle, this contribution introduces a Security Metric (SecMet) that can be applied to Smart Grid architectures and its components and deliver an indicator for the "Securitisation Need" based on an individual risk assessment.
Ramaj, Xhesika.  2022.  A DevSecOps-enabled Framework for Risk Management of Critical Infrastructures. 2022 IEEE/ACM 44th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion). :242–244.
This paper presents a Ph.D. research plan that focuses on solving the existing problems in risk management of critical infrastructures, by means of a novel DevSecOps-enabled framework. Critical infrastructures are complex physical and cyber-based systems that form the lifeline of a modern society, and their reliable and secure operation is of paramount importance to national security and economic vitality. Therefore, this paper proposes DevSecOps technology for managing risk throughout the entire development life cycle of such systems.
Lavanya, P., Subbareddy, I.V., Selvakumar, V..  2022.  Internet of Things enabled Block Level Security Mechanism to Big Data Environment using Cipher Security Policies. 2022 International Conference on Advances in Computing, Communication and Applied Informatics (ACCAI). :1–6.
The proliferation of linked devices in decisive infrastructure fields including health care and the electric grid is transforming public perceptions of critical infrastructure. As the world grows more mobile and connected, as well as as the Internet of Things (IoT) expands, the growing interconnectivity of new critical sectors is being fuelled. Interruptions in any of these areas can have ramifications across numerous sectors and potentially the world. Crucial industries are critical to contemporary civilization. In today's hyper-connected world, critical infrastructure is more vulnerable than ever to cyber assaults, whether they are state-sponsored, carried out by criminal organizations, or carried out by individuals. In a world where more and more gadgets are interconnected, hackers have more and more entry points via which they may damage critical infrastructure. Significant modifications to an organization's main technological systems have created a new threat surface. The study's goal is to raise awareness about the challenges of protecting digital infrastructure in the future while it is still in development. Fog architecture is designed based on functionality once the infrastructure that creates large data has been established. There's also an in-depth look of fog-enabled IoT network security requirements. The next section examines the security issues connected with fog computing, as well as the privacy and trust issues raised by fog-enabled Internet of Things (IoT). Block chain is also examined to see how it may help address IoT security problems, as well as the complimentary interrelationships between block-chain and fog computing. Additionally, Formalizes big data security goal and scope, develops taxonomy for identifying risks to fog-based Internet of Things systems, compares current development contributions to security service standards, and proposes interesting study areas for future studies, all within this framework
2023-01-05
Mead, Nancy R..  2022.  Critical Infrastructure Protection and Supply Chain Risk Management. 2022 IEEE 30th International Requirements Engineering Conference Workshops (REW). :215—218.
Critical infrastructure is a key area in cybersecurity. In the U.S., it was front and center in 1997 with the report from the President’s Commission on Critical Infrastructure Protection (PCCIP), and now affects countries worldwide. Critical Infrastructure Protection must address all types of cybersecurity threats - insider threat, ransomware, supply chain risk management issues, and so on. Unsurprisingly, in the past 25 years, the risks and incidents have increased rather than decreased and appear in the news daily. As an important component of critical infrastructure protection, secure supply chain risk management must be integrated into development projects. Both areas have important implications for security requirements engineering.
2022-09-29
Ferguson-Walter, Kimberly J., Gutzwiller, Robert S., Scott, Dakota D., Johnson, Craig J..  2021.  Oppositional Human Factors in Cybersecurity: A Preliminary Analysis of Affective States. 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW). :153–158.
The need for cyber defense research is growing as more cyber-attacks are directed at critical infrastructure and other sensitive networks. Traditionally, the focus has been on hardening system defenses. However, other techniques are being explored including cyber and psychological deception which aim to negatively impact the cognitive and emotional state of cyber attackers directly through the manipulation of network characteristics. In this study, we present a preliminary analysis of survey data collected following a controlled experiment in which over 130 professional red teamers participated in a network penetration task that included cyber deception and psychological deception manipulations [7]. Thematic and inductive analysis of previously un-analyzed open-ended survey responses revealed factors associated with affective states. These preliminary results are a first step in our analysis efforts and show that there are potentially several distinct dimensions of cyber-behavior that induce negative affective states in cyber attackers, which may serve as potential avenues for supplementing traditional cyber defense strategies.
2022-09-20
Pereira, Luiz Manella, Iyengar, S. S., Amini, M. Hadi.  2021.  On the Impact of the Embedding Process on Network Resilience Quantification. 2021 International Conference on Computational Science and Computational Intelligence (CSCI). :836—839.
Network resilience is crucial to ensure reliable and secure operation of critical infrastructures. Although graph theoretic methods have been developed to quantify the topological resilience of networks, i.e., measuring resilience with respect to connectivity, in this study we propose to use the tools from Topological Data Analysis (TDA), Algebraic Topology, and Optimal Transport (OT). In our prior work, we used these tools to create a resilience metric that bypassed the need to embed a network onto a space. We also hypothesized that embeddings could encode different information about a network and that different embeddings could result in different outcomes when computing resilience. In this paper we attempt to test this hypothesis. We will utilize the WEGL framework to compute the embedding for the considered network and compare the results against our prior work, which did not use an embedding process. To our knowledge, this is the first attempt to study the ramifications of choosing an embedding, thus providing a novel understanding into how to choose an embedding and whether such a choice matters when quantifying resilience.
2022-09-09
Jacq, Olivier, Salazar, Pablo Giménez, Parasuraman, Kamban, Kuusijärvi, Jarkko, Gkaniatsou, Andriana, Latsa, Evangelia, Amditis, Angelos.  2021.  The Cyber-MAR Project: First Results and Perspectives on the Use of Hybrid Cyber Ranges for Port Cyber Risk Assessment. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :409—414.
With over 80% of goods transportation in volume carried by sea, ports are key infrastructures within the logistics value chain. To address the challenges of the globalized and competitive economy, ports are digitizing at a fast pace, evolving into smart ports. Consequently, the cyber-resilience of ports is essential to prevent possible disruptions to the economic supply chain. Over the last few years, there has been a significant increase in the number of disclosed cyber-attacks on ports. In this paper, we present the capabilities of a high-end hybrid cyber range for port cyber risks awareness and training. By describing a specific port use-case and the first results achieved, we draw perspectives for the use of cyber ranges for the training of port actors in cyber crisis management.
2022-07-12
Mbanaso, U. M., Makinde, J. A..  2021.  Conceptual Modelling of Criticality of Critical Infrastructure Nth Order Dependency Effect Using Neural Networks. 2020 IEEE 2nd International Conference on Cyberspac (CYBER NIGERIA). :127—131.
This paper presents conceptual modelling of the criticality of critical infrastructure (CI) nth order dependency effect using neural networks. Incidentally, critical infrastructures are usually not stand-alone, they are mostly interconnected in some way thereby creating a complex network of infrastructures that depend on each other. The relationships between these infrastructures can be either unidirectional or bidirectional with possible cascading or escalating effect. Moreover, the dependency relationships can take an nth order, meaning that a failure or disruption in one infrastructure can cascade to nth interconnected infrastructure. The nth-order dependency and criticality problems depict a sequential characteristic, which can result in chronological cyber effects. Consequently, quantifying the criticality of infrastructure demands that the impact of its failure or disruption on other interconnected infrastructures be measured effectively. To understand the complex relational behaviour of nth order relationships between infrastructures, we model the behaviour of nth order dependency using Neural Network (NN) to analyse the degree of dependency and criticality of the dependent infrastructure. The outcome, which is to quantify the Criticality Index Factor (CIF) of a particular infrastructure as a measure of its risk factor can facilitate a collective response in the event of failure or disruption. Using our novel NN approach, a comparative view of CIFs of infrastructures or organisations can provide an efficient mechanism for Critical Information Infrastructure Protection and resilience (CIIPR) in a more coordinated and harmonised way nationally. Our model demonstrates the capability to measure and establish the degree of dependency (or interdependency) and criticality of CIs as a criterion for a proactive CIIPR.
2022-06-09
Atluri, Venkata, Horne, Jeff.  2021.  A Machine Learning based Threat Intelligence Framework for Industrial Control System Network Traffic Indicators of Compromise. SoutheastCon 2021. :1–5.
Cyber-attacks on our Nation's Critical Infrastructure are growing. In this research, a Cyber Threat Intelligence (CTI) framework is proposed, developed, and tested. The results of the research, using 5 different simulated attacks on a dataset from an Industrial Control System (ICS) testbed, are presented with the extracted IOCs. The Bagging Decision Trees model showed the highest performance of testing accuracy (94.24%), precision (0.95), recall (0.93), and F1-score (0.94) among the 9 different machine learning models studied.
2022-05-19
Singh, Malvika, Mehtre, BM, Sangeetha, S.  2021.  User Behaviour based Insider Threat Detection in Critical Infrastructures. 2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC). :489–494.
Cyber security is an important concern in critical infrastructures such as banking and financial organizations, where a number of malicious insiders are involved. These insiders may be existing employees / users present within the organization and causing harm by performing any malicious activity and are commonly known as insider threats. Existing insider threat detection (ITD) methods are based on statistical analysis, machine and deep learning approaches. They monitor and detect malicious user activity based on pre-built rules which fails to detect unforeseen threats. Also, some of these methods require explicit feature engineering which results in high false positives. Apart from this, some methods choose relatively insufficient features and are computationally expensive which affects the classifier's accuracy. Hence, in this paper, a user behaviour based ITD method is presented to overcome the above limitations. It is a conceptually simple and flexible approach based on augmented decision making and anomaly detection. It consists of bi-directional long short term memory (bi-LSTM) for efficient feature extraction. For the purpose of classifying users as "normal" or "malicious", a binary class support vector machine (SVM) is used. CMU-CERT v4.2 dataset is used for testing the proposed method. The performance is evaluated using the following parameters: Accuracy, Precision, Recall, F- Score and AUC-ROC. Test results show that the proposed method outperforms the existing methods.
2022-04-01
Aigner, Andreas, Khelil, Abdelmajid.  2021.  A Security Scoring Framework to Quantify Security in Cyber-Physical Systems. 2021 4th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS). :199—206.
The need to achieve a suitable level of security in Cyber-Physical Systems (CPS) presents a major challenge for engineers. The unpredictable communication of highly constrained, but safety-relevant systems in a heterogeneous environment, significantly impacts the number and severity of vulnerabilities. Consequently, if security-related weaknesses can successfully be exploited by attackers, the functionality of critical infrastructure could be denied or malfunction. This might consequently threaten life or leak sensitive information. A toolkit to quantitatively express security is essential for security engineers in order to define security-enhancing measurements. For this purpose, security scoring frameworks, like the established Common Vulnerability Scoring System can be used. However, existing security scoring frameworks may not be able to handle the proposed challenges and characteristics of CPS. Therefore, in this work, we aim to elaborate a security scoring system that is tailored to the needs of CPS. In detail, we analyze security on a System-of-Systems level, while considering multiple attacks, as well as potential side effects to other security-related objects. The positive effects of integrated mitigation concepts should also be abbreviated by our proposed security score. Additionally, we generate the security score for interacting AUTOSAR platforms in a highly-connected Vehicle-to-everything (V2x) environment. We refer to this highly relevant use case scenario to underline the benefits of our proposed scoring framework and to prove its effectiveness in CPS.
2022-03-22
O’Toole, Sean, Sewell, Cameron, Mehrpouyan, Hoda.  2021.  IoT Security and Safety Testing Toolkits for Water Distribution Systems. 2021 8th International Conference on Internet of Things: Systems, Management and Security (IOTSMS). :1—8.

Due to the critical importance of Industrial Control Systems (ICS) to the operations of cities and countries, research into the security of critical infrastructure has become increasingly relevant and necessary. As a component of both the research and application sides of smart city development, accurate and precise modeling, simulation, and verification are key parts of a robust design and development tools that provide critical assistance in the prevention, detection, and recovery from abnormal behavior in the sensors, controllers, and actuators which make up a modern ICS system. However, while these tools have potential, there is currently a need for helper-tools to assist with their setup and configuration, if they are to be utilized widely. Existing state-of-the-art tools are often technically complex and difficult to customize for any given IoT/ICS processes. This is a serious barrier to entry for most technicians, engineers, researchers, and smart city planners, while slowing down the critical aspects of safety and security verification. To remedy this issue, we take a case study of existing simulation toolkits within the field of water management and expand on existing tools and algorithms with simplistic automated retrieval functionality using a much more in-depth and usable customization interface to accelerate simulation scenario design and implementation, allowing for customization of the cyber-physical network infrastructure and cyber attack scenarios. We additionally provide a novel in-tool-assessment of network’s resilience according to graph theory path diversity. Further, we lay out a roadmap for future development and application of the proposed tool, including expansions on resiliency and potential vulnerability model checking, and discuss applications of our work to other fields relevant to the design and operation of smart cities.

2022-03-08
Nazli Choucri, Gaurav Agarwal, Xenofon Koutsoukos.  2018.  Policy-Governed Secure Collaboration: Toward Analytics for Cybersecurity of Cyber-Physical Systems.
Mounting concerns about safety and security have resulted in an intricate ecosystem of guidelines, compliance measures, directives and policy reports for cybersecurity of all critical infrastructure. By definition, such guidelines and policies are written in linear sequential text form that makes them difficult to integrate, or to understand the policy-technology-security interactions, thus limiting their relevance for science of security. We propose to develop text-to-analytics methods and tools focusing on CPS domains such as smart grids
2022-02-22
Jenkins, Chris, Vugrin, Eric, Manickam, Indu, Troutman, Nicholas, Hazelbaker, Jacob, Krakowiak, Sarah, Maxwell, Josh, Brown, Richard.  2021.  Moving Target Defense for Space Systems. 2021 IEEE Space Computing Conference (SCC). :60—71.
Space systems provide many critical functions to the military, federal agencies, and infrastructure networks. Nation-state adversaries have shown the ability to disrupt critical infrastructure through cyber-attacks targeting systems of networked, embedded computers. Moving target defenses (MTDs) have been proposed as a means for defending various networks and systems against potential cyber-attacks. MTDs differ from many cyber resilience technologies in that they do not necessarily require detection of an attack to mitigate the threat. We devised a MTD algorithm and tested its application to a real-time network. We demonstrated MTD usage with a real-time protocol given constraints not typically found in best-effort networks. Second, we quantified the cyber resilience benefit of MTD given an exfiltration attack by an adversary. For our experiment, we employed MTD which resulted in a reduction of adversarial knowledge by 97%. Even when the adversary can detect when the address changes, there is still a reduction in adversarial knowledge when compared to static addressing schemes. Furthermore, we analyzed the core performance of the algorithm and characterized its unpredictability using nine different statistical metrics. The characterization highlighted the algorithm has good unpredictability characteristics with some opportunity for improvement to produce more randomness.
2022-01-25
Chouhan, Pushpinder Kaur, Chen, Liming, Hussain, Tazar, Beard, Alfie.  2021.  A Situation Calculus based approach to Cognitive Modelling for Responding to IoT Cyberattacks. 2021 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/IOP/SCI). :219—225.
Both the sophistication and scale of cyberattacks are increasing, revealing the extent of risks at which critical infrastructure and other information and communication systems are exposed. Furthermore, the introduction of IoT devices in a number of different applications, ranging from home automation to the monitoring of critical infrastructure, has created an even more complicated cybersecurity landscape. A large amount of research has been done on detecting these attacks in real time, however mitigation is left to security experts, which is time consuming and may have economic consequences. In addition, there is no public data available for action selection that could enable the use of the latest techniques in machine learning or deep learning for this area. Currently, most systems deploy a rule-based response selection methodology for mitigating detected attacks. In this paper, we introduce a situation calculus-based approach to automated response for IoT cyberattacks. The approach offers explicit semantic-rich cognitive modeling of attacks, effects and actions and supports situation inference for timely and accurate responses. We demonstrate the effectiveness of our approach for modelling and responding to cyberattacks by implementing a use case in a real-world IoT scenario.
Nakhodchi, Sanaz, Zolfaghari, Behrouz, Yazdinejad, Abbas, Dehghantanha, Ali.  2021.  SteelEye: An Application-Layer Attack Detection and Attribution Model in Industrial Control Systems using Semi-Deep Learning. 2021 18th International Conference on Privacy, Security and Trust (PST). :1–8.
The security of Industrial Control Systems is of high importance as they play a critical role in uninterrupted services provided by Critical Infrastructure operators. Due to a large number of devices and their geographical distribution, Industrial Control Systems need efficient automatic cyber-attack detection and attribution methods, which suggests us AI-based approaches. This paper proposes a model called SteelEye based on Semi-Deep Learning for accurate detection and attribution of cyber-attacks at the application layer in industrial control systems. The proposed model depends on Bag of Features for accurate detection of cyber-attacks and utilizes Categorical Boosting as the base predictor for attack attribution. Empirical results demonstrate that SteelEye remarkably outperforms state-of-the-art cyber-attack detection and attribution methods in terms of accuracy, precision, recall, and Fl-score.
2022-01-11
Foster, Rita, Priest, Zach, Cutshaw, Michael.  2021.  Infrastructure eXpression for Codified Cyber Attack Surfaces and Automated Applicability. 2021 Resilience Week (RWS). :1–4.
The internal laboratory directed research and development (LDRD) project Infrastructure eXpression (IX) at the Idaho National Laboratory (INL), is based on codifying infrastructure to support automatic applicability to emerging cyber issues, enabling automated cyber responses, codifying attack surfaces, and analysis of cyber impacts to our nation's most critical infrastructure. IX uses the Structured Threat Information eXpression (STIX) open international standard version 2.1 which supports STIX Cyber Observable (SCO) to codify infrastructure characteristics and exposures. Using these codified infrastructures, STIX Relationship Objects (SRO) connect to STIX Domain Objects (SDO) used for modeling cyber threat used to create attack surfaces integrated with specific infrastructure. This IX model creates a shareable, actionable and implementable attack surface that is updateable with emerging threat or infrastructure modifications. Enrichment of cyber threat information includes attack patterns, indicators, courses of action, malware and threat actors. Codifying infrastructure in IX enables creation of software and hardware bill of materials (SBoM/HBoM) information, analysis of emerging cyber vulnerabilities including supply chain threat to infrastructure.
2021-12-20
Meijaard, Yoram, Meiler, Peter-Paul, Allodi, Luca.  2021.  Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory. 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :178–190.
Disruptive Advanced Persistent Threats (D-APTs) are a new sophisticated class of cyberattacks targeting critical infrastructures. Whereas regular APTs are well-described in the literature, no existing APT kill chain model incorporates the disruptive actions of D-APTs and can be used to represent DAPTs in data. To this aim, the contribution of this paper is twofold: first, we review the evolution of existing APT kill chain models. Second, we present a novel D-APT model based on existing ATP models and military theory. The model describes the strategic objective setting, the operational kill chain and the tactics of the attacker, as well as the defender’s critical infrastructure, processes and societal function.
2021-11-29
Imanimehr, Fatemeh, Gharaee, Hossein, Enayati, Alireza.  2020.  An Architecture for National Information Sharing and Alerting System. 2020 10th International Symposium onTelecommunications (IST). :217–221.
Protecting critical infrastructure from cyber threats is one of the most important obligations of governments to ensure the national and social security of the society. Developing national cyber situational awareness platform provides a protection of critical infrastructures. In such a way, each infrastructure, independently, generates its own situational awareness and shares it with other infrastructures through a national sharing and alerting center. The national information sharing and alerting center collects cyber information of infrastructures and draws a picture of national situational awareness by examining the potential effects of received threats on other infrastructures and predicting the national cyber status in near future. This paper represents the conceptual architecture for such national sharing system and suggests some brief description of its implementation.