Biblio

Countries are putting cyber-security at the forefront of their national issues. With the increase in cyber capabilities and infrastructure systems becoming cyber-enabled, threats now have a physical impact from the cyber dimension. This paper proposes an analytical framework for national cyber-security profiling by taking national governmental and technical threat modeling simulations. Applying thematic analysis towards national cybersecurity strategy helps further develop understanding, in conjunction with threat modeling methodology simulation, to gain insight into critical infrastructure threat impact.

The numerous attacks on ICS systems have made severe threats to critical infrastructure. Extensive studies have focussed on the risk assessment of discovering vulnerabilities. However, to identify Zero-day vulnerabilities is challenging because they are unknown to defenders. Here we sought to measure ICS system zero-day risk by building an enhanced attack graph for expected attack path exploiting zero-day vulnerability. In this study, we define the security metrics of Zero-day vulnerability for an ICS. Then we created a Zero-day attack graph to guide how to harden the system by measuring attack paths that exploiting zero-day vulnerabilities. Our studies identify the vulnerability assessment method on ICS systems considering Zero-day Vulnerability by zero-day attack graph. Together, our work is essential to ICS systems security. By assessing unknown vulnerability risk to close the imbalance between attackers and defenders.

The ability to react to a malicious attack starts with high fidelity recognition, and with that, an agile response to the attack. The current Operational Technology (OT) systems for a critical infrastructure include an intrusion detection system (IDS), but the ability to adapt to an intrusion is a human initiated response. Orchestrators, which are coming of age in the financial sector and allow for levels of automated response, are not prevalent in the OT space. To evolve to such responses in the OT space, a tradeoff analysis is first needed. This tradeoff analysis should evaluate the mitigation benefits of responses versus the physical affects that result. Providing an informed and automated response decision. This paper presents a formulation of a novel tradeoff analysis and its use in advancing a cyber-physical architecture for automated responses (CyPhAAR).

Computer networks and surging advancements of innovative information technology construct a critical infrastructure for network transactions of business entities. Information exchange and data access though such infrastructure is scrutinized by adversaries for vulnerabilities that lead to cyber-attacks. This paper presents an agent-based system modelling to conceptualize and extract explicit and latent structure of the complex enterprise systems as well as human interactions within the system to determine common vulnerabilities of the entity. The model captures emergent behavior resulting from interactions of multiple network agents including the number of workstations, regular, administrator and third-party users, external and internal attacks, defense mechanisms for the network setting, and many other parameters. A risk-based approach to modelling cybersecurity of a business entity is utilized to derive the rate of attacks. A neural network model will generalize the type of attack based on network traffic features allowing dynamic state changes. Rules of engagement to generate self-organizing behavior will be leveraged to appoint a defense mechanism suitable for the attack-state of the model. The effectiveness of the model will be depicted by time-state chart that shows the number of affected assets for the different types of attacks triggered by the entity risk and the time it takes to revert into normal state. The model will also associate a relevant cost per incident occurrence that derives the need for enhancement of security solutions.

With the increasing interdependence of critical infrastructures, the probability of a specific infrastructure to experience a complex cyber-physical attack is increasing. Thus it is important to analyze the risk of an attack and the dynamics of its propagation in order to design and deploy appropriate countermeasures. The attack trees, commonly adopted to this aim, have inherent shortcomings in representing interdependent, concurrent and sequential attacks. To overcome this, the work presented here proposes a stochastic methodology using Petri Nets and Continuous Time Markov Chain (CTMC) to analyze the attacks, considering the individual attack occurrence probabilities and their stochastic propagation times. A procedure to convert a basic attack tree into an equivalent CTMC is presented. The proposed method is applied in a case study to calculate the different attack propagation characteristics. The characteristics are namely, the probability of reaching the root node & sub attack nodes, the mean time to reach the root node and the mean time spent in the sub attack nodes before reaching the root node. Additionally, the method quantifies the effectiveness of specific defenses in reducing the attack risk considering the efficiency of individual defenses.

Industrial Control Systems (ICSs) are widely used in critical infrastructure around the world to provide services that sustain peoples' livelihoods and economic operations. However, compared with the critical infrastructure, the security of the ICS itself is still insufficient, and there will be a degree of damage, if it is attacked or invaded. In the past, an ICS was designed to operate in a traditional closed network, so the industrial equipment and transmission protocol lacked security verification. In addition, an ICS has high availability requirements, so that its equipment is rarely replaced and upgraded. Although many scholars have proposed the defense mechanism that is applicable to ICS in the past, there is still a lack of tested means to verify these defense technologies. The purpose of this study is to analyze the security of a system using the Modbus transmission protocol in an ICS, to establish a modular security test system based on four types of attacks that have been identified in the past literature, namely, a detection attack, a command injection attack, a response injection attack and a denial of service, to implement the attack results and to display the process in the virtual environment of Conpot and Rapid SCADA, and finally, to adopt the ICS security standards mentioned by previous scholars, namely, confidentiality, integrity and availability, as the performance evaluation criteria of this study.

A rapid rise in cyber-attacks on Cyber Physical Systems (CPS) has been observed in the last decade. It becomes even more concerning that several of these attacks were on critical infrastructures that indeed succeeded and resulted into significant physical and financial damages. Experimental testbeds capable of providing flexible, scalable and interoperable platform for executing various cybersecurity experiments is highly in need by all stakeholders. A container-based SCADA testbed is presented in this work as a potential platform for executing cybersecurity experiments. Through this testbed, a network traffic containing ARP spoofing is generated that represents a Man in the middle (MITM) attack. While doing so, scanning of different systems within the network is performed which represents a reconnaissance attack. The network traffic generated by both ARP spoofing and network scanning are captured and further used for preparing a dataset. The dataset is utilized for training a network classification model through a machine learning algorithm. Performance of the trained model is evaluated through a series of tests where promising results are obtained.

Fully securing networks from remote attacks is recognized by the IT industry as a critical and imposing challenge. Even highly secure systems remain vulnerable to attacks and advanced persistent threats. Air-gapped networks may be secure from remote attack. One-way flows are a novel approach to improving the security of telemetry for critical infrastructure, retaining some of the benefits of interconnectivity whilst maintaining a level of network security analogous to that of unconnected devices. Simple and inexpensive techniques can be used to provide this unidirectional security, removing the risk of remote attack from a range of potential targets and subnets. The application of one-way networks is demonstrated using IEEE compliant PMU data streams as a case study. Scalability is demonstrated using SDN techniques. Finally, these techniques are combined, demonstrating a node which can be secured from remote attack, within defined limitations.

Advancements in computing, communication, and sensing technologies are making it possible to embed, control, and gather vital information from tiny devices that are being deployed and utilized in practically every aspect of our modernized society. From smart home appliances to municipal water and electric industrial facilities to our everyday work environments, the next Internet frontier, dubbed IoT, is promising to revolutionize our lives and tackle some of our nations' most pressing challenges. While the seamless interconnection of IoT devices with the physical realm is envisioned to bring a plethora of critical improvements in many aspects and diverse domains, it will undoubtedly pave the way for attackers that will target and exploit such devices, threatening the integrity of their data and the reliability of critical infrastructure. Further, such compromised devices will undeniably be leveraged as the next generation of botnets, given their increased processing capabilities and abundant bandwidth. While several demonstrations exist in the literature describing the exploitation procedures of a number of IoT devices, the up-to-date inference, characterization, and analysis of unsolicited IoT devices that are currently deployed "in the wild" is still in its infancy. In this article, we address this imperative task by leveraging active and passive measurements to report on unsolicited Internet-scale IoT devices. This work describes a first step toward exploring the utilization of passive measurements in combination with the results of active measurements to shed light on the Internet-scale insecurities of the IoT paradigm. By correlating results of Internet-wide scanning with Internet background radiation traffic, we disclose close to 14,000 compromised IoT devices in diverse sectors, including critical infrastructure and smart home appliances. To this end, we also analyze their generated traffic to create effective mitigation signatures that could be deployed in local IoT realms. To support largescale empirical data analytics in the context of IoT, we make available the inferred and extracted IoT malicious raw data through an authenticated front-end service. The outcomes of this work confirm the existence of such compromised devices on an Internet scale, while the generated inferences and insights are postulated to be employed for inferring other similarly compromised IoT devices, in addition to contributing to IoT cyber security situational awareness.

Communications play a fundamental role in the economic and social well-being of the citizens and on operations of most of the critical infrastructures (CIs). Extreme weather events, natural disasters and criminal attacks represent a challenge due to their increase in frequency and intensity requiring smarter resilience of the Communication CIs, which are extremely vulnerable due to the ever-increasing complexity of the architecture also in light of the evolution towards 5G, the extensive use of programmable platforms and exponential growth of connected devices. In this paper, we present the aim of RESISTO H2020 EU-funded project, which constitutes an innovative solution for Communication CIs holistic situation awareness and enhanced resilience.

Several assessment techniques and methodologies exist to analyze the security of an application dynamically. However, they either are focused on a particular product or are mainly concerned about the assessment process rather than the product's security confidence. Most crucially, they tend to assess the security of a target application as a standalone artifact without assessing its host infrastructure. Such attempts can undervalue the overall security posture since the infrastructure becomes crucial when it hosts a critical application. We present an ontology-based security model that aims to provide the necessary knowledge, including network settings, application configurations, testing techniques and tools, and security metrics to evaluate the security aptitude of a critical application in the context of its hosting infrastructure. The objective is to integrate the current good practices and standards in security testing and virtualization to furnish an on-demand and test-ready virtual target infrastructure to execute the critical application and to initiate a context-aware and quantifiable security assessment process in an automated manner. Furthermore, we present a security assessment architecture to reflect on how the ontology can be integrated into a standard process.

Control systems for critical infrastructure are becoming increasingly interconnected while cyber threats against critical infrastructure are becoming more sophisticated and difficult to defend against. Historically, cyber security has emphasized building defenses to prevent loss of confidentiality, integrity, and availability in digital information and systems, but in recent years cyber attacks have demonstrated that no system is impenetrable and that control system operation may be detrimentally impacted. Cyber resilience has emerged as a complementary priority that seeks to ensure that digital systems can maintain essential performance levels, even while capabilities are degraded by a cyber attack. This paper examines how cyber security and cyber resilience may be measured and quantified in a control system environment. Load Frequency Control is used as an illustrative example to demonstrate how cyber attacks may be represented within mathematical models of control systems, to demonstrate how these events may be quantitatively measured in terms of cyber security or cyber resilience, and the differences and similarities between the two mindsets. These results demonstrate how various metrics are applied, the extent of their usability, and how it is important to analyze cyber-physical systems in a comprehensive manner that accounts for all the various parts of the system.

Realizing the importance of the concept of “smart city” and its impact on the quality of life, many infrastructures, such as power plants, began their digital transformation process by leveraging modern computing and advanced communication technologies. Unfortunately, by increasing the number of connections, power plants become more and more vulnerable and also an attractive target for cyber-physical attacks. The analysis of interdependencies among system components reveals interdependent connections, and facilitates the identification of those among them that are in need of special protection. In this paper, we review the recent literature which utilizes graph-based models and network-based models to study these interdependencies. A comprehensive overview, based on the main features of the systems including communication direction, control parameters, research target, scalability, security and safety, is presented. We also assess the computational complexity associated with the approaches presented in the reviewed papers, and we use this metric to assess the scalability of the approaches.

The mass integration and deployment of intelligent technologies within critical commercial, industrial and public environments have a significant impact on business operations and society as a whole. Though integration of these critical intelligent technologies pose serious embedded security challenges for technology manufacturers which are required to be systematically approached, in-line with international security regulations.This paper establish security foundation for such intelligent technologies by deriving embedded security requirements to realise the core security functions laid out by international security authorities, and proposing microarchitectural characteristics to establish cyber resilience in embedded systems. To bridge the research gap between embedded and operational security domains, a detailed review of existing embedded security methods, microarchitectures and design practises is presented. The existing embedded security methods have been found ad-hoc, passive and strongly rely on building and maintaining trust. To the best of our knowledge to date, no existing embedded security microarchitecture or defence mechanism provides continuity of data stream or security once trust has broken. This functionality is critical for embedded technologies deployed in critical infrastructure to enhance and maintain security, and to gain evidence of the security breach to effectively evaluate, improve and deploy active response and mitigation strategies. To this end, the paper proposes three microarchitectural characteristics that shall be designed and integrated into embedded architectures to establish, maintain and improve cyber resilience in embedded systems for next-generation critical infrastructure.

Modern cybercrimes have exponentially grown over the last one decade. Ransomware is one of the types of malware which is the result of sophisticated attempt to compromise the modern computer systems. The governments and large corporations are investing heavily to combat this cyber threat against their critical infrastructure. It has been observed that over the last few years that Industrial Control Systems (ICS) have become the main target of Ransomware due to the sensitive operations involved in the day to day processes of these industries. As the technology is evolving, more and more traditional industrial systems are replaced with advanced industry methods involving advanced technologies such as Internet of Things (IoT). These technology shift help improve business productivity and keep the company's global competitive in an overflowing competitive market. However, the systems involved need secure measures to protect integrity and availability which will help avoid any malfunctioning to their operations due to the cyber-attacks. There have been several cyber-attack incidents on healthcare, pharmaceutical, water cleaning and energy sector. These ICS' s are operated by remote control facilities and variety of other devices such as programmable logic controllers (PLC) and sensors to make a network. Cyber criminals are exploring vulnerabilities in the design of these ICS's to take the command and control of these systems and disrupt daily operations until ransomware is paid. This paper will provide critical analysis of the impact of Ransomware threat on SCADA systems.

Critical infrastructures of all countries unites common cyberspace. In this space, there are many threats that can disrupt the security of critical infrastructure in one country, but also cause damage in other countries. This is a reality that makes it necessary to agree on intergovernmental national views on the composition of critical infrastructures, an assessment of their security and protection. The article presents an overview of views on critical infrastructures of the United States, the European Union, the United Kingdom, and the Russian Federation, the purpose of which is to develop common positions.

Rapid inspection and assessment of critical infrastructure after man-made and natural disasters is a matter of homeland security. The primary aim of this paper is to demonstrate the potential of leveraging small Unmanned Aircraft System (sUAS) in support of the rapid recovery of critical infrastructure in the aftermath of catastrophic events. We propose our data collection, detection and assessment system, using a sUAS equipped with a Lidar and a camera. This method provides a solution in fast post-disaster response and assists human responders in damage investigation.

The defense-in-depth approach has been widely recommended for designing critical information infrastructure, however, the lack of holistic design guidelines makes it difficult for many organizations to adopt the concept. Therefore, this paper proposes a holistic architectural framework and guidelines based on ring-based nested network zones for designing such highly secured information systems. This novel security architectural framework and guidelines offer the overall structural design and implementation options for holistically designing the N-tier/shared nothing system architectures. The implementation options, e.g. for the zone's perimeters, are recommended to achieve different capability levels of security or to trade off among different required security attributes. This framework enables the adaptive capability suitable for different real-world contexts. This paper also proposes an attack-hops verification approach as a tool to evaluate the architectural design.

The Industrial Internet of Things (IIoT) is a term applied to the industrial application of M2M devices. The security of IIoT devices is a difficult problem and where the automation of critical infrastructure is intended, risks may be unacceptable. Remote attacks are a significant threat and solutions are sought which are secure by default. The problem space may be analyzed using threat modelling methods. Software Defined Networks (SDN) provide mitigation for remote attacks which exploit local area networks. Similar concepts applied to the WAN may improve availability and performance and provide granular data on link characteristics. Schemes such as the Software Defined Perimeter allow IIoT devices to communicate on the Internet, mitigating avenues of remote attack. Finally, separation of duties at the IIoT device may prevent attacks on the integrity of the device or the confidentiality and integrity of its communications. Work remains to be done on the mitigation of DDoS.

The applications in the critical infrastructure systems pose simultaneous resilience and performance requirements to the underlying computer network. To meet such requirements, the networks that use the store-and-forward paradigm poses stringent conditions on the redundancy in the network topology and results in problems that becoming computationally challenging to solve at scale. However, with the advent of programmable data-planes, it is now possible to use linear network coding (NC) at the intermediate network nodes to meet resilience requirements of the applications. To that end, we propose an architecture that realizes linear NC in programmable networks by decomposing the linear NC functions into the atomic coding primitives. We designed and implemented the primitives using the features offered by the P4 ecosystem. Using an empirical evaluation, we show that the theoretical gains promised by linear network coding can be realized with a per-packet processing cost.

SCADA control systems use programmable logic controller to interface with critical machines. SCADA systems are used in critical infrastructures, for instance, to control smart grid, oil pipelines, water distribution and chemical manufacturing plants: an attacker taking control of a SCADA system could cause various damages, both to the infrastructure but also to people (for instance, adding chemical substances into a water distribution systems). In this paper we propose a method to detect attacks targeting SCADA systems. We exploit model checking, in detail we model logs from SCADA systems into a network of timed automata and, through timed temporal logic, we characterize the behaviour of a SCADA system under attack. Experiments performed on a SCADA water distribution system confirmed the effectiveness of the proposed method.

Energy Distribution Grids are considered critical infrastructure, hence the Distribution System Operators (DSOs) have developed sophisticated engineering practices to improve their resilience. Over the last years, due to the "Smart Grid" evolution, this infrastructure has become a distributed system where prosumers (the consumers who produce and share surplus energy through the grid) can plug in distributed energy resources (DERs) and manage a bi-directional flow of data and power enabled by an advanced IT and control infrastructure. This introduces new challenges, as the prosumers possess neither the skills nor the knowledge to assess the risk or secure the environment from cyber-threats. We propose a simple and usable approach based on the Reference Model of Information Assurance & Security (RMIAS), to support the prosumers in the selection of cybesecurity measures. The purpose is to reduce the risk of being directly targeted and to establish collective responsibility among prosumers as grid gatekeepers. The framework moves from a simple risk analysis based on security goals to providing guidelines for the users for adoption of adequate security countermeasures. One of the greatest advantages of the approach is that it does not constrain the user to a specific threat model.

The constant changing of technologies have brought to critical infrastructure organisations numerous information security threats such as insider threat. Critical infrastructure organisations have difficulties to early detect and capture the possible vital signs of insider threats due sometimes to lack of effective methodologies or frameworks. It is from this viewpoint that, this paper proposes a symptomatic insider threat risk assessments framework known as Insider Threat Framework for Namibia Critical Infrastructure Organization (ITFNACIO), aimed to predict the probable signs of insider threat based on Symptomatic Analysis (SA), and develop a prototype as a proof of concept. A case study was successfully used to validate and implement the proposed framework; hence, qualitative methodology was employed throughout the whole research process where two (2) insider threats were captured. The proposed insider threat framework can be further developed in multiple cases and a more automated system able to trigger an early warning system of possible insider threat events.

SCADA systems are being constantly migrated to modern information and communication technologies (ICT) -based systems named cyber-physical systems. Unfortunately, this allows attackers to execute exploitation techniques into these architectures. In addition, ransomware insertion is nowadays the most popular attacking vector because it denies the availability of critical files and systems until attackers receive the demanded ransom. In this paper, it is analysed the risk impact of ransomware insertion into SCADA systems and it is suggested countermeasures addressed to the protection of SCADA systems and its components to reduce the impact of ransomware insertion.

This paper presents a control strategy for Cyber-Physical System defense developed in the framework of the European Project ATENA, that concerns Critical Infrastructure (CI) protection. The aim of the controller is to find the optimal security configuration, in terms of countermeasures to implement, in order to address the system vulnerabilities. The attack/defense problem is modeled as a multi-agent general sum game, where the aim of the defender is to prevent the most damage possible by finding an optimal trade-off between prevention actions and their costs. The problem is solved utilizing Reinforcement Learning and simulation results provide a proof of the proposed concept, showing how the defender of the protected CI is able to minimize the damage caused by his her opponents by finding the Nash equilibrium of the game in the zero-sum variant, and, in a more general scenario, by driving the attacker in the position where the damage she/he can cause to the infrastructure is lower than the cost it has to sustain to enforce her/his attack strategy.