9 research outputs found
What makes an industrial control system security testbed credible and acceptable? Towards a design consideration framework
The convergence of Industrial Control System (ICS) with Information Technologies (IT) coupled with the resulting and widely publicized cyber security incidents have made ICS security and resilience issues of critical concern to operators and governments. The inability to apply traditional IT security practice to ICSs further complicates the challenges of effectively securing critical industrial systems. To investigate these challenges without impacting upon live system operations, testbeds are being widely used as viable options to explore, develop and assess security risks and controls. However, how an ICS testbed is designed, and its attributes, can directly impact not only on its viability but also its credibility and acceptance for use as a whole. Through a systematic review and analysis of ICS security testbed design factors, a novel outline conceptual mapping of design factors for building credibility and acceptance is proposed. These design considerations include: design objectives, implementation approach, architectural component coverage, core operational characteristics, and evaluation approach
Design Considerations for Building Credible Security Testbeds : A Systematic Study of Industrial Control System Use Cases
This paper presents a mapping framework for design factors and implementation process for building credible Industrial Control Systems (ICS) security testbeds. The resilience of ICSs has become a critical concern to operators and governments following widely publicised cyber security events. The inability to apply conventional Information Technology security practice to ICSs further compounds challenges in adequately securing critical systems. To overcome these challenges, and do so without impacting live environments, testbeds for the exploration, development and evaluation of security controls are widely used. However, how a testbed is designed and its attributes, can directly impact not only its viability but also its credibility as a whole. Through a combined systematic and thematic analysis and mapping of ICS security testbed design attributes, this paper suggests that the expertise of human experimenters, design objectives, the implementation approach, architectural coverage, core characteristics, and evaluation methods; are considerations that can help establish or enhance confidence, trustworthiness and acceptance; thus, credibility of ICS security testbeds
Design Considerations for Building Credible Security Testbeds: Perspectives from Industrial Control System Use Cases
This paper presents a mapping framework for design factors and an implementation process for building credible Industrial Control Systems (ICS) security testbeds. The security and resilience of ICSs has become a critical concern to operators and governments following widely publicised cyber security events. The inability to apply conventional Information Technology security practice to ICSs further compounds challenges in adequately securing critical systems. To overcome these challenges, and do so without impacting live environments, testbeds are widely used for the exploration, development, and evaluation of security controls. However, how a testbed is designed and its attributes, can directly impact not only its viability but also its credibility. Combining systematic and thematic analysis, and the mapping of identified ICS security testbed design attributes, we propose a novel relationship map of credibility-supporting design factors (and their associated attributes) and a process implementation flow structure for ICS security testbeds. The framework and implementation process highlight the significance of demonstrating some design factors such as user/experimenter expertise, clearly defined testbed design objectives, simulation implementation approach, covered architectural components, core structural and functional characteristics covered, and evaluations to enhance confidence, trustworthiness and acceptance of ICS security testbeds as credible. These can streamline testbed requirement definition, improve design consistency and quality while reducing implementation costs
Protocol for a Systematic Literature Review on Adaptative Middleware Support for IoT and CPS
This protocol defines the procedure to conduct a systematic literature review on adaptive middleware support for the Internet of Things (IoT) and Cyber-physical Systems (CPS). The mentioned concepts deal with smart interactive objects which provide a set of services, but they look into the problem from various perspectives. We especially look into middleware design decisions for reactive/proactive adaptations. Following a systematic literature review (SLR) in the selection procedure, we selected 62 papers among 4,274 candidate studies. To this end, we applied the classification and extraction framework to select and analyze the most influential domain-related information. In addition to the academic database, we took advantage of the use-cases provided by our industrial partners within the CPS4EU 2 project. This document clarifies the primary studies' selection process. The analysis of the studies, discussion, and solution proposals will be presented separately in a journal article
Security Analysis of Interdependent Critical Infrastructures: Power, Cyber and Gas
abstract: Our daily life is becoming more and more reliant on services provided by the infrastructures
power, gas , communication networks. Ensuring the security of these
infrastructures is of utmost importance. This task becomes ever more challenging as
the inter-dependence among these infrastructures grows and a security breach in one
infrastructure can spill over to the others. The implication is that the security practices/
analysis recommended for these infrastructures should be done in coordination.
This thesis, focusing on the power grid, explores strategies to secure the system that
look into the coupling of the power grid to the cyber infrastructure, used to manage
and control it, and to the gas grid, that supplies an increasing amount of reserves to
overcome contingencies.
The first part (Part I) of the thesis, including chapters 2 through 4, focuses on
the coupling of the power and the cyber infrastructure that is used for its control and
operations. The goal is to detect malicious attacks gaining information about the
operation of the power grid to later attack the system. In chapter 2, we propose a
hierarchical architecture that correlates the analysis of high resolution Micro-Phasor
Measurement Unit (microPMU) data and traffic analysis on the Supervisory Control
and Data Acquisition (SCADA) packets, to infer the security status of the grid and
detect the presence of possible intruders. An essential part of this architecture is
tied to the analysis on the microPMU data. In chapter 3 we establish a set of anomaly
detection rules on microPMU data that
flag "abnormal behavior". A placement strategy
of microPMU sensors is also proposed to maximize the sensitivity in detecting anomalies.
In chapter 4, we focus on developing rules that can localize the source of an events
using microPMU to further check whether a cyber attack is causing the anomaly, by
correlating SCADA traffic with the microPMU data analysis results. The thread that
unies the data analysis in this chapter is the fact that decision are made without fully estimating the state of the system; on the contrary, decisions are made using
a set of physical measurements that falls short by orders of magnitude to meet the
needs for observability. More specifically, in the first part of this chapter (sections 4.1-
4.2), using microPMU data in the substation, methodologies for online identification of
the source Thevenin parameters are presented. This methodology is used to identify
reconnaissance activity on the normally-open switches in the substation, initiated
by attackers to gauge its controllability over the cyber network. The applications
of this methodology in monitoring the voltage stability of the grid is also discussed.
In the second part of this chapter (sections 4.3-4.5), we investigate the localization
of faults. Since the number of PMU sensors available to carry out the inference
is insufficient to ensure observability, the problem can be viewed as that of under-sampling
a "graph signal"; the analysis leads to a PMU placement strategy that can
achieve the highest resolution in localizing the fault, for a given number of sensors.
In both cases, the results of the analysis are leveraged in the detection of cyber-physical
attacks, where microPMU data and relevant SCADA network traffic information
are compared to determine if a network breach has affected the integrity of the system
information and/or operations.
In second part of this thesis (Part II), the security analysis considers the adequacy
and reliability of schedules for the gas and power network. The motivation for
scheduling jointly supply in gas and power networks is motivated by the increasing
reliance of power grids on natural gas generators (and, indirectly, on gas pipelines)
as providing critical reserves. Chapter 5 focuses on unveiling the challenges and
providing solution to this problem.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201
Recommended from our members
A Real-Time Testbed Environment for Cyber-Physical Security on the Power Grid
The trustworthiness and security of cyber-physical systems (CPSs), such as the power grid, are of paramount importance to ensure their safe operation, performance, and economic efficiency. The aim of many cyber-physical security techniques, such as network intrusion detection systems (NIDSs) for CPSs, is to ensure continuous reliable operation even in exposed network environments. But the validation of such methods goes well beyond standard network analysis, since meaningful tests must also integrate realistic understanding of the physical systems behavior and response to the network activity. Our goal in this paper is to showcase an example of a testbed environment that can support such validation. In it, real network traffic, emulating and industrial control network, interacts with simulated physical models in real-time, extending and leveraging "hardware-in-the-loop" and "cyber-in-the-loop" capabilities. The testbed is a bridge between theory and practice and offers a number of features, including network communications, data management, as well as the virtualization of cyber-physical state analytics performed by the NIDS. The traffic is captured by real network taps and is forwarded to a real data management environment, receiving also the data reports from the simulated industrial control environment. To illustrate the capabilities of our testbed we show how the data are cross-checked by a "physics aware"Â NIDS, identifying network traffic that does not comply with its cyber-physical security rules
Recommended from our members
A Real-Time Testbed Environment for Cyber-Physical Security on the Power Grid
The trustworthiness and security of cyber-physical systems (CPSs), such as the power grid, are of paramount importance to ensure their safe operation, performance, and economic efficiency. The aim of many cyber-physical security techniques, such as network intrusion detection systems (NIDSs) for CPSs, is to ensure continuous reliable operation even in exposed network environments. But the validation of such methods goes well beyond standard network analysis, since meaningful tests must also integrate realistic understanding of the physical systems behavior and response to the network activity. Our goal in this paper is to showcase an example of a testbed environment that can support such validation. In it, real network traffic, emulating and industrial control network, interacts with simulated physical models in real-time, extending and leveraging "hardware-in-the-loop" and "cyber-in-the-loop" capabilities. The testbed is a bridge between theory and practice and offers a number of features, including network communications, data management, as well as the virtualization of cyber-physical state analytics performed by the NIDS. The traffic is captured by real network taps and is forwarded to a real data management environment, receiving also the data reports from the simulated industrial control environment. To illustrate the capabilities of our testbed we show how the data are cross-checked by a "physics aware"Â NIDS, identifying network traffic that does not comply with its cyber-physical security rules
A Survey on Industrial Control System Testbeds and Datasets for Security Research
The increasing digitization and interconnection of legacy Industrial Control
Systems (ICSs) open new vulnerability surfaces, exposing such systems to
malicious attackers. Furthermore, since ICSs are often employed in critical
infrastructures (e.g., nuclear plants) and manufacturing companies (e.g.,
chemical industries), attacks can lead to devastating physical damages. In
dealing with this security requirement, the research community focuses on
developing new security mechanisms such as Intrusion Detection Systems (IDSs),
facilitated by leveraging modern machine learning techniques. However, these
algorithms require a testing platform and a considerable amount of data to be
trained and tested accurately. To satisfy this prerequisite, Academia,
Industry, and Government are increasingly proposing testbed (i.e., scaled-down
versions of ICSs or simulations) to test the performances of the IDSs.
Furthermore, to enable researchers to cross-validate security systems (e.g.,
security-by-design concepts or anomaly detectors), several datasets have been
collected from testbeds and shared with the community. In this paper, we
provide a deep and comprehensive overview of ICSs, presenting the architecture
design, the employed devices, and the security protocols implemented. We then
collect, compare, and describe testbeds and datasets in the literature,
highlighting key challenges and design guidelines to keep in mind in the design
phases. Furthermore, we enrich our work by reporting the best performing IDS
algorithms tested on every dataset to create a baseline in state of the art for
this field. Finally, driven by knowledge accumulated during this survey's
development, we report advice and good practices on the development, the
choice, and the utilization of testbeds, datasets, and IDSs
Wireless Sensor Data Transport, Aggregation and Security
abstract: Wireless sensor networks (WSN) and the communication and the security therein have been gaining further prominence in the tech-industry recently, with the emergence of the so called Internet of Things (IoT). The steps from acquiring data and making a reactive decision base on the acquired sensor measurements are complex and requires careful execution of several steps. In many of these steps there are still technological gaps to fill that are due to the fact that several primitives that are desirable in a sensor network environment are bolt on the networks as application layer functionalities, rather than built in them. For several important functionalities that are at the core of IoT architectures we have developed a solution that is analyzed and discussed in the following chapters.
The chain of steps from the acquisition of sensor samples until these samples reach a control center or the cloud where the data analytics are performed, starts with the acquisition of the sensor measurements at the correct time and, importantly, synchronously among all sensors deployed. This synchronization has to be network wide, including both the wired core network as well as the wireless edge devices. This thesis studies a decentralized and lightweight solution to synchronize and schedule IoT devices over wireless and wired networks adaptively, with very simple local signaling. Furthermore, measurement results have to be transported and aggregated over the same interface, requiring clever coordination among all nodes, as network resources are shared, keeping scalability and fail-safe operation in mind. Furthermore ensuring the integrity of measurements is a complicated task. On the one hand Cryptography can shield the network from outside attackers and therefore is the first step to take, but due to the volume of sensors must rely on an automated key distribution mechanism. On the other hand cryptography does not protect against exposed keys or inside attackers. One however can exploit statistical properties to detect and identify nodes that send false information and exclude these attacker nodes from the network to avoid data manipulation. Furthermore, if data is supplied by a third party, one can apply automated trust metric for each individual data source to define which data to accept and consider for mentioned statistical tests in the first place. Monitoring the cyber and physical activities of an IoT infrastructure in concert is another topic that is investigated in this thesis.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201