A Comprehensive Survey on the Cyber-Security of Smart Grids: Cyber-Attacks, Detection, Countermeasure Techniques, and Future Directions

One of the significant challenges that smart grid networks face is cyber-security. Several studies have been conducted to highlight those security challenges. However, the majority of these surveys classify attacks based on the security requirements, confidentiality, integrity, and availability, without taking into consideration the accountability requirement. In addition, some of these surveys focused on the Transmission Control Protocol/Internet Protocol (TCP/IP) model, which does not differentiate between the application, session, and presentation and the data link and physical layers of the Open System Interconnection (OSI) model. In this survey paper, we provide a classification of attacks based on the OSI model and discuss in more detail the cyber-attacks that can target the different layers of smart grid networks communication. We also propose new classifications for the detection and countermeasure techniques and describe existing techniques under each category. Finally, we discuss challenges and future research directions

An information security governance model for industrial control systems

Industrial Control Systems (ICS) is a term used to describe several types of control systems, including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and Programmable Logic Controllers (PLC). These systems consist of a combination of control components (e.g. electrical, mechanical, pneumatic) which act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy). ICS play a fundamental role in critical infrastructures such as electricity grids, oil, gas and manufacturing industries. Initially ICS had little resemblance to typical enterprise IT systems; they were isolated and running proprietary control protocols using specialized hardware and software. However, with initiatives such as Industry 4.0 and Industrial Internet of Things (IIoT), the nature of ICS has changed significantly. There is an ever-increasing use of commercial operating systems and standard protocols like TCP/IP and Ethernet. Consequently, modern ICS are more and more resembling conventional enterprise IT systems, and it is a well-known fact that these IT systems and networks are known to be vulnerable and that they require extensive management to ensure Confidentiality, Integrity, and Availability. Since ICS are now adopting conventional IT characteristics they are also accepting the associated risks. However, owing to the functional area of ICS, the consequences of these threats are much more severe than those of enterprise IT systems. The need to manage security for these systems with highly skilled IT personnel has become essential. Therefore, this research was focussed to identify which unique security controls for ICS and enterprise IT systems can be combined and/or tailored to provide the organization with a single set of comprehensive security controls. By doing an investigation on existing standards and best practices for both enterprise IT and ICS environments, this study has produced a single set of security controls and presented how the security controls can be integrated into an existing information security governance model which organizations can use as a basis for generating a security framework, used not only to secure their enterprise IT systems, but also including the security of their ICS

Securing industrial control system environments: the missing piece

Cyberattacks on industrial control systems (ICSs) are no longer matters of anticipation. These systems are continually subject to malicious attacks without much resistance. Network breaches, data theft, denial of service, and command and control functions are examples of common attacks on ICSs. Despite available security solutions, safety, security, resilience, and performance require both private public sectors to step-up strategies to address increasing security concerns on ICSs. This paper reviews the ICS security risk landscape, including current security solution strategies in order to determine the gaps and limitations for effective mitigation. Notable issues point to a greater emphasis on technology security while discounting people and processes attributes. This is clearly incongruent with; emerging security risk trends, the biased security strategy of focusing more on supervisory control and data acquisition systems, and the emergence of more sector-specific solutions as against generic security solutions. Better solutions need to include approaches that follow similar patterns as the problem trend. These include security measures that are evolutionary by design in response to security risk dynamics. Solutions that recognize and include; people, process and technology security enhancement into asingle system, and addressing all three-entity vulnerabilities can provide a better solution for ICS environments

ICSrank: A Security Assessment Framework for Industrial Control Systems (ICS)

This thesis joins a lively dialogue in the technological arena on the issue of cybersecurity and specifically, the issue of infrastructure cybersecurity as related to Industrial Control Systems. Infrastructure cybersecurity is concerned with issues on the security of the critical infrastructure that have significant value to the physical infrastructure of a country, and infrastructure that is heavily reliant on IT and the security of such technology. It is an undeniable fact that key infrastructure such as the electricity grid, gas, air and rail transport control, and even water and sewerage services rely heavily on technology. Threats to such infrastructure have never been as serious as they are today. The most sensitive of them is the reliance on infrastructure that requires cybersecurity in the energy sector. The call to smart technology and automation is happening nowadays. The Internet is witnessing an increase number of connected industrial control system (ICS). Many of which don’t follow security guidelines. Privacy and sensitive data are also an issue. Sensitive leaked information is being manipulated by adversaries to accomplish certain agendas. Open Source intelligence (OSINT) is adopted by defenders to improve protection and safeguard data. This research presented in thesis, proposes “ICSrank” a novel security risk assessment for ICS devices based on OSINT. ICSrank ranks the risk level of online and offline ICS devices. This framework categorizes, assesses and ranks OSINT data using ICSrank framework. ICSrank provides an additional layer of defence and mitigation in ICS security, by identification of risky OSINT and devices. Security best practices always begin with identification of risk as a first step prior to security implementation. Risk is evaluated using mathematical algorithms to assess the OSINT data. The subsequent results achieved during the assessment and ranking process were informative and realistic. ICSrank framework proved that security and risk levels were more accurate and informative than traditional existing methods

A Survey on Industrial Control System Testbeds and Datasets for Security Research

The increasing digitization and interconnection of legacy Industrial Control Systems (ICSs) open new vulnerability surfaces, exposing such systems to malicious attackers. Furthermore, since ICSs are often employed in critical infrastructures (e.g., nuclear plants) and manufacturing companies (e.g., chemical industries), attacks can lead to devastating physical damages. In dealing with this security requirement, the research community focuses on developing new security mechanisms such as Intrusion Detection Systems (IDSs), facilitated by leveraging modern machine learning techniques. However, these algorithms require a testing platform and a considerable amount of data to be trained and tested accurately. To satisfy this prerequisite, Academia, Industry, and Government are increasingly proposing testbed (i.e., scaled-down versions of ICSs or simulations) to test the performances of the IDSs. Furthermore, to enable researchers to cross-validate security systems (e.g., security-by-design concepts or anomaly detectors), several datasets have been collected from testbeds and shared with the community. In this paper, we provide a deep and comprehensive overview of ICSs, presenting the architecture design, the employed devices, and the security protocols implemented. We then collect, compare, and describe testbeds and datasets in the literature, highlighting key challenges and design guidelines to keep in mind in the design phases. Furthermore, we enrich our work by reporting the best performing IDS algorithms tested on every dataset to create a baseline in state of the art for this field. Finally, driven by knowledge accumulated during this survey's development, we report advice and good practices on the development, the choice, and the utilization of testbeds, datasets, and IDSs

An architecture framework for enhanced wireless sensor network security

This thesis develops an architectural framework to enhance the security of Wireless Sensor Networks (WSNs) and provides the implementation proof through different security countermeasures, which can be used to establish secure WSNs, in a distributed and self-healing manner. Wireless Sensors are used to monitor and control environmental properties such as sound, acceleration, vibration, air pollutants, and temperature. Due to their limited resources in computation capability, memory and energy, their security schemes are susceptible to many kinds of security vulnerabilities. This thesis investigated all possible network attacks on WSNs and at the time of writing, 19 different types of attacks were identified, all of which are discussed including exposures to the attacks, and the impact of those attacks. The author then utilises this work to examine the ZigBee series, which are the new generation of wireless sensor network products with built-in layered security achieved by secure messaging using symmetric cryptography. However, the author was able to uniquely identify several security weaknesses in ZigBee by examining its protocol and launching the possible attacks. It was found that ZigBee is vulnerable to the following attacks, namely: eavesdropping, replay attack, physical tampering and Denial of Services (DoS). The author then provides solutions to improve the ZigBee security through its security schema, including an end-to-end WSN security framework, architecture design and sensor configuration, that can withstand all types of attacks on the WSN and mitigate ZigBee’s WSN security vulnerabilities

Security Risk Management for the Internet of Things

In recent years, the rising complexity of Internet of Things (IoT) systems has increased their potential vulnerabilities and introduced new cybersecurity challenges. In this context, state of the art methods and technologies for security risk assessment have prominent limitations when it comes to large scale, cyber-physical and interconnected IoT systems. Risk assessments for modern IoT systems must be frequent, dynamic and driven by knowledge about both cyber and physical assets. Furthermore, they should be more proactive, more automated, and able to leverage information shared across IoT value chains. This book introduces a set of novel risk assessment techniques and their role in the IoT Security risk management process. Specifically, it presents architectures and platforms for end-to-end security, including their implementation based on the edge/fog computing paradigm. It also highlights machine learning techniques that boost the automation and proactiveness of IoT security risk assessments. Furthermore, blockchain solutions for open and transparent sharing of IoT security information across the supply chain are introduced. Frameworks for privacy awareness, along with technical measures that enable privacy risk assessment and boost GDPR compliance are also presented. Likewise, the book illustrates novel solutions for security certification of IoT systems, along with techniques for IoT security interoperability. In the coming years, IoT security will be a challenging, yet very exciting journey for IoT stakeholders, including security experts, consultants, security research organizations and IoT solution providers. The book provides knowledge and insights about where we stand on this journey. It also attempts to develop a vision for the future and to help readers start their IoT Security efforts on the right foot

A Review of Digital Twins and their Application in Cybersecurity based on Artificial Intelligence

The potential of digital twin technology is yet to be fully realized due to its diversity and untapped potential. Digital twins enable systems' analysis, design, optimization, and evolution to be performed digitally or in conjunction with a cyber-physical approach to improve speed, accuracy, and efficiency over traditional engineering methods. Industry 4.0, factories of the future, and digital twins continue to benefit from the technology and provide enhanced efficiency within existing systems. Due to the lack of information and security standards associated with the transition to cyber digitization, cybercriminals have been able to take advantage of the situation. Access to a digital twin of a product or service is equivalent to threatening the entire collection. There is a robust interaction between digital twins and artificial intelligence tools, which leads to strong interaction between these technologies, so it can be used to improve the cybersecurity of these digital platforms based on their integration with these technologies. This study aims to investigate the role of artificial intelligence in providing cybersecurity for digital twin versions of various industries, as well as the risks associated with these versions. In addition, this research serves as a road map for researchers and others interested in cybersecurity and digital security.Comment: 60 pages, 8 Figures, 15 Table

Open source SCADA systems for small renewable power generation

Low cost monitoring and control is essential for small renewable power systems. While large renewable power systems can use existing commercial technology for monitoring and control, that is not cost-effective for small renewable generation. Such small assets require cost-effective, flexible, secure, and reliable real-time coordinated data monitoring and control systems. Supervisory control and data acquisition (SCADA) is the perfect technology for this task. The available commercial SCADA solutions are mostly pricey and economically unjustifiable for smaller applications. They also pose interoperability issues with the existing components which are often from multiple vendors. Therefore, an open source SCADA system represents the most flexible and the most cost-effective SCADA solution. This thesis has been done in two phases. The first phase demonstrates the design and dynamic simulation of a small hybrid power system with a renewable power generation system as a case study. In the second phase, after an extensive study of the proven commercial SCADA solutions and some open source SCADA packages, three different secure, reliable, low-cost open source SCADA options are developed using the most recent SCADA architecture, the Internet of Things. The implemented prototypes of the three open source SCADA systems were tested extensively with a small renewable power system (a solar PV system). The results show that the developed open source SCADA systems perform optimally and accurately, and could serve as viable options for smaller applications such as renewable generation that cannot afford commercial SCADA solutions

Quarantine-mode based live patching for zero downtime safety-critical systems

150 p.En esta tesis se presenta una arquitectura y diseño de software, llamado Cetratus, que permite las actualizaciones en caliente en sistemas críticos, donde se efectúan actualizaciones dinámicas de los componentes de la aplicación. La característica principal es la ejecución y monitorización en modo cuarentena, donde la nueva versión del software es ejecutada y monitorizada hasta que se compruebe la confiabilidad de esta nueva versión. Esta característica también ofrece protección contra posibles fallos de software y actualización, así como la propagación de esos fallos a través del sistema. Para este propósito, se emplean técnicas de particionamiento. Aunque la actualización del software es iniciada por el usuario Updater, se necesita la ratificación del auditor para poder proceder y realizar la actualización dinámica. Estos usuarios son autenticados y registrados antes de continuar con la actualización. También se verifica la autenticidad e integridad del parche dinámico. Cetratus está alineado con las normativas de seguridad funcional y de ciber-seguridad industriales respecto a las actualizaciones de software.Se proporcionan dos casos de estudio. Por una parte, en el caso de uso de energía inteligente, se analiza una aplicación de gestión de energía eléctrica, compuesta por un sistema de gestión de energía (BEMS por sus siglas en ingles) y un servicio de optimización de energía en la nube (BEOS por sus siglas en ingles). El BEMS monitoriza y controla las instalaciones de energía eléctrica en un edificio residencial. Toda la información relacionada con la generación, consumo y ahorro es enviada al BEOS, que estima y optimiza el consumo general del edificio para reducir los costes y aumentar la eficiencia energética. En este caso de estudio se incorpora una nueva capa de ciberseguridad para aumentar la ciber-seguridad y privacidad de los datos de los clientes. Específicamente, se utiliza la criptografía homomorfica. Después de la actualización, todos los datos son enviados encriptados al BEOS.Por otro lado, se presenta un caso de estudio ferroviario. En este ejemplo se actualiza el componente Euroradio, que es la que habilita las comunicaciones entre el tren y el equipamiento instalado en las vías en el sistema de gestión de tráfico ferroviario en Europa (ERTMS por sus siglas en ingles). En el ejemplo se actualiza el algoritmo utilizado para el código de autenticación del mensaje (MAC por sus siglas en inglés) basado en el algoritmo de encriptación AES, debido a los fallos de seguridad del algoritmo actual