Risk analysis beyond vulnerability and resilience - characterizing the defensibility of critical systems

A common problem in risk analysis is to characterize the overall security of a system of valuable assets (e.g., government buildings or communication hubs), and to suggest measures to mitigate any hazards or security threats. Currently, analysts typically rely on a combination of indices, such as resilience, robustness, redundancy, security, and vulnerability. However, these indices are not by themselves sufficient as a guide to action; for example, while it is possible to develop policies to decrease vulnerability, such policies may not always be cost-effective. Motivated by this gap, we propose a new index, defensibility. A system is considered defensible to the extent that a modest investment can significantly reduce the damage from an attack or disruption. To compare systems whose performance is not readily commensurable (e.g., the electrical grid vs. the water-distribution network, both of which are critical, but which provide distinct types of services), we defined defensibility as a dimensionless index. After defining defensibility quantitatively, we illustrate how the defensibility of a system depends on factors such as the defender and attacker asset valuations, the nature of the threat (whether intelligent and adaptive, or random), and the levels of attack and defense strengths and provide analytical results that support the observations arising from the above illustrations. Overall, we argue that the defensibility of a system is an important dimension to consider when evaluating potential defensive investments, and that it can be applied in a variety of different contexts.Comment: 36 pages; Keywords: Risk Analysis, Defensibility, Vulnerability, Resilience, Counter-terroris

ANALIZA RIZIKA KRITIČNIH INFRASTRUKTURA POMOĆU NEIZRAZITE COPRAS

Critical infrastructures play a significant role in countries because of the essentiality of nation security, public safety, socioeconomic security, and way of life. According to the importance of infrastructures, it is a necessity to analyze the potential risks to do not allow these risks be converted into events. The main purpose of this paper is to provide a developed framework with the aim to overcome limitations of the classical approach to build a more secure, safer, and more resilient critical infrastructures in order to develop, implement, control. The proposed framework extends conventional RAMCAP (Risk Analysis and Management for Critical Asset Protection) through introducing new parameters the effects on risk value. According to the complexity of problem and the inherent uncertainty, this research adopts the fuzzy COPRAS (COPRAS-F) as a fuzzy multi criteria decision making technique to determine the weights of each criterion and the importance of alternatives with respect to criteria. Case analysis is implemented to illustrate the capability and effectiveness of the model for ranking the risk of critical infrastructures. The proposed model demonstrates a significant improvement in comparison with conventional RAMCAP.Kritične infrastrukture imaju važnu ulogu u zemljama radi same važnosti nacionalne sigurnosti, javne sigurnosti, društveno-ekonomske sigurnosti i načina života. S obzirom na važnost infrastruktura potrebno je analizirati potencijalne rizike kako se isti ne bi ostvarili. Svrha ovog rada je ponuditi razvijeni okvir u cilju prevladavanja ograničenja klasičnog pristupa izgradnji sigurnijih i izdržljivijih kritičnih infrastruktura s ciljem razvoja, primjene i kontrole. Predloženi okvir proširuje konvencionalni RAMCAP (Analiza i upravljanje rizikom za zaštitu ključnih faktora) uvođenjem novih parametara učinka na vrijednost rizika. S obzirom na složenost problema i inherentnu nesigurnost, istraživanje koristi neizrazitu (fuzzy) COPRAS (COPRAS-F) kao neizrazitu multi kriterijsku tehniku donošenja odluka kako bi se odredila težina svakog kriterija i važnost alternativa u odnosu na kriterije. Koristi se analiza slučajeva kako bi se prikazala sposobnost i efikasnost modela za rangiranje rizika kritičnih infrastruktura. Predloženi model prikazuje značajan napredak u usporedbi s konvencionalnim RAMCAP-om

Resilience assessment for interdependent urban infrastructure systems using dynamic network flow models

Critical infrastructure systems are becoming increasingly interdependent, which can exacerbate the impacts of disruptive events through cascading failures, hindered asset repairs and network congestion. Current resilience assessment methods fall short of fully capturing such interdependency effects as they tend to model asset reliability and network flows separately and often rely on static flow assignment methods. In this paper, we develop an integrated, dynamic modelling and simulation framework that combines network and asset representations of infrastructure systems and models the optimal response to disruptions using a rolling planning horizon. The framework considers dependencies pertaining to failure propagation, system-of-systems architecture and resources required for operating and repairing assets. Stochastic asset failure is captured by a scenario tree generation algorithm whereas the redistribution of network flows and the optimal deployment of repair resources are modelled using a minimum cost flow approach. A case study on London’s metro and electric power networks shows how the proposed methodology can be used to assess the resilience of city-scale infrastructure systems to a local flooding incident and estimate the value of the resilience loss triangle for different levels of hazard exposure and repair capabilities

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems

The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition (SCADA) systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of "nightmare" scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes (1) critical/noncritical combination verification, (2) cascade confirmation, and (3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies

Ensuring Cyber-Security in Smart Railway Surveillance with SHIELD

Modern railways feature increasingly complex embedded computing systems for surveillance, that are moving towards fully wireless smart-sensors. Those systems are aimed at monitoring system status from a physical-security viewpoint, in order to detect intrusions and other environmental anomalies. However, the same systems used for physical-security surveillance are vulnerable to cyber-security threats, since they feature distributed hardware and software architectures often interconnected by ‘open networks’, like wireless channels and the Internet. In this paper, we show how the integrated approach to Security, Privacy and Dependability (SPD) in embedded systems provided by the SHIELD framework (developed within the EU funded pSHIELD and nSHIELD research projects) can be applied to railway surveillance systems in order to measure and improve their SPD level. SHIELD implements a layered architecture (node, network, middleware and overlay) and orchestrates SPD mechanisms based on ontology models, appropriate metrics and composability. The results of prototypical application to a real-world demonstrator show the effectiveness of SHIELD and justify its practical applicability in industrial settings

Cyber Defense Remediation in Energy Delivery Systems

The integration of Information Technology (IT) and Operational Technology (OT) in Cyber-Physical Systems (CPS) has resulted in increased efficiency and facilitated real-time information acquisition, processing, and decision making. However, the increase in automation technology and the use of the internet for connecting, remote controlling, and supervising systems and facilities has also increased the likelihood of cybersecurity threats that can impact safety of humans and property. There is a need to assess cybersecurity risks in the power grid, nuclear plants, chemical factories, etc. to gain insight into the likelihood of safety hazards. Quantitative cybersecurity risk assessment will lead to informed cyber defense remediation and will ensure the presence of a mitigation plan to prevent safety hazards. In this dissertation, using Energy Delivery Systems (EDS) as a use case to contextualize a CPS, we address key research challenges in managing cyber risk for cyber defense remediation. First, we developed a platform for modeling and analyzing the effect of cyber threats and random system faults on EDS\u27s safety that could lead to catastrophic damages. We developed a data-driven attack graph and fault graph-based model to characterize the exploitability and impact of threats in EDS. We created an operational impact assessment to quantify the damages. Finally, we developed a strategic response decision capability that presents optimal mitigation actions and policies that balance the tradeoff between operational resilience (tactical risk) and strategic risk. Next, we addressed the challenge of management of tactical risk based on a prioritized cyber defense remediation plan. A prioritized cyber defense remediation plan is critical for effective risk management in EDS. Due to EDS\u27s complexity in terms of the heterogeneous nature of blending IT and OT and Industrial Control System (ICS), scale, and critical processes tasks, prioritized remediation should be applied gradually to protect critical assets. We proposed a methodology for prioritizing cyber risk remediation plans by detecting and evaluating critical EDS nodes\u27 paths. We conducted evaluation of critical nodes characteristics based on nodes\u27 architectural positions, measure of centrality based on nodes\u27 connectivity and frequency of network traffic, as well as the controlled amount of electrical power. The model also examines the relationship between cost models of budget allocation for removing vulnerabilities on critical nodes and their impact on gradual readiness. The proposed cost models were empirically validated in an existing network ICS test-bed computing nodes criticality. Two cost models were examined, and although varied, we concluded the lack of correlation between types of cost models to most damageable attack path and critical nodes readiness. Finally, we proposed a time-varying dynamical model for the cyber defense remediation in EDS. We utilize the stochastic evolutionary game model to simulate the dynamic adversary of cyber-attack-defense. We leveraged the Logit Quantal Response Dynamics (LQRD) model to quantify real-world players\u27 cognitive differences. We proposed the optimal decision making approach by calculating the stable evolutionary equilibrium and balancing defense costs and benefits. Case studies on EDS indicate that the proposed method can help the defender predict possible attack action, select the related optimal defense strategy over time, and gain the maximum defense payoffs. We also leveraged software-defined networking (SDN) in EDS for dynamical cyber defense remediation. We presented an approach to aid the selection security controls dynamically in an SDN-enabled EDS and achieve tradeoffs between providing security and Quality of Service (QoS). We modeled the security costs based on end-to-end packet delay and throughput. We proposed a non-dominated sorting based multi-objective optimization framework which can be implemented within an SDN controller to address the joint problem of optimizing between security and QoS parameters by alleviating time complexity at O(MN2). The M is the number of objective functions, and N is the population for each generation, respectively. We presented simulation results that illustrate how data availability and data integrity can be achieved while maintaining QoS constraints