Autonomic computing meets SCADA security

© 2017 IEEE. National assets such as transportation networks, large manufacturing, business and health facilities, power generation, and distribution networks are critical infrastructures. The cyber threats to these infrastructures have increasingly become more sophisticated, extensive and numerous. Cyber security conventional measures have proved useful in the past but increasing sophistication of attacks dictates the need for newer measures. The autonomic computing paradigm mimics the autonomic nervous system and is promising to meet the latest challenges in the cyber threat landscape. This paper provides a brief review of autonomic computing applications for SCADA systems and proposes architecture for cyber security

Software Defined Networks based Smart Grid Communication: A Comprehensive Survey

The current power grid is no longer a feasible solution due to ever-increasing user demand of electricity, old infrastructure, and reliability issues and thus require transformation to a better grid a.k.a., smart grid (SG). The key features that distinguish SG from the conventional electrical power grid are its capability to perform two-way communication, demand side management, and real time pricing. Despite all these advantages that SG will bring, there are certain issues which are specific to SG communication system. For instance, network management of current SG systems is complex, time consuming, and done manually. Moreover, SG communication (SGC) system is built on different vendor specific devices and protocols. Therefore, the current SG systems are not protocol independent, thus leading to interoperability issue. Software defined network (SDN) has been proposed to monitor and manage the communication networks globally. This article serves as a comprehensive survey on SDN-based SGC. In this article, we first discuss taxonomy of advantages of SDNbased SGC.We then discuss SDN-based SGC architectures, along with case studies. Our article provides an in-depth discussion on routing schemes for SDN-based SGC. We also provide detailed survey of security and privacy schemes applied to SDN-based SGC. We furthermore present challenges, open issues, and future research directions related to SDN-based SGC.Comment: Accepte

Finding sands in the eyes: vulnerabilities discovery in IoT with EUFuzzer on human machine interface

In supervisory control and data acquisition (SCADA) systems or the Internet of Things (IoT), human machine interface (HMI) performs the function of data acquisition and control, providing the operators with a view of the whole plant and access to monitoring and interacting with the system. The compromise of HMI will result in lost of view (LoV), which means the state of the whole system is invisible to operators. The worst case is that adversaries can manipulate control commands through HMI to damage the physical plant. HMI often relies on poorly understood proprietary protocols, which are time-sensitive, and usually keeps a persistent connection for hours even days. All these factors together make the vulnerability mining of HMI a tough job. In this paper, we present EUFuzzer, a novel fuzzing tool to assist testers in HMI vulnerability discovery. EUFuzzer first identifies packet fields of the specific protocol and classifies all fields into four types, then using a relatively high efficiency fuzzing method to test HMI. The experimental results show that EUFuzzer is capable of identifying packet fields and revealing bugs. EUFuzzer also successfully triggers flaws of actual proprietary SCADA protocol implementation on HMI, which the SCADA software vendor has confirmed that four were zero-day vulnerabilities and has taken measures to patch up

Cloud computing for energy management in smart grid - an application survey

The smart grid is the emerging energy system wherein the application of information technology, tools and techniques that make the grid run more efficiently. It possesses demand response capacity to help balance electrical consumption with supply. The challenges and opportunities of emerging and future smart grids can be addressed by cloud computing. To focus on these requirements, we provide an in-depth survey on different cloud computing applications for energy management in the smart grid architecture. In this survey, we present an outline of the current state of research on smart grid development. We also propose a model of cloud based economic power dispatch for smart grid

Trusted Energy-Efficient Cloud-based Services Brokerage Platform

The use of cloud computing can increase service efficiency and service level agreements for cloud users, by linking them to an appropriate cloud service provider, using the cloud services brokerage paradigm. Cloud service brokerage represents a promising new layer which is to be added to the cloud computing network, which manages the use, performance and delivery of cloud services, and negotiates relationships between cloud service providers and cloud service consumers. The work presented in this paper studies the research related to cloud service brokerage systems along with the weaknesses and vulnerabilities associated with each of these systems, with a particular focus on the multicloud-based services environment. In addition, the paper will conclude with a proposed multi-cloud framework that overcomes the weaknesses of other listed cloud brokers. The new framework aims to find the appropriate data centre in terms of energy efficiency, QoS and SLA. Moreover, it presents a security model aims to protect the proposed multicloud framework and highlights the key features that must be available in multi-cloud-based brokerage systems

Towards Digital Twin-enabled DevOps for CPS providing Architecture-Based Service Adaptation & Verification at Runtime

Industrial Product-Service Systems (IPSS) denote a service-oriented (SO) way of providing access to CPS capabilities. The design of such systems bears high risk due to uncertainty in requirements related to service function and behavior, operation environments, and evolving customer needs. Such risks and uncertainties are well known in the IT sector, where DevOps principles ensure continuous system improvement through reliable and frequent delivery processes. A modular and SO system architecture complements these processes to facilitate IT system adaptation and evolution. This work proposes a method to use and extend the Digital Twins (DTs) of IPSS assets for enabling the continuous optimization of CPS service delivery and the latter's adaptation to changing needs and environments. This reduces uncertainty during design and operations by assuring IPSS integrity and availability, especially for design and service adaptations at CPS runtime. The method builds on transferring IT DevOps principles to DT-enabled CPS IPSS. The chosen design approach integrates, reuses, and aligns the DT processing and communication resources with DevOps requirements derived from literature. We use these requirements to propose a DT-enabled self-adaptive CPS model, which guides the realization of DT-enabled DevOps in CPS IPSS. We further propose detailed design models for operation-critical DTs that integrate CPS closed-loop control and architecture-based CPS adaptation. This integrated approach enables the implementation of A/B testing as a use case and central concept to enable CPS IPSS service adaptation and reconfiguration. The self-adaptive CPS model and DT design concept have been validated in an evaluation environment for operation-critical CPS IPSS. The demonstrator achieved sub-millisecond cycle times during service A/B testing at runtime without causing CPS operation interferences and downtime.Comment: Final published version appearing in 17th Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2022