5,695 research outputs found
Modelling interdependencies between the electricity and information infrastructures
The aim of this paper is to provide qualitative models characterizing
interdependencies related failures of two critical infrastructures: the
electricity infrastructure and the associated information infrastructure. The
interdependencies of these two infrastructures are increasing due to a growing
connection of the power grid networks to the global information infrastructure,
as a consequence of market deregulation and opening. These interdependencies
increase the risk of failures. We focus on cascading, escalating and
common-cause failures, which correspond to the main causes of failures due to
interdependencies. We address failures in the electricity infrastructure, in
combination with accidental failures in the information infrastructure, then we
show briefly how malicious attacks in the information infrastructure can be
addressed
STOP-IT: strategic, tactical, operational protection of water infrastructure against cyberphysical threats
Water supply and sanitation infrastructures are essential for our welfare, but vulnerable to several attack types facilitated by the ever-changing landscapes of the digital world. A cyber-attack on critical infrastructures could for example evolve along these threat vectors: chemical/biological contamination, physical or communications disruption between the network and the supervisory SCADA. Although conceptual and technological solutions to security and resilience are available, further work is required to bring them together in a risk management framework, strengthen the capacities of water utilities to systematically protect their systems, determine gaps in security technologies and improve risk management approaches. In particular, robust adaptable/flexible solutions for prevention, detection and mitigation of consequences in case of failure due to physical and cyber threats, their combination and cascading effects (from attacks to other critical infrastructure, i.e. energy) are still missing. There is (i) an urgent need to efficiently tackle cyber-physical security threats, (ii) an existing risk management gap in utilitiesâ practices and (iii) an un-tapped technology market potential for strategic, tactical and operational protection solutions for water infrastructure: how the H2020 STOP-IT project aims to bridge these gaps is presented in this paper.Postprint (published version
Anonymizing cybersecurity data in critical infrastructures: the CIPSEC approach
Cybersecurity logs are permanently generated by network devices to describe security incidents. With modern computing technology, such logs can be exploited to counter threats in real time or before they gain a foothold. To improve these capabilities, logs are usually shared with external entities. However, since cybersecurity logs might contain sensitive data, serious privacy concerns arise, even more when critical infrastructures (CI), handling strategic data, are involved.
We propose a tool to protect privacy by anonymizing sensitive data included in cybersecurity logs. We implement anonymization mechanisms grouped through the definition of a privacy policy. We adapt said approach to the context of the EU project CIPSEC that builds a unified security framework to orchestrate security products, thus offering better protection to a group of CIs. Since this framework collects and processes security-related data from multiple devices of CIs, our work is devoted to protecting privacy by integrating our anonymization approach.Peer ReviewedPostprint (published version
Recommended from our members
Current capabilities, requirements and a proposed strategy for interdependency analysis in the UK
The UK government recently commissioned a research study to identify the state-of-the-art in Critical Infrastructure modelling and analysis, and the government/industry requirements for such tools and services. This study (Cetifs) concluded with a strategy aiming to bridge the gaps between the capabilities and requirements, which would establish interdependency analysis as a commercially viable service in the near future. This paper presents the findings of this study that was carried out by CSR, City University London, Adelard LLP, a safety/security consultancy and Cranfield University, defense academy of the UK
New Challenges in Critical Infrastructures : A US Perspective
L'Ă©mergence d'un plus large spectre de vulnĂ©rabilitĂ©s (terrorisme, sabotage, conflits locaux et catastrophes naturelles) et l'interdĂ©pendance croissante de l'activitĂ© Ă©conomique rendent particuliĂšrement vulnĂ©rables les grands rĂ©seaux vitaux des pays industrialisĂ©s. Pour y faire face, des actions importantes doivent ĂȘtre menĂ©es Ă une Ă©chelle nationale, en particulier par le dĂ©veloppement de partenariats Ă©troits entre le secteur public et la sphĂšre privĂ©e.Cet article analyse l'initiative prĂ©sidentielle lancĂ©e dĂšs 1996 aux Etats-Unis -premier pays au monde Ă inscrire ces questions Ă l'agenda du plus haut niveau dĂ©cisionnel- ainsi que la structure nationale de partenariats mis en place depuis lors. Une telle dĂ©marche pourrait constituer un point de dĂ©part pour d'autres pays dĂ©sireux d'Ă©laborer leur propre analyse de vulnĂ©rabilitĂ©s et leur stratĂ©gie d'amĂ©lioration.Les Ă©vĂ©nements du 11 septembre 2001, comme les attaques Ă l'anthrax, ont nĂ©anmoins montrĂ© que les avancĂ©es amĂ©ricaines ne constituaient qu'une premiĂšre Ă©tape d'un processus plus global de prĂ©paration nationale; les infrastructures critiques des Etats-Unis demeurent hautement vulnĂ©rables. Enfin, plusieurs idĂ©es fausses, par trop souvent rĂ©currentes, doivent ĂȘtre dĂ©passĂ©es pour traiter beaucoup plus efficacement ces risques Ă grande Ă©chelle sur un plan international.Partenariats public-privĂ©;Risques Ă grande Ă©chelle;Infrastructures critiques;Nouvelles vulnĂ©rabilites;SĂ©curitĂ© nationale;PrĂ©paration collective
RISK ASSESSMENT OF MALICIOUS ATTACKS AGAINST POWER SYSTEMS
The new scenarios of malicious attack prompt for their deeper consideration and mainly when critical systems are at stake. In this framework, infrastructural systems, including power systems, represent a possible target due to the huge impact they can have on society. Malicious attacks are different in their nature from other more traditional cause of threats to power system, since they embed a strategic interaction between the attacker and the defender (characteristics that cannot be found in natural events or systemic failures). This difference has not been systematically analyzed by the existent literature. In this respect, new approaches and tools are needed. This paper presents a mixed-strategy game-theory model able to capture the strategic interactions between malicious agents that may be willing to attack power systems and the system operators, with its related bodies, that are in charge of defending them. At the game equilibrium, the different strategies of the two players, in terms of attacking/protecting the critical elements of the systems, can be obtained. The information about the attack probability to various elements can be used to assess the risk associated with each of them, and the efficiency of defense resource allocation is evidenced in terms of the corresponding risk. Reference defense plans related to the online defense action and the defense action with a time delay can be obtained according to their respective various time constraints. Moreover, risk sensitivity to the defense/attack-resource variation is also analyzed. The model is applied to a standard IEEE RTS-96 test system for illustrative purpose and, on the basis of that system, some peculiar aspects of the malicious attacks are pointed ou
- âŠ