3,863 research outputs found
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Fingerprinting Internet DNS Amplification DDoS Activities
This work proposes a novel approach to infer and characterize Internet-scale
DNS amplification DDoS attacks by leveraging the darknet space. Complementary
to the pioneer work on inferring Distributed Denial of Service (DDoS)
activities using darknet, this work shows that we can extract DDoS activities
without relying on backscattered analysis. The aim of this work is to extract
cyber security intelligence related to DNS Amplification DDoS activities such
as detection period, attack duration, intensity, packet size, rate and
geo-location in addition to various network-layer and flow-based insights. To
achieve this task, the proposed approach exploits certain DDoS parameters to
detect the attacks. We empirically evaluate the proposed approach using 720 GB
of real darknet data collected from a /13 address space during a recent three
months period. Our analysis reveals that the approach was successful in
inferring significant DNS amplification DDoS activities including the recent
prominent attack that targeted one of the largest anti-spam organizations.
Moreover, the analysis disclosed the mechanism of such DNS amplification DDoS
attacks. Further, the results uncover high-speed and stealthy attempts that
were never previously documented. The case study of the largest DDoS attack in
history lead to a better understanding of the nature and scale of this threat
and can generate inferences that could contribute in detecting, preventing,
assessing, mitigating and even attributing of DNS amplification DDoS
activities.Comment: 5 pages, 2 figure
Cyber Risk Assessment and Mitigation Using Logit and Probit Models for DDoS attacks
Hackers have been employing Distributed Denial of Service (DDoS) attacks at an unprecedented rate in recent times. In 2018, a 37% rise in such DDoS attacks, wherein traffic reached a peak size of 300 Gbps per attack was alarming. DDoS attacks hinder a business by preventing legitimate customers from accessing the firm’s cyber resources (e.g. website, cloud services, streaming quality, etc.). In this study, we aim to assess and mitigate cyber-risk by computing the probability of such DDoS attacks occurring and expected losses associated with them. We use logit and probit models along with standard distribution fitting methods to ascertain the aforesaid questions. Subsequently, we also suggest ways to mitigate cyber-risk resulting due to DDoS attacks by accepting, reducing or passing it. Our study aims to aid CTOs in deciding the best strategy to handle cyber-risk due to DDoS attacks
Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems
The first-ever Ukraine cyberattack on power grid has proven its devastation
by hacking into their critical cyber assets. With administrative privileges
accessing substation networks/local control centers, one intelligent way of
coordinated cyberattacks is to execute a series of disruptive switching
executions on multiple substations using compromised supervisory control and
data acquisition (SCADA) systems. These actions can cause significant impacts
to an interconnected power grid. Unlike the previous power blackouts, such
high-impact initiating events can aggravate operating conditions, initiating
instability that may lead to system-wide cascading failure. A systemic
evaluation of "nightmare" scenarios is highly desirable for asset owners to
manage and prioritize the maintenance and investment in protecting their
cyberinfrastructure. This survey paper is a conceptual expansion of real-time
monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework
that emphasizes on the resulting impacts, both on steady-state and dynamic
aspects of power system stability. Hypothetically, we associate the
combinatorial analyses of steady state on substations/components outages and
dynamics of the sequential switching orders as part of the permutation. The
expanded framework includes (1) critical/noncritical combination verification,
(2) cascade confirmation, and (3) combination re-evaluation. This paper ends
with a discussion of the open issues for metrics and future design pertaining
the impact quantification of cyber-related contingencies
- …