Attack Categorisation for IoT Applications in Critical Infrastructures, a Survey

International audienceWith the ever advancing expansion of the Internet of Things (IoT) into our everyday lives, the number of attack possibilities increases. Furthermore, with the incorporation of the IoT into Critical Infrastructure (CI) hardware and applications, the protection of not only the systems but the citizens themselves has become paramount. To do so, specialists must be able to gain a foothold in the ongoing cyber attack war-zone. By organising the various attacks against their systems, these specialists can not only gain a quick overview of what they might expect but also gain knowledge into the specifications of the attacks based on the categorisation method used. This paper presents a glimpse into the area of IoT Critical Infrastructure security as well as an overview and analysis of attack categorisation methodologies in the context of wireless IoT-based Critical Infrastructure applications. We believe this can be a guide to aid further researchers in their choice of adapted categorisation approaches. Indeed, adapting appropriated categorisation leads to a quicker attack detection, identification, and recovery. It is, thus, paramount to have a clear vision of the threat landscapes of a specific system

Cyber-Physical Security of Wide-Area Frequency-based Applications in Power Systems

Modern power systems are continuously developing into large and interconnected ones. However, at the same time, restructuring within the power industry and reduced investment in transmission system expansions mean that power systems are operating closer and closer to their limits, leaving them more vulnerable to fault outages than before. The aspects of protection and control within power systems have thus become increasingly important as well as complicated. Concurrently, the continuous technological development in communication and measurement has accelerated the occurrence and application of Wide-Area Monitoring, Protection and Control (WAMPAC), a new kind of advanced scheme based on wide-area measurements. The blackouts happening in North America as well as in other countries over the past few years are also providing more incentives to scientists and engineers to study wide-area protection and control systems. Communication networks in smart grids bring increased connectivity at the cost of increased security vulnerabilities and challenges. A smart grid can be a prime target for cyber terrorism because of its critical nature. As a result, smart grid security has already attracted significant attention from governments, the energy industry, and consumers, leading to several important studies. WAMPAC is the concept of using system-wide information via a centralized control center or Energy Management System (EMS) to monitor and control the whole system. Based on the situation and the required control action, the control center shares selected data with specific remote locations that are in need of the data. The utilization of system-wide information makes it easier to monitor the entire system and make better control and protection decisions by the EMS. Although the communication system is the backbone of these recent schemes, it makes them vulnerable to different types of cyber attacks. This thesis aims to investigate the problem of cyber security in frequency-related WAMPAC schemes. Two main schemes are considered as case studies: Automatic Generation Control(AGC) and Wide-Area Under-Frequency Load Shedding (WAUFLS) protection schemes. In addition, the cyber security of Power System State Estimation (PSSE), as a Wide-Area Monitoring (WAM) scheme, has been revisited. As WAMPAC schemes are so varied in their purpose and implementation, there is no general analysis to illustrate the potential impact of a cyber attack on all such schemes. However, some general types of system responses are considered in this work. First, with regard to AGC systems, a Kalman filter-based approach is proposed to detect False Data Injection (FDI) in AGC systems. Because detecting FDI and removing the compromised measurements are not enough in practical situations, the use of a simultaneous input and state estimation-based algorithm to detect and concurrently compensate for FDI attacks against the measurements of AGC systems is investigated. Throughout the use of this algorithm, the FDI attack signal is dealt with as an unknown input and its value is estimated accordingly. Then, the estimated value for the FDI is used to compensate for the effect of the attack so that the control center makes its decisions based on the corrected sensor signals, not the manipulated ones. Unlike other approaches, and as an extension to this work, the effect of AGC nonlinearities is studied during the attack time. Recurrent Neural Networks (RNN)-based approach is proposed to detect FDI during a time where any of the nonlinearities is affecting the system. The RNN-based approach is used to classify and identify the attacks according to their behavior. Second, with regard to WAUFLS protection schemes, this thesis investigates the problem of cyber attacks on WAUFLS. This is followed by a detailed analysis showing that an adversary can launch an FDI attack against existing WAUFLS schemes in three different ways depending on they access level to system data, which may lead to equipment damage and/or system-wide blackout. To address this issue, a new mitigation scheme, that is ro-bust against cyber attacks, is proposed to mitigate the effect of FDI attacks on WAUFLS. The proposed scheme depends on trusted system states to run power flow, so the power mismatch in the system is calculated. Finally, the calculated magnitude of disturbance is used to decide on the amount and locations of the load shedding. All proposed detection and mitigation methods in the thesis are tested using simulations of practical systems. In addition, sensitivity analysis is given after each method

Strategies Used to Mitigate Social Engineering Attacks

Cybercriminal activity performed widely through social engineering attacks is estimated to be one of the substantial challenges the world will face over the next 20 years. Cybercriminal activity is important to chief information security officers (CISOs) because these attacks represent the largest transfer of economic wealth in history and pose risks to the incentives for organizational innovation and investment and eventually become more profitable than the global trade of all major illegal drugs combined. Grounded in the balanced control theory, the purpose of this multiple case study was to explore strategies CISOs use to mitigate social engineering attacks within their organizations. Participants consisted of 6 CISOs across 6 small to medium-sized organizations that handle payment card industry data in the West Coast region of the United States of America. Data were collected from CISOs by semi structured telephone interviews. Data were analyzed through interview transcription, in-depth exploration of phenomena, data coding development, and the identification of links to themes. Three major themes emerged from the data analysis: information technology (IT) risks, security awareness, and IT strategies. A key recommendation is for CISOs to develop security awareness programs and implement technical, formal, and informal controls, to sustain operations and protect their networks from potential social engineering attacks. The implications for positive social change include the potential for (a) the mitigation of social engineering attacks, (b) the protection of both organizational and consumer data, and (c) an increase in consumer confidence resulting in increased economic prosperity