A Comprehensive Framework for the Security Risk Management of Cyber-Physical Systems

Cyber Physical Systems are facing huge and diverse set of security risks, especially cyber-attacks that can cause disruption to physical services or create a national disaster. Information and communication technology (ICT) has made a remarkable impact on the society. A Cyber Physical System (CPS) relies basically on information and communication technology, which puts the system\u2019s assets under certain risks especially cyber ones, and hence they must be kept under control by means of security countermeasures that generate confidence in the use of these assets. And so there is a critical need to give a great attention on the cybersecurity of these systems, which consequently leads to the safety of the physical world. This goal is achieved by adopting a solution that applies processes, plans and actions to prevent or reduce the effects of threats. Traditional IT risk assessment methods can do the job, however, and because of the characteristics of a CPS, it is more efficient to adopt a solution that is wider than a method, and addresses the type, functionalities and complexity of a CPS. This chapter proposes a framework that breaks the restriction to a traditional risk assessment method and encompasses wider set of procedures to achieve a high level strategy that could be adopted in the risk management process, in particular the cybersecurity of cyber-physical systems

Operational moving target defences for improved power system cyber-physical security

In this work, we examine how Moving Target Defences (MTDs) can be enhanced to circumvent intelligent false data injection (FDI) attacks against power systems. Initially, we show how, by implementing state-of-the-art topology learning techniques, we can commit full-knowledge-equivalent FDI attacks against static power systems with no prior system knowledge. We go on to explore how naive applications of topology change, as MTDs, can be countered by unsupervised learning-based FDI attacks and how MTDs can be combined with physical watermarking to enhance system resilience. A novel intelligent attack, which incorporates dimensionality reduction and density-based spatial clustering, is developed and shown to be effective in maintaining stealth in the presence of traditional MTD strategies. In resisting this new type of attack, a novel implementation of MTD is suggested. The implementation uses physical watermarking to drive detection of traditional and intelligent FDI attacks while remaining hidden to the attackers. Following this, we outline a cyber-physical authentication strategy for use against FDI attacks. An event-triggered MTD protocol is proposed at the physical layer to complement cyber-side enhancements. This protocol applies a distributed anomaly detection scheme based on Holt-Winters seasonal forecasting in combination with MTD implemented via inductance perturbation. To conclude, we developed a cyber-physical risk assessment framework for FDI attacks. Our assessment criteria combines a weighted graph model of the networks cyber vulnerabilities with a centralised residual-based assessment of the physical system with respect to MTD. This combined approach provides a cyber-physical assessment of FDI attacks which incorporates both the likelihood of intrusion and the prospect of an attacker making stealthy change once intruded.Open Acces

Cyber LOPA: An Integrated Approach for the Design of Dependable and Secure Cyber Physical Systems

Safety risk assessment is an essential process to ensure a dependable Cyber-Physical System (CPS) design. Traditional risk assessment considers only physical failures. For modern CPS, failures caused by cyber attacks are on the rise. The focus of latest research effort is on safety-security lifecycle integration and the expansion of modeling formalism for risk assessment to incorporate security failures. The interaction between safety and security and its impact on the overall system design, as well as the reliability loss resulting from ignoring security failures are some of the overlooked research questions. This paper addresses these research questions by presenting a new safety design method named Cyber Layer Of Protection Analysis (CLOPA) that extends existing LOPA framework to include failures caused by cyber attacks. The proposed method provides a rigorous mathematical formulation that expresses quantitatively the trade-off between designing a highly-reliable versus a highly-secure CPS. We further propose a co-design lifecycle process that integrates the safety and security risk assessment processes. We evaluate the proposed CLOPA approach and the integrated lifecycle on a practical case study of a process reactor controlled by an industrial control testbed, and provide a comparison between the proposed CLOPA and current LOPA risk assessment practice.Comment: Main Content: Title adjusted, Related work moved to end, added references, Sec IV (prev. sec V): expanded discussion, design and Alg. 1 updated | Sec V (prev. sec VI): Expanded discussion, Table V Expanded. Editorial: Fig 1 redrawn horiz., Eq (4)(5) math notation changed, same content. Eq (25) expanded, Page-wide eq. not ref as fig (shift by 1 of fig num), Fig 4 iterative design values show

Exploring security metrics for electric grid infrastructure leveraging attack graphs

Electric grid is a critical cyber-physical infrastructure that serves as lifeline for modern society. With the increasing trend of cyber-attacks, electric grid security has become a significant concern. Electric grid operators are working hard to reduce the risk of these attacks towards the system. Having security metrics for monitoring the risk to the cyber-physical power grid infrastructures would be very helpful to grid operators. However, security metrics to assess the security posture or risk to enterprise networks have been a long standing challenge. Cyber-physical systems (CPS) that have interconnected cyber and physical infrastructure add an additional layer of complexity. In this thesis work, we explore some security metrics that can be used to monitor the security posture and risk to CPS. These metrics take both the cyber security posture and physical impact of an attack in to account. We focused on both individual and coordinated attacks that can cause cascading outages. To evaluate these metrics, we created cyber physical models for 9-bus, 39-bus and RTS-96 power system models using the previously developed Cyber Physical Security Assessment (CyPSA) framework. Our metrics provide a novel way to identify and prioritize assets critical to the system and help operators take steps to improve the overall security posture of the system.Keywords: security metrics, cyber physical system, risk assessmen

Anomaly Detection and Data Recovery on Mini Batch Distillation Column based Cyber Physical System

The development of industrial revolution 4.0 in industrial sector opened a cyber gap for outsiders to pose a threat to the system. Industrial control systems initially designed to meet SRA (Safety, Reliability, and Availability) priorities are now beginning to be pressed to consider security aspects related to the magnitude of the impact that can be caused due to external attacks. In making a safe Cyber Physical System (CPS) based automation, risk assessment will be used to determine the level risk of threat. Mini distillation column batch based CPS will be implemented as the approach of CPS in industrial sector. Anomaly detection based data-driven model and data recovery method is proposed to lower the impact of attack on this system

Thinking in systems, sifting through simulations: a way ahead for cyber resilience assessment

The interaction between the physical world and information technologies creates advantages and novel emerging threats. Cyber-physical systems (CPSs) result vulnerable to cyber-related disruptive scenarios, and, for some critical systems, cyber failures may have fallouts on society and environment. Traditional risk analysis in no more sufficient to deal with these problems. New techniques are gaining increasing consensus, especially those based on systems theory. In this context, the System-Theoretic Process Analysis for Security (STPA-Sec) extends the Systems-Theoretic Accident Modelling and Processes (STAMP) model considering cyber threats, and identifying unsafe and unsecure controls throughout a cyber socio-technical system. Despite its large usage as a descriptive tool, there is still limited use of STPA-Sec in (semi-)quantitative terms. This article presents System-Theoretic Process Analysis for Security with Simulations (STPA-Sec/S), a methodological interface between STPA-Sec and quantitative resilience assessment based on simulation models. The methodology is instantiated in a demonstrative case study of a water treatment plant, and its critical CPSs which may impact both community health, and environment. The obtained results show how STPA-Sec/S foster systems understanding, allow a systematic identification of its major criticalities, and the respective quantification

Protection of critical infrastructure using an Integrated Cybersecurity Risk Management (i-CSRM) framework

Risk management plays a vital role in tackling cyber threats within the cyber-physical system (CPS) for overall system resilience. It enables identifying critical assets, vulnerabilities, and threats and determining suitable proactive control measures to tackle the risks. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This chapter proposes an integrated cyber security risk management (i-CSRM) framework for systematically identifying critical assets through the use of a decision support mechanism built on fuzzy set theory, predicting risk types through machine learning techniques, and assessing the effectiveness of existing controls through the use of comprehensive assessment model (CAM) parameters

Cyber-physical risk assessment for false data injection attacks considering moving target defences Best practice application of respective cyber and physical reinforcement assets to defend against FDI attacks

In this paper, we examine the factors that influence the success of false data injection (FDI) attacks in the context of both cyber and physical styles of reinforcement. Existing research considers the FDI attack in the context of the ability to change a measurement in a static system only. However, successful attacks will require first intrusion into a system followed by construction of an attack vector that can bypass bad data detection to cause a consequence (such as overloading). Furthermore, the recent development of moving target defences (MTD) introduces dynamically changing system topology, which is beyond the capability of existing research to assess. In this way, we develop a full service framework for FDI risk assessment. The framework considers both the costs of system intrusion via a weighted graph assessment in combination with a physical, line overload-based vulnerability assessment under the existence of MTD. We present our simulations on a IEEE 14-bus system with an overlain RTU network to model the true risk of intrusion. The cyber model considers multiple methods of entry for the FDI attack including meter intrusion, RTU intrusion and combined style attacks. Post-intrusion, our physical reinforcement model analyses the required level of topology divergence to protect against a branch overload from an optimised attack vector. The combined cyber and physical index is used to represent the system vulnerability against FDIA

Game-Theoretic and Machine-Learning Techniques for Cyber-Physical Security and Resilience in Smart Grid

The smart grid is the next-generation electrical infrastructure utilizing Information and Communication Technologies (ICTs), whose architecture is evolving from a utility-centric structure to a distributed Cyber-Physical System (CPS) integrated with a large-scale of renewable energy resources. However, meeting reliability objectives in the smart grid becomes increasingly challenging owing to the high penetration of renewable resources and changing weather conditions. Moreover, the cyber-physical attack targeted at the smart grid has become a major threat because millions of electronic devices interconnected via communication networks expose unprecedented vulnerabilities, thereby increasing the potential attack surface. This dissertation is aimed at developing novel game-theoretic and machine-learning techniques for addressing the reliability and security issues residing at multiple layers of the smart grid, including power distribution system reliability forecasting, risk assessment of cyber-physical attacks targeted at the grid, and cyber attack detection in the Advanced Metering Infrastructure (AMI) and renewable resources. This dissertation first comprehensively investigates the combined effect of various weather parameters on the reliability performance of the smart grid, and proposes a multilayer perceptron (MLP)-based framework to forecast the daily number of power interruptions in the distribution system using time series of common weather data. Regarding evaluating the risk of cyber-physical attacks faced by the smart grid, a stochastic budget allocation game is proposed to analyze the strategic interactions between a malicious attacker and the grid defender. A reinforcement learning algorithm is developed to enable the two players to reach a game equilibrium, where the optimal budget allocation strategies of the two players, in terms of attacking/protecting the critical elements of the grid, can be obtained. In addition, the risk of the cyber-physical attack can be derived based on the successful attack probability to various grid elements. Furthermore, this dissertation develops a multimodal data-driven framework for the cyber attack detection in the power distribution system integrated with renewable resources. This approach introduces the spare feature learning into an ensemble classifier for improving the detection efficiency, and implements the spatiotemporal correlation analysis for differentiating the attacked renewable energy measurements from fault scenarios. Numerical results based on the IEEE 34-bus system show that the proposed framework achieves the most accurate detection of cyber attacks reported in the literature. To address the electricity theft in the AMI, a Distributed Intelligent Framework for Electricity Theft Detection (DIFETD) is proposed, which is equipped with Benford’s analysis for initial diagnostics on large smart meter data. A Stackelberg game between utility and multiple electricity thieves is then formulated to model the electricity theft actions. Finally, a Likelihood Ratio Test (LRT) is utilized to detect potentially fraudulent meters