A review of cyber security risk assessment methods for SCADA systems

This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluation and tool support. Based on the analysis, we suggest an intuitive scheme for the categorisation of cyber security risk assessment methods for SCADA systems. We also outline five research challenges facing the domain and point out the approaches that might be taken

Infrastructure (Resilience-oriented) Modelling Language: I®ML A proposal for modelling infrastructures and their connections

The modelling of critical infrastructures (CIs) is an important issue that needs to be properly addressed, for several reasons. It is a basic support for making decisions about operation and risk reduction. It might help in understanding high-level states at the system-of-systems layer, which are not ready evident to the organisations that manage the lower level technical systems. Moreover, it is also indispensable for setting a common reference between operator and authorities, for agreeing on the incident scenarios that might affect those infrastructures. So far, critical infrastructures have been modelled ad-hoc, on the basis of knowledge and practice derived from less complex systems. As there is no theoretical framework, most of these efforts proceed without clear guides and goals and using informally defined schemas based mostly on boxes and arrows. Different CIs (electricity grid, telecommunications networks, emergency support, etc) have been modelled using particular schemas that were not directly translatable from one CI to another. If there is a desire to build a science of CIs it is because there are some observable commonalities that different CIs share. Up until now, however, those commonalities were not adequately compiled or categorized, so building models of CIs that are rooted on such commonalities was not possible. This report explores the issue of which elements underlie every CI and how those elements can be used to develop a modelling language that will enable CI modelling and, subsequently, analysis of CI interactions, with a special focus on resilienc

Infrastructure (Resilience-oriented) Modelling Language: I®M - A proposal for modelling infrastructures and their connections

The modelling of critical infrastructures (CIs) is an important issue that needs to be properly addressed, for several reasons. It is a basic support for making decisions about operation and risk reduction. It might help in understanding high-level states at the system-of-systems layer, which are not ready evident to the organisations that manage the lower level technical systems. Moreover, it is also indispensable for setting a common reference between operator and authorities, for agreeing on the incident scenarios that might affect those infrastructures. So far, critical infrastructures have been modelled ad-hoc, on the basis of knowledge and practice derived from less complex systems. As there is no theoretical framework, most of these efforts proceed without clear guides and goals and using informally defined schemas based mostly on boxes and arrows. Different CIs (electricity grid, telecommunications networks, emergency support, etc) have been modelled using particular schemas that were not directly translatable from one CI to another. If there is a desire to build a science of CIs it is because there are some observable commonalities that different CIs share. Up until now, however, those commonalities were not adequately compiled or categorized, so building models of CIs that are rooted on such commonalities was not possible. This report explores the issue of which elements underlie every CI and how those elements can be used to develop a modelling language that will enable CI modelling and, subsequently, analysis of CI interactions, with a special focus on resilience.JRC.DG.G.6-Security technology assessmen

Cyber security risk management nei servizi pubblici strategici

2015 - 2016The global digital network, with its ability to communicate directly and in real time between people in every part of the planet, is a formidable tool to develop relationships and realize exchange of information and knowledge. In cyberspace they coexist people of all kinds, characterized by different interests, different cultures and different ways of relating to others. From an economic point of view, the global network has become a formidable transactional tool for the exchange of goods and services and there is the commercial and industrial sector that has not arrived in some way in cyberspace. The cybernetic revolution, induced by new and increasingly powerful electronic and computer technologies, it is not limited to connect the network, almost all of the planet's surface but is rapidly expanding to the direct control of myriad physical devices of the most varied , from Smartphone to wearable devices, from city traffic control to the electricity production and distribution infrastructure systems. And 'the SO-CALLED "Internet of Things" and the Internet of things, the network that interconnects all electronic devices capable of communicating with the outside world. A pervasive who did not spare the public sector which, first, is called on to provide answers on many fronts, not least regulatory, and as far as possible, ensure compliance with the rules in the real world even in cyberspace. In particular, the public sector must take responsibility to ensure the physical and cyber security of SO-CALLED National Critical Infrastructure, including all the essential services for national security, the proper functioning of the country and its economic growth and, not least, the well-being of the population. Are Critical Infrastructures electric and energy system, communication networks in general, networks and transport infrastructure of people and goods (ship, rail, air and road), the public health system, economics and financial channels, the national networks of government , regions, those for emergency management and civil protection. The challenge is complex and Public Administration alone seems unable to respond effectively to increasingly sophisticated cyber-attacks that day, affecting the civilian world, industrial and economic. NCI are not immune and, as a result, the Public Strategic Services are exposed to significant risks. On this issue, Western governments have long established close cooperation with the private sector, and highlighted the need to define a strategy and a shared modus operandi and quality between the various actors involved. This work aims to address systematically the "hot" topic of cyber security, an area that involves national governments, military, intelligence services, the economy and the business world as a whole and, gradually and in various capacities and degree of interest, every single citizen of the world. In this unprecedented scenario, strongly characterized by uncertainty and variability of the virus, the application sic et simpliciter of "traditional" evaluation techniques of the corporate risk derivation is inadequate for this purpose, despite a certain degree of adaptation to the new scenario is already underway. The analysis focuses on the relative adaptive-evolution that is affecting the risk management in the field of cyber security and state of the art in the academic and scientific world views in the introduction of new and more advanced tools for analysis the Cyber Risk. The work ends with a case study of a large Italian company which provides a strategic public service such as electricity. [edited by author]La rete digitale globale, con la sua capacità di stabilire contatti diretti e in tempo reale tra persone in ogni parte del pianeta, rappresenta uno strumento formidabile per sviluppare relazioni e realizzare scambio di informazioni e di conoscenza. Nel cyberspazio convivono persone di ogni tipo, caratterizzate da interessi diversi, culture differenti e diversi modi di relazionarsi con il prossimo. Dal punto di vista economico, la rete globale è oggi un formidabile strumento transazionale per lo scambio di beni e di servizi e non vi è settore commerciale e industriale che non sia approdato in qualche modo nel cyberspazio. La rivoluzione cibernetica, indotta dalle nuove e sempre più potenti tecnologie elettroniche e informatiche, non si è limitata a connettere in rete la quasi totalità della superficie del pianeta ma si sta rapidamente espandendo verso il controllo diretto di una miriade di dispositivi fisici tra i più vari, dagli Smartphone ai dispositivi indossabili, dai sistemi di controllo del traffico cittadino alle infrastrutture di produzione e distribuzione di energia elettrica. E’ la c.d. “Internet of Things” o Internet delle cose, che interconnette in rete tutti i dispositivi elettronici in grado di comunicare con il mondo esterno. Una pervasività che non ha risparmiato il settore pubblico che, in primo luogo, è chiamato a fornire risposte su numerosi fronti, non ultimo quello normativo, e, per quanto possibile, garantire il rispetto delle regole presenti nel mondo reale anche nello spazio cibernetico. In particolare, il settore pubblico deve farsi carico di garantire la sicurezza fisica e informatica delle c.d. infrastrutture critiche nazionali, che includono tutti quei servizi essenziali per la sicurezza nazionale, il buon funzionamento del Paese e la sua crescita economica e, non ultimo, il benessere della popolazione. Sono Infrastrutture Critiche il sistema elettrico ed energetico, le reti di comunicazione in genere, le reti e le infrastrutture di trasporto di persone e merci (navale, ferroviario, aereo e stradale), il sistema sanitario pubblico, i circuiti economici e finanziari, le reti del Governo nazionale, delle Regioni, quelle per la gestione delle emergenze e della Protezione Civile. La sfida è complessa e la Pubblica Amministrazione da sola non sembra in grado di poter rispondere in modo efficace agli attacchi informatici sempre più sofisticati che, quotidianamente, colpiscono il mondo civile, industriale ed economico. Le infrastrutture critiche nazionali non ne sono immuni e, di conseguenza, i Servizi Pubblici Strategici sono esposti a significativi rischi. Su questo tema, i Governi occidentali hanno da tempo avviato una stretta collaborazione con il settore privato, ed è emersa la necessità di definire una strategia e un modus operandi condiviso e di qualità tra i vari attori coinvolti. Questo lavoro si propone di affrontare in maniera sistematica il tema “caldo” della Cyber Security, un ambito che coinvolge governi nazionali, settori militari, servizi di informazione, il sistema economico e il mondo delle imprese nel suo complesso e, via via e a vario titolo e grado di interesse, ogni singolo cittadino del mondo. In questo scenario inedito, fortemente connotato da incertezza e variabilità delle minacce, l’applicazione sic et simpliciter delle tecniche “tradizionali” di valutazione del rischio di derivazione aziendale risulta inadeguata allo scopo, nonostante un certo grado di adattamento al nuovo scenario sia già in corso. L’analisi si concentra sulla parte relativa all’’evoluzione adattativa’ che sta interessando il risk management nel campo della cyber security e dello stato dell’arte nel panorama accademico e scientifico mondiale nell’introduzione di nuovi e più evoluti strumenti per l’analisi del Cyber Risk. Il lavoro si conclude con un caso di studio effettuato su di una grande azienda italiana che fornisce un servizio pubblico strategico quale l’energia elettrica. [a cura dell'autore]XV n.s

Critical Infrastructure Protection Approaches: Analytical Outlook on Capacity Responsiveness to Dynamic Trends

Overview: Critical infrastructures (CIs) – any asset with a functionality that is critical to normal societal functions, safety, security, economic or social wellbeing of people, and disruption or destruction of which would have a very significant negative societal impact. CIs are clearly central to the normal functioning of a nation’s economy and require to be protected from both intentional and unintentional sabotages. It is important to correctly discern and aptly manage security risks within CI domains. The protection (security) of CIs and their networks can provide clear benefits to owner organizations and nations including: enabling the attainment of a properly functioning social environment and economic market, improving service security, enabling integration to external markets, and enabling service recipients (consumers, clients, and users) to benefit from new and emerging technological developments. To effectively secure CI system, firstly, it is crucial to understand three things - what can happen, how likely it is to happen, and the consequences of such happenings. One way to achieve this is through modelling and simulations of CI attributes, functionalities, operations, and behaviours to support security analysis perspectives, and especially considering the dynamics in trends and technological adoptions. Despite the availability of several security-related CI modelling approaches (tools and techniques), trends such as inter-networking, internet and IoT integrations raise new issues. Part of the issues relate to how to effectively (more precisely and realistically) model the complex behavior of interconnected CIs and their protection as system of systems (SoS). This report attempts to address the broad goal around this issue by reviewing a sample of critical infrastructure protection approaches; comprising tools, techniques, and frameworks (methodologies). The analysis covers contexts relating to the types of critical infrastructures, applicable modelling techniques, risk management scope covered, considerations for resilience, interdependency, and policy and regulations factors. Key Findings: This research presents the following key findings: 1. There is not a single specific Critical Infrastructure Protection (CIP) approach – tool, technique, methodology or framework – that exists or emerges as a ‘fit-for-all’; to allow the modelling and simulation of cyber security risks, resilience, dependency, and impact attributes in all critical infrastructure set-ups. 2. Typically, two or more modelling techniques can be (need to be) merged to cover a broader scope and context of modelling and simulation applications (areas) to achieve desirable highlevel protection and security for critical infrastructures. 3. Empirical-based, network-based, agent-based, and system dynamics-based modelling techniques are more widely used, and all offer gains for their use. 4. The deciding factors for choosing modelling techniques often rest on; complexity of use, popularity of approach, types and objectives of user Organisation and sector. 5. The scope of modelling functions and operations also help to strike the balance between ‘specificity’ and ‘generality’ of modelling technique and approach for the gains of in-depth analysis and wider coverage respectively. 6. Interdependency and resilience modelling and simulations in critical infrastructure operations, as well as associated security and safety risks; are crucial characteristics that need to be considered and explored in revising existing or developing new CIP modelling approaches. Recommendations: Key recommendations from this research include: 1. Other critical infrastructure sectors such as emergency services, food & agriculture, and dams; need to draw lessons from the energy and transportation sectors for the successive benefits of: i. Amplifying the drive and efforts towards evaluating and understanding security risks to their infrastructure and operations. ii. Support better understanding of any associated dependencies and cascading impacts. iii. Learning how to establish effective security and resilience. iv. Support the decision-making process linked with measuring the effectiveness of preparedness activities and investments. v. Improve the behavioural security-related responses of CI to disturbances or disruptions. 2. Security-related critical infrastructure modelling approaches should be developed or revised to include wider scopes of security risk management – from identification to effectiveness evaluations, to support: i. Appropriate alignment and responsiveness to the dynamic trends introduced by new technologies such as IoT and IIoT. ii. Dynamic security risk management – especially the assessment section needs to be more dynamic than static, to address the recurrent and impactful risks that emerge in critical infrastructures

Extended dependency modelling technique for cyber risk identification in ICS

Complex systems such as Industrial Control Systems (ICS) are designed as a collection of functionally dependent and highly connected units with multiple stakeholders. Identifying the risk of such complex systems requires an overall view of the entire system. Dependency modelling (DM) is a highly participative methodology that identifies the goals and objectives of a system and the required dependants to satisfy these goals. Researchers have proved DM to be suitable for identifying and quantifying impact and uncertainty in complex environments. However, there exist limitations in the current expressions of DM that hinder its complete adaptation for risk identification in a complex environment such as ICS. This research investigates how the capability of DM could be extended to address the identified limitations and proposes additional variables to address phenomena that are unique to ICS environments. The proposed extension is built into a system-driven ICS dependency modeller, and we present an illustrative example using a scenario of a generic ICS environment. We reflect that the proposed technique supports an improvement in the initial user data input in the identification of areas of risk at the enterprise, business process, and technology levels

A Review of Critical Infrastructure Protection Approaches: Improving Security through Responsiveness to the Dynamic Modelling Landscape

As new technologies such as the Internet of Things (IoT) are integrated into Critical National Infrastructures (CNI), new cybersecurity threats emerge that require specific security solutions. Approaches used for analysis include the modelling and simulation of critical infrastructure systems using attributes, functionalities, operations, and behaviours to support various security analysis viewpoints, recognising and appropriately managing associated security risks. With several critical infrastructure protection approaches available, the question of how to effectively model the complex behaviour of interconnected CNI elements and to configure their protection as a system-of-systems remains a challenge. Using a systematic review approach, existing critical infrastructure protection approaches (tools and techniques) are examined to determine their suitability given trends like IoT, and effective security modelling and analysis issues. It is found that empirical-based, agent-based, system dynamics-based, and network-based modelling are more commonly applied than economic-based and equation-based techniques, and empirical-based modelling is the most widely used. The energy and transportation critical infrastructure sectors reflect the most responsive sectors, and no one Critical Infrastructure Protection (CIP) approach – tool, technique, methodology or framework – provides a ‘fit-for-all’ capacity for all-round attribute modelling and simulation of security risks. Typically, deciding factors for CIP choices to adopt are often dominated by trade-offs between ‘complexity of use’ and ‘popularity of approach’, as well as between ‘specificity’ and ‘generality’ of application in sectors. Improved security modelling is feasible via; appropriate tweaking of CIP approaches to include a wider scope of security risk management, functional responsiveness to interdependency, resilience and policy formulation requirements, and collaborative information sharing between public and private sectors

Developing and verifying a set of principles for the cyber security of the critical infrastructures of Turkey

Critical infrastructures are vital assets for countries as a harm given to critical infrastructures may affect public order, economic welfare and/or national security. Today, cyber systems are extensively used to control and monitor critical infrastructures. Therefore, cyber threats have the potential to adversely affect the order of societies and countries. In this PhD study, the root causes of the susceptibility of the critical infrastructures of Turkey to the cyber threats are identified by analyzing the qualitative data with the grounded theory method. The extracted root causes are verified by two experts. The set of principles for the cyber security of the critical infrastructures are determined by introducing the root causes to six experts in a five-phased Delphi survey. A state-level cyber security maturity model to measure the readiness level of the critical infrastructure protection efforts is developed by using the set of principles. Because maturity criteria are grounded on the root causes of the susceptibility to cyber threats, the maturity model is named Vulnerability Driven National Cyber Security Maturity Model. The readiness level of the critical infrastructure protection efforts of Turkey is measured by the participation of ten former/current government officials in the maturity survey. The root causes, the set of principles, and the results of the maturity survey are compared with the relevant studies of the academia, non-profit organizations and governments