Quantification of information flow in cyber physical systems

In Cyber Physical Systems (CPSs), traditional security mechanisms such as cryptography and access control are not enough to ensure the security of the system since complex interactions between the cyber portion and physical portion happen frequently. In particular, the physical infrastructure is inherently observable; aggregated physical observations can lead to unintended cyber information leakage. Information flow analysis, which aims to control the way information flows among different entities, is better suited for CPSs than the access control security mechanism. However, quantifying information leakage in CPSs can be challenging due to the flow of implicit information between the cyber portion, the physical portion, and the outside world. Within algorithmic theory, the online problem considers inputs that arrive one by one and deals with extracting the algorithmic solution through an advice tape without knowing some parts of the input. This dissertation focuses on statistical methods to quantify information leakage in CPSs due to algorithmic leakages, especially CPSs that allocate constrained resources. The proposed framework is based on the advice tape concept of algorithmically quantifying information leakage and statistical analysis. With aggregated physical observations, the amount of information leakage of the constrained resource due to the cyber algorithm can be quantified through the proposed algorithms. An electric smart grid has been used as an example to develop confidence intervals of information leakage within a real CPS. The characteristic of the physical system, which is represented as an invariant, is also considered and influences the information quantification results. The impact of this work is that it allows the user to express an observer\u27s uncertainty about a secret as a function of the revealed part. Thus, it can be used as an algorithmic design in a CPS to allocate resources while maximizing the uncertainty of the information flow to an observer --Abstract, page iii

A Design Approach to IoT Endpoint Security for Production Machinery Monitoring

The Internet of Things (IoT) has significant potential in upgrading legacy production machinery with monitoring capabilities to unlock new capabilities and bring economic benefits. However, the introduction of IoT at the shop floor layer exposes it to additional security risks with potentially significant adverse operational impact. This article addresses such fundamental new risks at their root by introducing a novel endpoint security-by-design approach. The approach is implemented on a widely applicable production-machinery-monitoring application by introducing real-time adaptation features for IoT device security through subsystem isolation and a dedicated lightweight authentication protocol. This paper establishes a novel viewpoint for the understanding of IoT endpoint security risks and relevant mitigation strategies and opens a new space of risk-averse designs that enable IoT benefits, while shielding operational integrity in industrial environments

Resilience Enhancement Strategies for Modern Power Systems

The frequency of extreme events (e.g., hurricanes, earthquakes, and floods) and man-made attacks (cyber and physical attacks) has increased dramatically in recent years. These events have severely impacted power systems ranging from long outage times to major equipment (e.g., substations, transmission lines, and power plants) destructions. Also, the massive integration of information and communication technology to power systems has evolved the power systems into what is known as cyber-physical power systems (CPPSs). Although advanced technologies in the cyber layer improve the operation and control of power systems, they introduce additional vulnerabilities to power system performance. This has motivated studying power system resilience evaluation and enhancements methods. Power system resilience can be defined as ``The ability of a system to prepare for, absorb, adapt to, and recover from disruptive events''. Assessing resilience enhancement strategies requires further and deeper investigation because of several reasons. First, enhancing the operational and planning resilience is a mathematically involved problem accompanied with many challenges related to modeling and computation methods. The complexities of the problem increases in CPPSs due to the large number and diverse behavior of system components. Second, a few studies have given attention to the stochastic behavior of extreme events and their accompanied impacts on the system resilience level yielding less realistic modeling and higher resilience level. Also, the correlation between both cyber and physical layers within the context of resilience enhancement require leveraging sophisticated modeling approaches which is still under investigation. Besides, the role of distributed energy resources in planning-based and operational-based resilience enhancements require further investigation. This calls for developing enhancement strategies to improve resilience of power grids against extreme events. This dissertation is divided into four parts as follows. Part I: Proactive strategies: utilizing the available system assets to prepare the power system prior to the occurrence of an extreme event to maintain an acceptable resilience level during a severe event. Various system generation and transmission constraints as well as the spatiotemporal behavior of extreme events should be properly modeled for a feasible proactive enhancement plan. In this part, two proactive strategies are proposed against weather-related extreme events and cyber-induced failure events. First, a generation redispatch strategy is formulated to reduce the amount of load curtailments in transmission systems against hurricanes and wildfires. Also, a defensive islanding strategy is studied to isolate vulnerable system components to cyber failures in distribution systems. Part II: Corrective strategies: remedial actions during an extreme event for improved performance. The negative impacts of extreme weather events can be mitigated, reduced, or even eliminated through corrective strategies. However, the high stochastic nature of resilience-based problem induces further complexities in modeling and providing feasible solutions. In this part, reinforcement learning approaches are leveraged to develop a control-based environment for improved resilience. Three corrective strategies are studied including distribution network reconfiguration, allocating and sizing of distributed energy resources, and dispatching reactive shunt compensators. Part III: Restorative strategies: retain the power service to curtailed loads in a fast and efficient means after a diverse event. In this part, a resilience enhancement strategy is formulated based on dispatching distributed generators for minimal load curtailments and improved restorative behavior. Part IV: Uncertainty quantification: Impacts of uncertainties on modeling and solution accuracy. Though there exist several sources of stochasticity in power systems, this part focuses on random behavior of extreme weather events and the associated impacts on system component failures. First, an assessment framework is studied to evaluate the impacts of ice storms on transmission systems and an evaluation method is developed to quantify the hurricane uncertainties for improved resilience. Additionally, the role of unavailable renewable energy resources on improved system resilience during extreme hurricane events is studied. The methodologies and results provided in this dissertation can be useful for system operators, utilities, and regulators towards enhancing resilience of CPPSs against weather-related and cyber-related extreme events. The work presented in this dissertation also provides potential pathways to leverage existing system assets and resources integrated with recent advanced computational technologies to achieve resilient CPPSs

The Hierarchic treatment of marine ecological information from spatial networks of benthic platforms

Measuring biodiversity simultaneously in different locations, at different temporal scales, and over wide spatial scales is of strategic importance for the improvement of our understanding of the functioning of marine ecosystems and for the conservation of their biodiversity. Monitoring networks of cabled observatories, along with other docked autonomous systems (e.g., Remotely Operated Vehicles [ROVs], Autonomous Underwater Vehicles [AUVs], and crawlers), are being conceived and established at a spatial scale capable of tracking energy fluxes across benthic and pelagic compartments, as well as across geographic ecotones. At the same time, optoacoustic imaging is sustaining an unprecedented expansion in marine ecological monitoring, enabling the acquisition of new biological and environmental data at an appropriate spatiotemporal scale. At this stage, one of the main problems for an effective application of these technologies is the processing, storage, and treatment of the acquired complex ecological information. Here, we provide a conceptual overview on the technological developments in the multiparametric generation, storage, and automated hierarchic treatment of biological and environmental information required to capture the spatiotemporal complexity of a marine ecosystem. In doing so, we present a pipeline of ecological data acquisition and processing in different steps and prone to automation. We also give an example of population biomass, community richness and biodiversity data computation (as indicators for ecosystem functionality) with an Internet Operated Vehicle (a mobile crawler). Finally, we discuss the software requirements for that automated data processing at the level of cyber-infrastructures with sensor calibration and control, data banking, and ingestion into large data portals.Peer ReviewedPostprint (published version

Enhancing Cyber-Resiliency of DER-based SmartGrid: A Survey

The rapid development of information and communications technology has enabled the use of digital-controlled and software-driven distributed energy resources (DERs) to improve the flexibility and efficiency of power supply, and support grid operations. However, this evolution also exposes geographically-dispersed DERs to cyber threats, including hardware and software vulnerabilities, communication issues, and personnel errors, etc. Therefore, enhancing the cyber-resiliency of DER-based smart grid - the ability to survive successful cyber intrusions - is becoming increasingly vital and has garnered significant attention from both industry and academia. In this survey, we aim to provide a systematical and comprehensive review regarding the cyber-resiliency enhancement (CRE) of DER-based smart grid. Firstly, an integrated threat modeling method is tailored for the hierarchical DER-based smart grid with special emphasis on vulnerability identification and impact analysis. Then, the defense-in-depth strategies encompassing prevention, detection, mitigation, and recovery are comprehensively surveyed, systematically classified, and rigorously compared. A CRE framework is subsequently proposed to incorporate the five key resiliency enablers. Finally, challenges and future directions are discussed in details. The overall aim of this survey is to demonstrate the development trend of CRE methods and motivate further efforts to improve the cyber-resiliency of DER-based smart grid.Comment: Submitted to IEEE Transactions on Smart Grid for Publication Consideratio

Connected vehicles:organizational cybersecurity processes and their evaluation

Abstract. Vehicles have become increasingly network connected cyber physical systems and they are vulnerable to cyberattacks. In the wake of multiple vehicle hacks, automotive industry and governments have recognized the critical need of cybersecurity to be integrated into vehicle development framework and get manufactures involved in managing whole vehicle lifecycle. The United Nations Economic Commission for Europe (UNECE) WP.29 (World Forum for Harmonization of Vehicle Regulations) committee published in 2021 two new regulations for road vehicles type approval: R155 for cybersecurity and R156 for software update. The latter of these influence also to agricultural vehicle manufacturers, which is the empirical context of this study. Also new cybersecurity engineering standard from International Standardization Organization (ISO) and Society of Automotive Engineers (SAE) organizations change organizations risk management framework. The vehicle manufacturers must think security from an entirely new standpoint: how to reduce vehicle cybersecurity risk to other road users. This thesis investigates automotive regulations and standards related to cybersecurity and cybersecurity management processes. The methodology of the empirical part is design science that is a suitable method for the development of new artifacts and solutions. This study developed an organization status evaluation tool in the form of a questionnaire. Stakeholders can use the tool to collect information about organizational capabilities for comprehensive vehicles cybersecurity management process. As a main result this thesis provides base information for cybersecurity principles and processes for cybersecurity management, and an overview of current automotive regulation and automotive cybersecurity related standards.Verkotetut ajoneuvot : organisaation kyberturvallisuusprosessit ja niiden arviointi. Tiivistelmä. Ajoneuvoista on tullut kyberhyökkäyksille alttiita tietoverkkoon yhdistettyjä kyberfyysisiä järjestelmiä. Ajoneuvojen hakkeroinnit herättivät hallitukset ja ajoneuvoteollisuuden huomaamaan, että kyberturvallisuus on integroitava osaksi ajoneuvojen kehitysympäristöä ja valmistajat on saatava mukaan hallitsemaan ajoneuvon koko elinkaarta. Yhdistyneiden Kansakuntien Euroopan talouskomission (UNECE) WP.29 (World Forum for Harmonization of Vehicle Regulations) -komitean jäsenet julkaisivat vuonna 2021 kaksi uutta tyyppihyväksyntäsäädöstä maantiekäyttöön tarkoitetuille ajoneuvoille. Nämä ovat kyberturvallisuuteen R155 ja ohjelmistopäivitykseen R156 liittyvät säädökset, joista jälkimmäinen vaikuttaa myös maatalousajoneuvojen valmistajiin. Myös uusi International Standardization Organization (ISO) ja Society of Automotive Engineers (SAE) organisaatioiden yhdessä tekemä kyberturvallisuuden suunnittelustandardi muuttaa organisaatioiden riskienhallintaa. Ajoneuvovalmistajien on pohdittava turvallisuutta aivan uudesta näkökulmasta; kuinka pienentää ajoneuvojen kyberturvallisuusriskiä muille tienkäyttäjille. Tämä opinnäytetyö tutkii kyberturvallisuuteen liittyviä autoalan säädöksiä ja standardeja sekä kyberturvallisuuden johtamisprosesseja. Työn empiirinen osa käsittelee maatalousajonevoihin erikoistunutta yritystä. Empiirisen osan metodologia on suunnittelutiede, joka soveltuu uusien artefaktien ja ratkaisujen kehittämiseen. Tutkimuksen empiirisessä osassa kehitettiin uusi arviointityökalu, jolla sidosryhmät voivat kerätä tietoja organisaation valmiuksista ajoneuvojen kyberturvallisuuden hallintaan. Tämä opinnäytetyö tarjoaa pohjatietoa kyberturvallisuuden periaatteista ja kyberturvallisuuden hallinnan prosesseista sekä yleiskatsauksen nykyiseen autoalan sääntelyyn ja kyberturvallisuuteen liittyviin ajoneuvostandardeihin

Resilience assessment and planning in power distribution systems:Past and future considerations

Over the past decade, extreme weather events have significantly increased worldwide, leading to widespread power outages and blackouts. As these threats continue to challenge power distribution systems, the importance of mitigating the impacts of extreme weather events has become paramount. Consequently, resilience has become crucial for designing and operating power distribution systems. This work comprehensively explores the current landscape of resilience evaluation and metrics within the power distribution system domain, reviewing existing methods and identifying key attributes that define effective resilience metrics. The challenges encountered during the formulation, development, and calculation of these metrics are also addressed. Additionally, this review acknowledges the intricate interdependencies between power distribution systems and critical infrastructures, including information and communication technology, transportation, water distribution, and natural gas networks. It is important to understand these interdependencies and their impact on power distribution system resilience. Moreover, this work provides an in-depth analysis of existing research on planning solutions to enhance distribution system resilience and support power distribution system operators and planners in developing effective mitigation strategies. These strategies are crucial for minimizing the adverse impacts of extreme weather events and fostering overall resilience within power distribution systems.Comment: 27 pages, 7 figures, submitted for review to Renewable and Sustainable Energy Review