Micro-CI: A Model Critical Infrastructure Testbed for Cyber-Security Training and Research

Critical infrastructures encompass various sectors, such as energy resources and manufacturing, which tend to be dispersed over large geographic areas. With recent technological advancements over the last decade, they have developed to be dependent on Information and Communication Technology (ICT); where control systems and the use of sensor equipment facilitate operation. However, the persistently evolving global state of ICT has resulted in the emergence of sophisticated cyber-threats. As dependence upon critical infrastructure systems continues to increase, so too does the urgency with which these systems need to be adequately protected. Modelling and testbed development are now crucial for the study and analysis of security within critical infrastructures; particularly as testing within a live system can have far-reaching impacts, including potential loss of life. Existing testbed approaches are not replicable or involve the use of simulation, which impacts upon the realism of the datasets constructed. As such, the research presented in this paper discusses the novel development of a replicable and affordable critical infrastructure testbed for cyber-security training and research. The testbed can be used to anticipate cyber-security incidents and assist in the development of new and innovative cyber-security methods. The access to real-world data for training, research and testing new design methodologies is a challenge for security researchers; as such, the aim of this project is to provide an original methodology for the construction of accessible data for cyber-security research. The testbed data is evaluated through a comparison with a simulation comprised of the same components

Behavioural Observation for Critical Infrastructure Security Support

Critical infrastructures include sectors such as energy resources, finance, food and water distribution, health, manufacturing and government services. In recent years, critical infrastructures have become increasingly dependent on ICT; more interconnected and are often, as a result, linked to the Internet. Consequently, this makes these systems more vulnerable and increases the threat of cyber-attack. In addition, the growing use of wireless networks means that infrastructures can be more susceptible to a direct digital attack than ever before. Traditionally, protecting against environmental threats was the main focus of critical infrastructure preservation. Now, however, with the emergence of cyber-attacks, the focus has changed and infrastructures are facing a different danger with potentially debilitating consequences. Current security techniques are struggling to keep up to date with the sheer volume of innovative and emerging attacks; therefore, considering fresh and adaptive solutions to existing computer security approaches is crucial. The research presented in this thesis, details the use of behavioural observation for critical infrastructure security support. Our observer system monitors an infrastructure’s behaviour and detects abnormalities, which are the result of a cyber-attack taking place. By observing subtle changes in system behaviours, an additional level of support for critical infrastructure security is provided through a plug-in device, which operates autonomously and has no negative impact on data flow. Behaviour is evaluated using mathematical classifications to assess the data and detect changes. The subsequent results achieved during the data classification process were high and successful. Our observer approach was able to accurately classify 98.138 % of the normal and abnormal system behaviours produced by a simulation of a critical infrastructure, using nine data classifiers