Towards a Layered Architectural View for Security Analysis in SCADA Systems

Supervisory Control and Data Acquisition (SCADA) systems support and control the operation of many critical infrastructures that our society depend on, such as power grids. Since SCADA systems become a target for cyber attacks and the potential impact of a successful attack could lead to disastrous consequences in the physical world, ensuring the security of these systems is of vital importance. A fundamental prerequisite to securing a SCADA system is a clear understanding and a consistent view of its architecture. However, because of the complexity and scale of SCADA systems, this is challenging to acquire. In this paper, we propose a layered architectural view for SCADA systems, which aims at building a common ground among stakeholders and supporting the implementation of security analysis. In order to manage the complexity and scale, we define four interrelated architectural layers, and uses the concept of viewpoints to focus on a subset of the system. We indicate the applicability of our approach in the context of SCADA system security analysis.Comment: 7 pages, 4 figure

The Return of the Rogue

The “rogue trader”—a famed figure of the 1990s—recently has returned to prominence due largely to two phenomena. First, recent U.S. mortgage market volatility spilled over into stock, commodity, and derivative markets worldwide, causing large financial institution losses and revealing previously hidden unauthorized positions. Second, the rogue trader has gained importance as banks around the world have focused more attention on operational risk in response to regulatory changes prompted by the Basel II Capital Accord. This Article contends that of the many regulatory options available to the Basel Committee for addressing operational risk it arguably chose the worst: an enforced selfregulatory regime unlikely to substantially alter financial institutions’ ability to successfully manage operational risk. That regime also poses the danger of high costs, a false sense of security, and perverse incentives. Particularly with respect to the low-frequency, high-impact events—including rogue trading—that may be the greatest threat to bank stability and soundness, attempts at enforced self-regulation are unlikely to significantly reduce operational risk, because those financial institutions with the highest operational risk are the least likely to credibly assess that risk and set aside adequate capital under a regime of enforced self-regulation

Process Mining of Programmable Logic Controllers: Input/Output Event Logs

This paper presents an approach to model an unknown Ladder Logic based Programmable Logic Controller (PLC) program consisting of Boolean logic and counters using Process Mining techniques. First, we tap the inputs and outputs of a PLC to create a data flow log. Second, we propose a method to translate the obtained data flow log to an event log suitable for Process Mining. In a third step, we propose a hybrid Petri net (PN) and neural network approach to approximate the logic of the actual underlying PLC program. We demonstrate the applicability of our proposed approach on a case study with three simulated scenarios

The 2007 Meltdown in Structured Securitization: Searching for Lessons not Scapegoats

The intensity of recent turbulence in financial markets has surprised nearly everyone. This paper searches out the root causes of the crisis, distinguishing them from scapegoating explanations that have been used in policy circles to divert attention from the underlying breakdown of incentives. Incentive conflicts explain how securitization went wrong, why credit ratings proved so inaccurate, and why it is superficial to blame the crisis on mark-to-market accounting, an unexpected loss of liquidity or trends in globalization and deregulation in financial markets. Our analysis finds disturbing implications of the crisis for Basel II and its implementation. We argue that the principal source of financial instability lies in contradictory political and bureaucratic incentives that undermine the effectiveness of financial regulation and supervision in every country in the world. We conclude the paper by identifying reforms that would improve incentives by increasing transparency and accountability in government and industry alike.Financial crisis, Securitization, Regulation and Supervision, Safety Nets

The 2007 Meltdown in Structured Securitization: Searching for Lessons not Scapegoats

The intensity of recent turbulence in financial markets has surprised nearly everyone. This paper searches out the root causes of the crisis, distinguishing them from scapegoating explanations that have been used in policy circles to divert attention from the underlying breakdown of incentives. Incentive conflicts explain how securitization went wrong, why credit ratings proved so inaccurate, and why it is superficial to blame the crisis on mark-to-market accounting, an unexpected loss of liquidity or trends in globalization and deregulation in financial markets. Our analysis finds disturbing implications of the crisis for Basel II and its implementation. We argue that the principal source of financial instability lies in contradictory political and bureaucratic incentives that undermine the effectiveness of financial regulation and supervision in every country in the world. We conclude the paper by identifying reforms that would improve incentives by increasing transparency and accountability in government and industry alike.Financial crisis, Securitization, Regulation and Supervision, Safety Nets

Supervision of large complex banking organizations

The long-term trends of consolidation and innovation in the U.S. banking system have intensified over the past decade. A small number of banking organizations now hold a larger portion of the banking system's assets, and, at the same time, their activities have become more complex. As a result, the Federal Reserve has altered its approach to the supervision of the largest, most complex banking organizations (LCBOs). This new approach focuses on the most important risks facing U.S. banking organizations and the ways in which these risks are managed. This article discusses the Federal Reserve's risk-focused supervision program as applied to LCBOs.Bank supervision ; Bank holding companies