Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems

The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition (SCADA) systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of "nightmare" scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes (1) critical/noncritical combination verification, (2) cascade confirmation, and (3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies

Cybervandalism or Digital Act of War? America\u27s Muddled Approach to Cyber Incidents Will Not Deter More Crises

If experts say a malicious [cyber] code \u27 has similar effects to a physical bomb, \u27 and that code actually causes a stunning breach of global internet stability, is it really accurate to call that event merely an instance of a cyber attack ? Moreover, can you really expect to deter state and non-state actors from employing such code and similarly hostile cyber methodologies if all they think that they are risking is being labeled as a cyber-vandal subject only to law enforcement measures? Or might they act differently if it were made clear to them that such activity is considered an armed attack \u27 against the United States and that they are in jeopardy of being on the receiving end of a forceful, law-of-war response by the most powerful military on the planet? Of course, if something really is just vandalism, the law enforcement paradigm, with its very limited response options, would suffice. But when malevolent cyber activity endangers the reliability of the internet in a world heavily dependent on a secure cyberspace, it is not merely vandalism. Rather, it is a national and international security threat that ought to be characterized and treated as such. Unfortunately, the United States\u27 current approach is too inscrutable and even contradictory to send an effective deterrence message to potential cyber actors. This needs to change

Supply Chain Characteristics as Predictors of Cyber Risk: A Machine-Learning Assessment

This paper provides the first large-scale data-driven analysis to evaluate the predictive power of different attributes for assessing risk of cyberattack data breaches. Furthermore, motivated by rapid increase in third party enabled cyberattacks, the paper provides the first quantitative empirical evidence that digital supply-chain attributes are significant predictors of enterprise cyber risk. The paper leverages outside-in cyber risk scores that aim to capture the quality of the enterprise internal cybersecurity management, but augment these with supply chain features that are inspired by observed third party cyberattack scenarios, as well as concepts from network science research. The main quantitative result of the paper is to show that supply chain network features add significant detection power to predicting enterprise cyber risk, relative to merely using enterprise-only attributes. Particularly, compared to a base model that relies only on internal enterprise features, the supply chain network features improve the out-of-sample AUC by 2.3\%. Given that each cyber data breach is a low probability high impact risk event, these improvements in the prediction power have significant value. Additionally, the model highlights several cybersecurity risk drivers related to third party cyberattack and breach mechanisms and provides important insights as to what interventions might be effective to mitigate these risks

Process/Equipment Design Implications for Control System Cybersecurity

An emerging challenge for process safety is process control system cybersecurity. An attacker could gain control of the process actuators through the control system or communication policies within control loops and potentially drive the process state to unsafe conditions. Cybersecurity has traditionally been handled as an information technology (IT) problem in the process industries. In the literature for cybersecurity specifically of control systems, there has been work aimed at developing control designs that seek to fight cyberattacks by either giving the system appropriate response mechanisms once attacks are detected or seeking to make the attacks difficult to perform. In this work, we begin an exploration into the implications of process and equipment design for enhancing the ability of chemical processes to maintain safe operation during cyberattacks on the process control systems

Factors Affecting Perceptions of Cybersecurity Readiness Among Workgroup IT Managers

The last decade has seen a dramatic increase in the number, frequency, and scope of cyberattacks, both in the United States and abroad. This upward trend necessitates that a significant aspect of any organization’s information systems strategy involves having a strong cybersecurity profile. Inherent in such a posture is the need to have IT managers who are experts in their field and who are willing and able to employ best practices and educate their users. Furthermore, IT managers need to have awareness of the technology landscape in and around their organizations. After many years of cybersecurity research, large corporations have come to implicitly understand these factors and, as such, have invested heavily in both technology and specialized personnel with the express aim of increasing their cybersecurity capabilities. However, large institutions are comprised of smaller organizational units, which are not always adequately considered when examining the cybersecurity profile of the organization. This oversight is particularly true of colleges and universities where IT managers who are not affiliated with the institution’s central IT department employ their own information security strategies. Such strategies may or may not represent a threat to the institution’s overall level of cybersecurity readiness. Therefore, this research examines the responses of workgroup IT managers who are employed at the school or department level at institutions of higher learning within the United States to determine their perceptions of their cybersecurity readiness. The conceptual model that is developed in this study is referred to as the Practice and Awareness Cybersecurity Readiness Model (PACRM). It examines the relationships between an IT manager’s perceived readiness to detect, prevent, and recover from a cyberattack, and four base factors. Among the factors studied are the manager’s previous level of experience in cybersecurity, the extent of the manager’s use of best practices, the manager’s awareness of the network infrastructure in and around the organizational unit, and the degree to which the manager’s supported user community is educated on topics related to information security. First, a survey instrument is proposed and validated. Then, a Confirmatory Factor Analysis (CFA) is conducted to examine the relationships between the observed variables and the underlying theoretical constructs. Finally, the model is tested using path analysis. The validated instrument will have obvious implications for both cybersecurity researchers and managers. Not only will it be available to other researchers, it will also provide a metric by which practitioners can gauge their perceptions of their cybersecurity readiness. In addition, if the underlying model is found to have been correctly specified, it will provide a theoretical foundation on which to base future research that is not dependent on threats and deterrents but rather on raising the self-efficacy of the human resource

Governance of Dual-Use Technologies: Theory and Practice

The term dual-use characterizes technologies that can have both military and civilian applications. What is the state of current efforts to control the spread of these powerful technologies—nuclear, biological, cyber—that can simultaneously advance social and economic well-being and also be harnessed for hostile purposes? What have previous efforts to govern, for example, nuclear and biological weapons taught us about the potential for the control of these dual-use technologies? What are the implications for governance when the range of actors who could cause harm with these technologies include not just national governments but also non-state actors like terrorists? These are some of the questions addressed by Governance of Dual-Use Technologies: Theory and Practice, the new publication released today by the Global Nuclear Future Initiative of the American Academy of Arts and Sciences. The publication's editor is Elisa D. Harris, Senior Research Scholar, Center for International Security Studies, University of Maryland School of Public Affairs. Governance of Dual-Use Technologies examines the similarities and differences between the strategies used for the control of nuclear technologies and those proposed for biotechnology and information technology. The publication makes clear the challenges concomitant with dual-use governance. For example, general agreement exists internationally on the need to restrict access to technologies enabling the development of nuclear weapons. However, no similar consensus exists in the bio and information technology domains. The publication also explores the limitations of military measures like deterrence, defense, and reprisal in preventing globally available biological and information technologies from being misused. Some of the other questions explored by the publication include: What types of governance measures for these dual-use technologies have already been adopted? What objectives have those measures sought to achieve? How have the technical characteristics of the technology affected governance prospects? What have been the primary obstacles to effective governance, and what gaps exist in the current governance regime? Are further governance measures feasible? In addition to a preface from Global Nuclear Future Initiative Co-Director Robert Rosner (University of Chicago) and an introduction and conclusion from Elisa Harris, Governance of Dual-Use Technologiesincludes:On the Regulation of Dual-Use Nuclear Technology by James M. Acton (Carnegie Endowment for International Peace)Dual-Use Threats: The Case of Biotechnology by Elisa D. Harris (University of Maryland)Governance of Information Technology and Cyber Weapons by Herbert Lin (Stanford University

PREPARING FOR CYBERATTACKS: A CASE STUDY OF RESILIENCE IN THE HEALTH-CARE SECTOR

Nowadays, health-care organizations rely extensively on information technology and systems for providing high-quality services to their patients and exchanging data with external partners. However, these organizations, processes, and operations are vulnerable to criminal activities and digital security breaches, which has led health-care organizations to build various protection mechanisms, including firewalls, virus scanners, and security policies that enhance their ability to prepare for threats; design activities to be conducted during a cyberattack; and implement means to recover from an unfortunate event. Although these moves have been acknowledged in research and in practice, there is still little knowledge available on how organizations understand and perceive such events as well as their consequences. To this end, we conducted a qualitative case study that included 14 interviews with diverse key actors at a Finnish hospital. From them, we aimed to understand how the organization has prepared for cyberattack resilience. By generalizing our case research, we built a framework for analyzing and improving organizational resilience. This framework makes significant contributions both to theory and practice

Toward Network-based DDoS Detection in Software-defined Networks

To combat susceptibility of modern computing systems to cyberattack, identifying and disrupting malicious traffic without human intervention is essential. To accomplish this, three main tasks for an effective intrusion detection system have been identified: monitor network traffic, categorize and identify anomalous behavior in near real time, and take appropriate action against the identified threat. This system leverages distributed SDN architecture and the principles of Artificial Immune Systems and Self-Organizing Maps to build a network-based intrusion detection system capable of detecting and terminating DDoS attacks in progress