Multi-Layer Cyber-Physical Security and Resilience for Smart Grid

The smart grid is a large-scale complex system that integrates communication technologies with the physical layer operation of the energy systems. Security and resilience mechanisms by design are important to provide guarantee operations for the system. This chapter provides a layered perspective of the smart grid security and discusses game and decision theory as a tool to model the interactions among system components and the interaction between attackers and the system. We discuss game-theoretic applications and challenges in the design of cross-layer robust and resilient controller, secure network routing protocol at the data communication and networking layers, and the challenges of the information security at the management layer of the grid. The chapter will discuss the future directions of using game-theoretic tools in addressing multi-layer security issues in the smart grid.Comment: 16 page

A framework for Model-Driven Engineering of resilient software-controlled systems

AbstractEmergent paradigms of Industry 4.0 and Industrial Internet of Things expect cyber-physical systems to reliably provide services overcoming disruptions in operative conditions and adapting to changes in architectural and functional requirements. In this paper, we describe a hardware/software framework supporting operation and maintenance of software-controlled systems enhancing resilience by promoting a Model-Driven Engineering (MDE) process to automatically derive structural configurations and failure models from reliability artifacts. Specifically, a reflective architecture developed around digital twins enables representation and control of system Configuration Items properly derived from SysML Block Definition Diagrams, providing support for variation. Besides, a plurality of distributed analytic agents for qualitative evaluation over executable failure models empowers the system with runtime self-assessment and dynamic adaptation capabilities. We describe the framework architecture outlining roles and responsibilities in a System of Systems perspective, providing salient design traits about digital twins and data analytic agents for failure propagation modeling and analysis. We discuss a prototype implementation following the MDE approach, highlighting self-recovery and self-adaptation properties on a real cyber-physical system for vehicle access control to Limited Traffic Zones

An "All Hands" Call to the Social Science Community: Establishing a Community Framework for Complexity Modeling Using Agent Based Models and Cyberinfrastructure

To date, many communities of practice (COP) in the social sciences have been struggling with how to deal with rapidly growing bodies of information. Many CoPs across broad disciplines have turned to community frameworks for complexity modeling (CFCMs) but this strategy has been slow to be discussed let alone adopted by the social sciences communities of practice (SS-CoPs). In this paper we urge the SS-CoPs that it is timely to develop and establish a CBCF for the social sciences for two major reasons: the rapid acquisition of data and the emergence of critical cybertools which can facilitate agent-based, spatially-explicit models. The goal of this paper is not to prescribe how a CFCM might be set up but to suggest of what components it might consist and what its advantages would be. Agent based models serve the establishment of a CFCM because they allow robust and diverse inputs and are amenable to output-driven modifications. In other words, as phenomena are resolved by a SS-CoP it is possible to adjust and refine ABMs (and their predictive ability) as a recursive and collective process. Existing and emerging cybertools such as computer networks, digital data collections and advances in programming languages mean the SS-CoP must now carefully consider committing the human organization to enabling a cyberinfrastructure tool. The combination of technologies with human interfaces can allow scenarios to be incorporated through 'if' 'then' rules and provide a powerful basis for addressing the dynamics of coupled and complex social ecological systems (cSESs). The need for social scientists to be more engaged participants in the growing challenges of characterizing chaotic, self-organizing social systems and predicting emergent patterns makes the application of ABMs timely. The enabling of a SS-CoP CFCM human-cyberinfrastructure represents an unprecedented opportunity to synthesize, compare and evaluate diverse sociological phenomena as a cohesive and recursive community-driven process.Community-Based Complex Models, Mathematics, Social Sciences

A critical review of cyber-physical security for building automation systems

Modern Building Automation Systems (BASs), as the brain that enables the smartness of a smart building, often require increased connectivity both among system components as well as with outside entities, such as optimized automation via outsourced cloud analytics and increased building-grid integrations. However, increased connectivity and accessibility come with increased cyber security threats. BASs were historically developed as closed environments with limited cyber-security considerations. As a result, BASs in many buildings are vulnerable to cyber-attacks that may cause adverse consequences, such as occupant discomfort, excessive energy usage, and unexpected equipment downtime. Therefore, there is a strong need to advance the state-of-the-art in cyber-physical security for BASs and provide practical solutions for attack mitigation in buildings. However, an inclusive and systematic review of BAS vulnerabilities, potential cyber-attacks with impact assessment, detection & defense approaches, and cyber-secure resilient control strategies is currently lacking in the literature. This review paper fills the gap by providing a comprehensive up-to-date review of cyber-physical security for BASs at three levels in commercial buildings: management level, automation level, and field level. The general BASs vulnerabilities and protocol-specific vulnerabilities for the four dominant BAS protocols are reviewed, followed by a discussion on four attack targets and seven potential attack scenarios. The impact of cyber-attacks on BASs is summarized as signal corruption, signal delaying, and signal blocking. The typical cyber-attack detection and defense approaches are identified at the three levels. Cyber-secure resilient control strategies for BASs under attack are categorized into passive and active resilient control schemes. Open challenges and future opportunities are finally discussed.Comment: 38 pages, 7 figures, 6 tables, submitted to Annual Reviews in Contro

IEEE Access Special Section: Cyber-Physical Systems

publishersversionpublishe

The Global Risks Report 2016, 11th Edition

Now in its 11th edition, The Global Risks Report 2016 draws attention to ways that global risks could evolve and interact in the next decade. The year 2016 marks a forceful departure from past findings, as the risks about which the Report has been warning over the past decade are starting to manifest themselves in new, sometimes unexpected ways and harm people, institutions and economies. Warming climate is likely to raise this year's temperature to 1° Celsius above the pre-industrial era, 60 million people, equivalent to the world's 24th largest country and largest number in recent history, are forcibly displaced, and crimes in cyberspace cost the global economy an estimated US$445 billion, higher than many economies' national incomes. In this context, the Reportcalls for action to build resilience – the "resilience imperative" – and identifies practical examples of how it could be done.The Report also steps back and explores how emerging global risks and major trends, such as climate change, the rise of cyber dependence and income and wealth disparity are impacting already-strained societies by highlighting three clusters of risks as Risks in Focus. As resilience building is helped by the ability to analyse global risks from the perspective of specific stakeholders, the Report also analyses the significance of global risks to the business community at a regional and country-level