Conceptual modelling: choosing a critical infrastructure modelling methodology

This paper reports on further research undertaken regarding systems modelling as applied to critical infrastructure systems and networks and builds upon the initial modelling research of Pye and Warren (2006a). We discuss system characteristics, inter-relationships, dynamics and modelling of similar systems and why modelling of a critical infrastructure is important. In overview we compare four modelling methods and techniques previouslyused to model similar systems and discuss their potential transference to model critical infrastructure systems, before selecting the most promising and suitable for modelling critical infrastructure systems for further research.<br /

Behavioural Observation for Critical Infrastructure Security Support

Critical infrastructures include sectors such as energy resources, finance, food and water distribution, health, manufacturing and government services. In recent years, critical infrastructures have become increasingly dependent on ICT; more interconnected and are often, as a result, linked to the Internet. Consequently, this makes these systems more vulnerable and increases the threat of cyber-attack. In addition, the growing use of wireless networks means that infrastructures can be more susceptible to a direct digital attack than ever before. Traditionally, protecting against environmental threats was the main focus of critical infrastructure preservation. Now, however, with the emergence of cyber-attacks, the focus has changed and infrastructures are facing a different danger with potentially debilitating consequences. Current security techniques are struggling to keep up to date with the sheer volume of innovative and emerging attacks; therefore, considering fresh and adaptive solutions to existing computer security approaches is crucial. The research presented in this thesis, details the use of behavioural observation for critical infrastructure security support. Our observer system monitors an infrastructure’s behaviour and detects abnormalities, which are the result of a cyber-attack taking place. By observing subtle changes in system behaviours, an additional level of support for critical infrastructure security is provided through a plug-in device, which operates autonomously and has no negative impact on data flow. Behaviour is evaluated using mathematical classifications to assess the data and detect changes. The subsequent results achieved during the data classification process were high and successful. Our observer approach was able to accurately classify 98.138 % of the normal and abnormal system behaviours produced by a simulation of a critical infrastructure, using nine data classifiers

Modelling critical infrastructure systems

This paper examines the basis of what constitutes a system/s and discusses the commonalities in relation to critical infrastructure system. It focuses on identifying, and discussing system characteristics, complexity, inter-relationships, dynamics and the importance of modelling as applied to critical infrastructure systems. It then considers four differing system-modelling styles with the view to assess and discuss their potential to model critical infrastructure systems, ahead of selecting the most promising and suitable for adoption to critical infrastructure system modelling<br /

Hosting critical infrastructure services in the cloud environment considerations

Critical infrastructure technology vendors will inevitability take advantage of the benefits offered by the cloud computing paradigm. While this may offer improved performance and scalability, the associated security threats impede this progression. Hosting critical infrastructure services in the cloud environment may seem inane to some, but currently remote access to the control system over the internet is commonplace. This shares the same characteristics as cloud computing, i.e., on-demand access and resource pooling. There is a wealth of data used within critical infrastructure. There needs to be an assurance that the confidentiality, integrity and availability of this data remains. Authenticity and non-repudiation are also important security requirements for critical infrastructure systems. This paper provides an overview of critical infrastructure and the cloud computing relationship, whilst detailing security concerns and existing protection methods. Discussion on the direction of the area is presented, as is a survey of current protection methods and their weaknesses. Finally, we present our observation and our current research into hosting critical infrastructure services in the cloud environment, and the considerations for detecting cloud attacks. © 2015 Inderscience Enterprises Ltd

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

From Sensor to Observation Web with Environmental Enablers in the Future Internet

This paper outlines the grand challenges in global sustainability research and the objectives of the FP7 Future Internet PPP program within the Digital Agenda for Europe. Large user communities are generating significant amounts of valuable environmental observations at local and regional scales using the devices and services of the Future Internet. These communities’ environmental observations represent a wealth of information which is currently hardly used or used only in isolation and therefore in need of integration with other information sources. Indeed, this very integration will lead to a paradigm shift from a mere Sensor Web to an Observation Web with semantically enriched content emanating from sensors, environmental simulations and citizens. The paper also describes the research challenges to realize the Observation Web and the associated environmental enablers for the Future Internet. Such an environmental enabler could for instance be an electronic sensing device, a web-service application, or even a social networking group affording or facilitating the capability of the Future Internet applications to consume, produce, and use environmental observations in cross-domain applications. The term ?envirofied? Future Internet is coined to describe this overall target that forms a cornerstone of work in the Environmental Usage Area within the Future Internet PPP program. Relevant trends described in the paper are the usage of ubiquitous sensors (anywhere), the provision and generation of information by citizens, and the convergence of real and virtual realities to convey understanding of environmental observations. The paper addresses the technical challenges in the Environmental Usage Area and the need for designing multi-style service oriented architecture. Key topics are the mapping of requirements to capabilities, providing scalability and robustness with implementing context aware information retrieval. Another essential research topic is handling data fusion and model based computation, and the related propagation of information uncertainty. Approaches to security, standardization and harmonization, all essential for sustainable solutions, are summarized from the perspective of the Environmental Usage Area. The paper concludes with an overview of emerging, high impact applications in the environmental areas concerning land ecosystems (biodiversity), air quality (atmospheric conditions) and water ecosystems (marine asset management)

An elastic scaling method for cloud security

Cloud computing is being adopted in critical sectors such as transport, energy and finance. This makes cloud computing services critical in themselves. When cyber attacks and cyber disruptions happen, millions of users are affected. A cyber disruption in this context means a temporary or permanent loss of service, with impact on users of the cloud service who rely on its continuity. Intrusion detection and prevention methods are being developed to protect this sensitive information being stored, and the services being deployed. There needs to be an assurance that the confidentiality, integrity and availability of the data and resources are maintained. This paper presents a background to the critical infrastructure and cloud computing progression, and an overview to the cloud security conundrum. Analysis of existing intrusion detection methods is provided, in addition to our observation and proposed elastic scaling method for cloud security

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Designing Institutional Infrastructure for E-Science

A new generation of information and communication infrastructures, including advanced Internet computing and Grid technologies, promises more direct and shared access to more widely distributed computing resources than was previously possible. Scientific and technological collaboration, consequently, is more and more dependent upon access to, and sharing of digital research data. Thus, the U.S. NSF Directorate committed in 2005 to a major research funding initiative, “Cyberinfrastructure Vision for 21st Century Discovery”. These investments are aimed at enhancement of computer and network technologies, and the training of researchers. Animated by much the same view, the UK e-Science Core Programme has preceded the NSF effort in funding development of an array of open standard middleware platforms, intended to support Grid enabled science and engineering research. This proceeds from the sceptical view that engineering breakthroughs alone will not be enough to achieve the outcomes envisaged. Success in realizing the potential of e-Science—through the collaborative activities supported by the "cyberinfrastructure," if it is to be achieved, will be the result of a nexus of interrelated social, legal, and technical transformations.e-science, cyberinfrastructure, information sharing, research