Розробка підходу до проектування, моделювання та дослідження критичної ІТ-інфраструктури

The object of research is a critical IT infrastructure. One of the most problematic places in the study of critical IT infrastructures is the complete lack of approaches, methodology and tools for designing, modeling and researching critical IT infrastructures that could be used in the form in which they are offered.On the basis of expanded open hybrid automata, an approach is proposed that will allow to compactly describe the components, critical IT infrastructure systems and their interrelations, both internal and external. Its peculiarity is the use of an extended set of parameters, which makes it possible to provide probabilistic and qualitative features to models of components and systems of a critical IT infrastructure.In the course of the research, the Matlab software package is used, which allows to check the proposed approach and models for workability.The resulting models are fairly compact and completely reflect the necessary logic of the work of the relevant components and critical IT infrastructure systems. It is shown that this is achieved due to the flexibility of the proposed mathematical apparatus, namely the possibility of creating compositions from simple models for the formation of more complex ones.In the future, the proposed approach and the creation of a library of models for all major systems and critical IT infrastructure components will provide a convenient tool for a wide range of researchers whose work is related to all aspects of researching critical IT infrastructures.Предложен подход, который позволяет разработать точные модели компонентов критической ИТ-инфраструктуры и объединить их на базе их зависимостей. Этот подход дает инструмент для создания более масштабных и сложных взаимосвязанных моделей. Применяя определенные настройки, используя различные условия эксплуатации, предложенный инструментарий позволяет изучить каскадные эффекты взаимозависимости компонентов или целых систем, провести детальную оценку их уязвимости и осуществить широкое планирование.Запропоновано підхід, який дозволяє розробити точні моделі компонентів критичної ІТ-інфраструктури та об’єднати їх на базі їхніх залежностей. Цей підхід дає інструмент для створення більш масштабних і складніших взаємозалежних моделей. Застосовуючи певні налаштування, використовуючи різні умови експлуатації, запропонований інструментарій дозволяє вивчити каскадні ефекти взаємозалежності компонентів або цілих систем, провести детальну оцінку їхньої вразливості та здійснити широке планування

Critical entities resilience failure indication

The adoption of the new Directive (EU) 2022/2557 on the resilience of critical entities has raised the question of how to assess the level of resilience of these entities in relation to current security threats. Until now, approaches have focused only on assessing the resilience of critical infrastructure elements. However, the new Directive exemplifies the need to pay attention not only to the element resilience, but also and more importantly to the resilience of their owners and operators, i.e., critical entities. Based on this fact, the authors of the article created a tool for Critical Entities Resilience Failure Indication (CERFI Tool). The essence of this tool is a probabilistic algorithm that predicts the relationship between the threat intensity and the protective part of critical entity resilience through indicators (to be created by the assessors themselves). The result of this prediction is an indication of the critical point of failure of the critical entity's resilience in phases of prevention and absorption of impacts. The CERFI Tool thus contributes to increasing the safety of technically oriented infrastructures, especially those of an energy and transport nature. The paper concludes with an example of the practical application of the developed tool on a selected critical entity in the energy sector.Ministerstvo Vnitra České Republiky, (SP2023/086, VK01030014)Ministry of the Interior of the Czech Republic [VK01030014]; VSB - Technical University in Ostrava [SP2023/086

Quantitative dependability and interdependency models for large-scale cyber-physical systems

Cyber-physical systems link cyber infrastructure with physical processes through an integrated network of physical components, sensors, actuators, and computers that are interconnected by communication links. Modern critical infrastructures such as smart grids, intelligent water distribution networks, and intelligent transportation systems are prominent examples of cyber-physical systems. Developed countries are entirely reliant on these critical infrastructures, hence the need for rigorous assessment of the trustworthiness of these systems. The objective of this research is quantitative modeling of dependability attributes -- including reliability and survivability -- of cyber-physical systems, with domain-specific case studies on smart grids and intelligent water distribution networks. To this end, we make the following research contributions: i) quantifying, in terms of loss of reliability and survivability, the effect of introducing computing and communication technologies; and ii) identifying and quantifying interdependencies in cyber-physical systems and investigating their effect on fault propagation paths and degradation of dependability attributes. Our proposed approach relies on observation of system behavior in response to disruptive events. We utilize a Markovian technique to formalize a unified reliability model. For survivability evaluation, we capture temporal changes to a service index chosen to represent the extent of functionality retained. In modeling of interdependency, we apply correlation and causation analyses to identify links and use graph-theoretical metrics for quantifying them. The metrics and models we propose can be instrumental in guiding investments in fortification of and failure mitigation for critical infrastructures. To verify the success of our proposed approach in meeting these goals, we introduce a failure prediction tool capable of identifying system components that are prone to failure as a result of a specific disruptive event. Our prediction tool can enable timely preventative actions and mitigate the consequences of accidental failures and malicious attacks --Abstract, page iii

Survivability modeling for cyber-physical systems subject to data corruption

Cyber-physical critical infrastructures are created when traditional physical infrastructure is supplemented with advanced monitoring, control, computing, and communication capability. More intelligent decision support and improved efficacy, dependability, and security are expected. Quantitative models and evaluation methods are required for determining the extent to which a cyber-physical infrastructure improves on its physical predecessors. It is essential that these models reflect both cyber and physical aspects of operation and failure. In this dissertation, we propose quantitative models for dependability attributes, in particular, survivability, of cyber-physical systems. Any malfunction or security breach, whether cyber or physical, that causes the system operation to depart from specifications will affect these dependability attributes. Our focus is on data corruption, which compromises decision support -- the fundamental role played by cyber infrastructure. The first research contribution of this work is a Petri net model for information exchange in cyber-physical systems, which facilitates i) evaluation of the extent of data corruption at a given time, and ii) illuminates the service degradation caused by propagation of corrupt data through the cyber infrastructure. In the second research contribution, we propose metrics and an evaluation method for survivability, which captures the extent of functionality retained by a system after a disruptive event. We illustrate the application of our methods through case studies on smart grids, intelligent water distribution networks, and intelligent transportation systems. Data, cyber infrastructure, and intelligent control are part and parcel of nearly every critical infrastructure that underpins daily life in developed countries. Our work provides means for quantifying and predicting the service degradation caused when cyber infrastructure fails to serve its intended purpose. It can also serve as the foundation for efforts to fortify critical systems and mitigate inevitable failures --Abstract, page iii

Security risk assessment in industrial control systems

Funkcija daljinskog upravljanja industrijskim sistemom postavlja specifične zahteve za informacionu i komunikacionu infrastrukturu, koja treba da obezbedi procesiranje i siguran prenos heterogenih informacija sa različitim zahtevima za kvalitet servisa. Komunikacija se ostvaruje između centra upravljanja i objekata industrijskog sistema, kao i između distribuiranih centara upravljanja. Usvajanje otvorenih komunikacionih standarda, korišćenje otvorenih softverskih platformi, povezanost sistema upravljanja sa drugim mrežama, daljinski pristup i dostupnost tehničkih informacija su razlozi zbog kojih je informaciona i komunikaciona infrastruktura savremenih industrijskih sistema daljinskog upravljnja, a posebno SCADA (Supervisory Control and Data Acquisition) sistema podložna različitim vrstama napada. Uzimajući u obzir evidentnu potrebu za implementacijom specifičnih mehanizama zaštite u mreži industrijskih sistema daljinskog upravljanja, poželjno je da se, pri projektovanju bezbednosnih sistema i kasnije u toku eksploatacije, izvrši procena bezbednosnog rizika, sa ciljem da se odredi racionalan nivo ulaganja u zaštitu. U disertaciji je prvo utvrđen stepen degradacije ključnih performansi telekomunikacione mreže SCADA sistema, simulacijom različitih uslova distribuiranih napada kao što je napad koji prouzrokuje odbijanje servisa (DDoS – Distributed Denial of Service). Zatim su predložena dva nova metoda procene bezbednosnog rizika u slučaju DDoS napada na infrastrukturu SCADA sistema. Prvi, osnovni metod, zasniva se na analizi arhivskih podataka, a pretpostavlja proračun povrata investicija u zaštitu pomoću skupa težinskih faktora, koji kvantifikuju uslove u kojima se dogodio napad. Drugi, hibridni metod, pored analize arhivskih podataka, uzima u obzir subjektivnu ocenu stručnjaka dobijenu na osnovu odgovarajućih anketa. U zavisnosti od primene metoda predložena su dva načina izražavanja mere rizika, kvalitativno i monetarno. Na kraju su predloženi postupci cost/benefit analize za preporučenu primenu IDPS (Intrusion Detection and Prevention System) mehanizama zaštite na osnovu procenjene mere rizika. Definisanje prihvatljivog praga za povrat investicija u zaštitu omogućuje donošenje odluke o racionalnom ulaganju u bezbednost SCADA sistema. Za testiranje predloženih metoda definisane su dve studije slučaja: studija slučaja u realnom okruženju protočne hidroelektrane i studija slučaja SCADA sistema u modelovanom magistralnom gasovodu. Rezultati studija slučaja su pokazali da su metodi pogodni za identifikaciju ranjivosti (vulnerability) sistema, praktični i primenljivi u različitim industrijskim sektorima. Pored toga, pokazalo se da su metodi efikasni u proceni mere bezbednosnog rizika od infrastukturnog napada i proceni isplativosti ulaganja u poboljšanje bezbednosti infrastrukture SCADA mreža. Studija slučaja u magistralnom gasovodu pokazala je da je drugi metod primenljiv i u fazi projektovanja sistema, kada arhive sa relevantnim podacima nisu dostupne. Na kraju disertacije, na bazi rezultata istraživanja, predložene su mere za ograničavanje bezbednosnog rizika u industrijskim sistemima daljinskog upravljanja.Remote control of industrial system poses specific requirements for information and communication infrastructure, which has to provide processing and secure transmission of heterogeneous information with different requirements for Quality of Service. Communication takes place between control center and industrial system devices, as well as among distributed control centers. Information and communication infrastructure of modern Supervisory Control and Data Acquisition (SCADA) systems is particularly vulnerable to different cyber security threats due to following reasons: adoption of open communication standards, use of open software platforms, connectivity with other networks, remote access, and availability of technical information. There is an evident need to implement specific security mechanisms in industrial control networks; hence, in order to determine a cost-effective level of investment, it is desirable to assess security risk during network design phase, as well as during network operation. In this thesis, we first investigate the level of network performance degradation in SCADA systems by simulation of different conditions of distributed attacks such as Distributed Denial of Service (DDoS). Further, two novel methods for security risk assessment are proposed for the case of DDoS attack on the SCADA system infrastructure. The first, basic method relies on the analysis of historical data, and assumes calculating return on security investment as a function of the set of weighting factors that quantify the attack conditions. The second, hybrid method takes into account both hictorical data and subjective assessment of experts, provided by appropriate questionnaires. Depending on method application two ways (qualitative and monetary) for expressing the risk measure are proposed. Finally, techniques of cost/benefit analysis are also proposed for recommended application of intrusion detection and prevention system, based on the assessed risk measure. Definition of acceptable threshold for return on security investment allows making decision about cost-effective level of investment in security of SCADA system. For testing of proposed risk assessment methods, two case studies are defined: the first one considers real environment of a run-off-river hydropower plant, and the second one investigates the SCADA system in a simulated main pipeline. The results of case studies have shown that proposed methods are suitable for identification of system’s vulnerability, useful and applicable in different industrial sectors. Besides, proposed methods are efficient in security risk assessment regarding infrastructure attacks as well as in analysis of investment feasibility regarding enhancement of the SCADA network infrastructure security. Case study of the main pipeline also shows that the second method is applicable in the system design phase when relevant historical data are not available

Vulnérabilité, interdépendance et analyse des risques des postes sources et des modes d’exploitation décentralisés des réseaux électriques

In view of the increasing use of Information and Communication Technol-ogies in power systems, it is essential to study the interdependencies between these coupled heterogeneous systems. This thesis focuses on the modeling of multi- infrastructure systems. This includes interdependencies and the three major failures families: common mode, escalat-ing and cascading. It is indeed necessary to identify the weaknesses that can trigger one or multiple failure(s) and cascade through these interdependent infrastructures, causing unex-pected and increasingly more serious failures to other infrastructures. In this context, different approaches, based on the theory of Complex Networks, are developed to identify the most critical components in the coupled heterogeneous system. One of the major scientific barriers addressed in this thesis is the development of a unified mathematical model to represent the behavior.Au vu de l’utilisation croissante des technologies de l’information et de la communication dans les réseaux électriques, il est indispensable d’étudier l’étroite liaison entre ces infrastructures et d’avoir une vision intégrée du système couplé. Cette thèse porte ainsi sur la modélisation des systèmes multi-infrastructures. Cela inclut les interdépendances et les trajectoires de défaillances de type modes communs, aggravations et cascades. Il est en effet nécessaire d’identifier les points de faiblesse qui peuvent déclencher une ou de multiples défaillance(s), se succéder en cascade au travers de ces infrastructures liées et ainsi entrainer des défaillances inattendues et de plus en plus graves dans des autres infrastructures. Dans cette optique, différents modèles basés sur la théorie des Réseaux Complexes sont développés afin d’identifier les composants les plus importantes, et pourtant critiques, dans le système interconnecté. Un des principaux verrous scientifiques levé dans cette thèse est relatif au développement d'un modèle mathématique « unifié » afin de représenter les comportements des multiples infrastructures non-homogènes qui ont des interdépendances asymétriques

STRUMENTI E PRATICHE DI PIANIFICAZIONE ENERGETICA VERSO LE SMART CITIES - Proposta di Strumenti Regolamentari, Metodologici e Considerazioni Progettuali

Il termine Smart Cities è ormai di uso comune e diffuso nei paesi sviluppati (America ed Europa in primis) quanto nei Paesi emergenti, Asia (Cina, India) ed Emirati Arabi. Nel contesto internazionale, risulta però difficile individuare una definizione univoca di ciò che si intende per “smart city”. La letteratura scientifica a riguardo, molto prolifica negli ultimi anni, evidenzia il carattere tecnologico/digitale e al contempo sociale di tale aggettivo, cadendo spesso nell’identificazione di “definizioni etichetta” prive di un reale significato. La tesi espone dettagliatamente i punti cardine che hanno guidato la nascita del concetto di smart city e che, superando le mode, rimangono centrali all’obiettivo di sviluppare “realtà intelligenti”. Inoltre, attraverso casi studio di letteratura e casi sperimentali, l’elaborato cerca di contribuire al processo d’individuazione di metodologie e strumenti utili a guidare gli Enti Locali nella transizione da una pianificazione urbana tradizionale ad una pianificazione smart. In linea, quindi, con la lettura di "pianificazione energetica smart" sposata dall’UE, i contenuti dell’elaborato cercano di evidenziare metodologie e strumenti per uno sviluppo smart a livello locale che, partendo dall'utilizzo di strumenti pianificatori esistenti e da dati per lo più già acquisiti dalle Amministrazioni Locali, indirizzino la pianificazione verso una visione multi-ambito; lo scopo di tale approccio è di offrire dei criteri utili all’analisi dei differenti ambienti (isole, città o distretti) e alla definizione di strumenti per la pianificazione d’infrastrutture fisiche e immateriali di facile applicazione