Autonomic computing meets SCADA security

© 2017 IEEE. National assets such as transportation networks, large manufacturing, business and health facilities, power generation, and distribution networks are critical infrastructures. The cyber threats to these infrastructures have increasingly become more sophisticated, extensive and numerous. Cyber security conventional measures have proved useful in the past but increasing sophistication of attacks dictates the need for newer measures. The autonomic computing paradigm mimics the autonomic nervous system and is promising to meet the latest challenges in the cyber threat landscape. This paper provides a brief review of autonomic computing applications for SCADA systems and proposes architecture for cyber security

A Retrospective on 2022 Cyber Incidents in the Wind Energy Sector and Building Future Cyber Resilience

Between February and June 2022, multiple wind energy sector companies were hit by cyber-attacks impacting their ability to monitor and control wind turbines. With projected growth in the United States of 110.66 GW from 2020 to 2030, wind energy will increasingly be a critical source of electricity for the United States and an increasingly valuable target for cyberattacks. This paper shows the importance of redundant remote communications, secure third-party providers, and improving response and recovery processes that would ensure this growth period fulfills its potential as a unique opportunity to build in cyber resilience from the outset of new installations as threats and risks to the sector increase

Deep Learning -Powered Computational Intelligence for Cyber-Attacks Detection and Mitigation in 5G-Enabled Electric Vehicle Charging Station

An electric vehicle charging station (EVCS) infrastructure is the backbone of transportation electrification. However, the EVCS has various cyber-attack vulnerabilities in software, hardware, supply chain, and incumbent legacy technologies such as network, communication, and control. Therefore, proactively monitoring, detecting, and defending against these attacks is very important. The state-of-the-art approaches are not agile and intelligent enough to detect, mitigate, and defend against various cyber-physical attacks in the EVCS system. To overcome these limitations, this dissertation primarily designs, develops, implements, and tests the data-driven deep learning-powered computational intelligence to detect and mitigate cyber-physical attacks at the network and physical layers of 5G-enabled EVCS infrastructure. Also, the 5G slicing application to ensure the security and service level agreement (SLA) in the EVCS ecosystem has been studied. Various cyber-attacks such as distributed denial of services (DDoS), False data injection (FDI), advanced persistent threats (APT), and ransomware attacks on the network in a standalone 5G-enabled EVCS environment have been considered. Mathematical models for the mentioned cyber-attacks have been developed. The impact of cyber-attacks on the EVCS operation has been analyzed. Various deep learning-powered intrusion detection systems have been proposed to detect attacks using local electrical and network fingerprints. Furthermore, a novel detection framework has been designed and developed to deal with ransomware threats in high-speed, high-dimensional, multimodal data and assets from eccentric stakeholders of the connected automated vehicle (CAV) ecosystem. To mitigate the adverse effects of cyber-attacks on EVCS controllers, novel data-driven digital clones based on Twin Delayed Deep Deterministic Policy Gradient (TD3) Deep Reinforcement Learning (DRL) has been developed. Also, various Bruteforce, Controller clones-based methods have been devised and tested to aid the defense and mitigation of the impact of the attacks of the EVCS operation. The performance of the proposed mitigation method has been compared with that of a benchmark Deep Deterministic Policy Gradient (DDPG)-based digital clones approach. Simulation results obtained from the Python, Matlab/Simulink, and NetSim software demonstrate that the cyber-attacks are disruptive and detrimental to the operation of EVCS. The proposed detection and mitigation methods are effective and perform better than the conventional and benchmark techniques for the 5G-enabled EVCS

LAYING THE FOUNDATION FOR A MINIATUAIRZED SCADA TESTBED TO BE BUILT AT CSUSB

This culminating experience sought to lay the foundation for a miniaturized physical SCADA testbed to be built at California State University San Bernardino to enable students to apply the cybersecurity knowledge, skills and abilities in a fun and engaging environment while learning about what SCADA is, how it works, and how to improve the security of it. This project was conducted in response to a growing trend of cybersecurity attacks that have targeted our critical infrastructure systems through SCADA systems which are legacy systems that manage critical infrastructure systems within the past 10 years. Since SCADA systems require constant availability, it makes it hard to test the security of these devices which is why testbeds have been designed to analyze how a cyber-attack affects these systems in a safe environment. To build a SCADA testbed at CSUSB this project designed a requirements documentation based on the following questions so that the next person that wants to accomplish this task can take the requirements outlined and build a miniaturized physical SCADA testbed. To craft the appropriate requirements documentation this project aimed to answer the following questions: Q1. How can a miniaturized SCADA testbed be built for a school environment using open-source architecture? Q2. What critical infrastructure sectors can be easily implemented into a physical SCADA testbed? Q3. Which cyber-attacks can be easily replicable in a SCADA scenario-based environment? Q4. How should SCADA scenarios be modeled for an implementation into this testbed? To answer these questions, research was conducted utilizing scholarly articles on currently available SCADA testbeds, conducted interviews with individuals that have built SCADA testbeds, and distributed a survey to different SCADA professionals to build a requirement documentation for the miniaturized SCADA testbed, which included functional and nonfunctional requirements, use case diagrams and detailed use cases. After gathering the data from 3 different interviews with SCADA professionals and aggregating responses of the surveys we crafted a requirements documentation which includes a requirements documentation, detailed use cases, use case diagrams, and a classes and relationship chart so that the next individual who works on this project can use these ideas and begin construction of a miniaturized SCADA testbed at CSUSB

Cybercrime and Risks for Cyber Physical Systems

Cyber Physical Systems (CPS) is the integration of computation and physical systems that make a complete system such as the network, software, embedded systems, and physical components. Major industries such as industrial plants, transport, national grid, and communication systems depend heavily on CPS for financial and economic growth. However, these components may have inherent threats and vulnerabilities on them that may run the risk of being attacked, manipulated or exploited by cyber attackers and commit cybercrimes. Cybercriminals in their quest to bring down these systems may cause disruption of services either for fame, data theft, revenge, political motive, economic war, cyber terrorism, and cyberwar. Therefore, identifying the risks has become imperative in mitigating the cybercrimes. This paper seeks to identify cybercrimes and risks that are associated with a smart grid business application system to determine the motives and intents of the cybercriminal. The paper identified four goals to mitigate the risks: as business value, organizational requirements, threat agent and impact vectors. We used the Analytical Hierarchy Process (AHP) to determine the importance of the goals that contribute to identifying cybercrime and risks in CPS. For the results, a case study is used to identify the threat and vulnerable spots and the prioritized goals are then used to assess the risks using a semi-quantitative approach to determine the net threat level. The results indicate that using the AHP approach to identify cybercrime and risk on CPS provides specific risk mitigation goals

Healthcare systems protection: All-in-one cybersecurity approach

Cyber risks are increasingly widespread as healthcare organizations play a defining role in society. Several studies have revealed an increase in cybersecurity threats in the industry, which should concern us all. When it comes to cybersecurity, the consequences can be felt throughout the organization, from the smallest processes to the overall ability of the organization to function. Typically, a cyberattack results in the disclosure of confidential information that undermines your competitive advantage and overall trust. Healthcare as a critical sector has, like many other sectors, a late bet on its transformation to cybersecurity across the board. This dissertation reinforces this need by presenting a value-added solution that helps strengthen the internal processes of healthcare units, enabling their primary mission of saving lives while ensuring the confidentiality and security of patient and institutional data. The solution is presented as a technological composite that translates into a methodology and innovative artifact for integration, monitoring, and security of critical medical infrastructures based on operational use cases. The approach that involves people, processes, and technology is based on a model that foresees the evaluation of potential assets for integration and monitoring, as well as leveraging the efficiency in responding to security incidents with the formal development of a process and mechanisms for alert and resolution of exposure and attack scenarios. On a technical level, the artifact relies on the integration of a medical image archiving system (PACS) into a SIEM to validate application logs that are linked to rules to map anomalous behaviors that trigger the incident management process on an IHS platform with custom-developed features. The choice for integration in the validation prototype of the PACS system is based not only on its importance in the orchestration of activities in the organization of a health institution, but also with the recent recommendations of various cybersecurity agencies and organizations for the importance of their protection in response to the latest trends in cyberattacks. In line with the results obtained, this approach will have full applicability in a real operational context, following the latest practices and technologies in the sector.Os riscos cibernéticos estão cada vez mais difundidos à medida que as organizações de cuidados de saúde desempenham um papel determinante na sociedade. Vários estudos revelaram um aumento das ameaças de cibersegurança no setor, o que nos deve preocupar a todos. Quando se trata de cibersegurança, as consequências podem ser sentidas em toda a organização, desde os mais pequenos processos até à sua capacidade global de funcionamento. Normalmente, um ciberataque resulta na divulgação de informações confidenciais que colocam em causa a sua vantagem competitiva e a confiança geral. O healthcare como setor crítico apresenta, como muitos outros setores, uma aposta tardia na sua transformação para a cibersegurança de forma generalizada. Esta dissertação reforça esta necessidade apresentando uma solução de valor acrescentado que ajuda a potenciar os processos internos das unidades de saúde possibilitando a sua missão principal de salvar vidas, aumentando a garantia de confidencialidade e segurança dos dados dos pacientes e instituições. A solução apresenta-se como um compósito tecnológico que se traduz numa metodologia e artefacto de inovação para integração, monitorização e segurança de infraestruturas médicas críticas baseado em use cases de operação. A abordagem que envolve pessoas, processos e tecnologia assenta num modelo que prevê a avaliação de potenciais ativos para integração e monitorização, como conta alavancar a eficiência na resposta a incidentes de segurança com o desenvolvimento formal de um processo e mecanismos para alerta e resolução de cenários de exposição e ataque. O artefacto, a nível tecnológico, conta com a integração do sistema de arquivo de imagem médica (PACS) num SIEM para validação de logs aplicacionais que estão associados a regras que mapeiam comportamentos anómalos que originam o despoletar do processo de gestão de incidentes numa plataforma IHS com funcionalidades desenvolvidas à medida. A escolha para integração no protótipo de validação do sistema PACS tem por base não só a sua importância na orquestração de atividades na orgânica duma instituição de saúde, mas também com as recentes recomendações de várias agências e organizações de cibersegurança para a importância da sua proteção em resposta às últimas tendências de ciberataques. Em linha com os resultados auscultados, esta abordagem terá total aplicabilidade em contexto real de operação, seguindo as mais recentes práticas e tecnologias no sector

Cyber Security of Critical Infrastructures

Critical infrastructures are vital assets for public safety, economic welfare, and the national security of countries. The vulnerabilities of critical infrastructures have increased with the widespread use of information technologies. As Critical National Infrastructures are becoming more vulnerable to cyber-attacks, their protection becomes a significant issue for organizations as well as nations. The risks to continued operations, from failing to upgrade aging infrastructure or not meeting mandated regulatory regimes, are considered highly significant, given the demonstrable impact of such circumstances. Due to the rapid increase of sophisticated cyber threats targeting critical infrastructures with significant destructive effects, the cybersecurity of critical infrastructures has become an agenda item for academics, practitioners, and policy makers. A holistic view which covers technical, policy, human, and behavioural aspects is essential to handle cyber security of critical infrastructures effectively. Moreover, the ability to attribute crimes to criminals is a vital element of avoiding impunity in cyberspace. In this book, both research and practical aspects of cyber security considerations in critical infrastructures are presented. Aligned with the interdisciplinary nature of cyber security, authors from academia, government, and industry have contributed 13 chapters. The issues that are discussed and analysed include cybersecurity training, maturity assessment frameworks, malware analysis techniques, ransomware attacks, security solutions for industrial control systems, and privacy preservation methods

A Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure (TRACI)

Cybercrime against critical infrastructure such as nuclear reactors, power plants, and dams has been increasing in frequency and severity. Recent literature regarding these types of attacks has been extensive but due to the sensitive nature of this field, there is very little empirical data. We address these issues by integrating Routine Activity Theory and Rational Choice Theory, and we create a classification tool called TRACI (Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure). We take a Design Science Research approach to develop, evaluate, and refine the proposed artifact. We use mix methods to demonstrate that our taxonomy can successfully capture the characteristics of various cyberattacks against critical infrastructure. TRACI consists of three dimensions, and each dimension contains its own subdimensions. The first dimension comprises of hacker motivation, which can be financial, socio-cultural, thrill-seeking, and/or economic. The second dimension represents the assets such as cyber, physical, and/or cyber-physical components. The third dimension is related to threats, vulnerabilities, and controls that are fundamental to establishing and maintaining an information security posture and overall cyber resilience. Our work is among the first to utilize criminological theories and Design Science to create an empirically validated artifact for improving critical infrastructure risk management

Cross Domain IW Threats to SOF Maritime Missions: Implications for U.S. SOF

As cyber vulnerabilities proliferate with the expansion of connected devices, wherein security is often forsaken for ease of use, Special Operations Forces (SOF) cannot escape the obvious, massive risk that they are assuming by incorporating emerging technologies into their toolkits. This is especially true in the maritime sector where SOF operates nearshore in littoral zones. As SOF—in support to the U.S. Navy— increasingly operate in these contested maritime environments, they will gradually encounter more hostile actors looking to exploit digital vulnerabilities. As such, this monograph comes at a perfect time as the world becomes more interconnected but also more vulnerable