Countering Cybersecurity Vulnerabilities in the Power System

Security vulnerabilities in software pose an important threat to power grid security, which can be exploited by attackers if not properly addressed. Every month, many vulnerabilities are discovered and all the vulnerabilities must be remediated in a timely manner to reduce the chance of being exploited by attackers. In current practice, security operators have to manually analyze each vulnerability present in their assets and determine the remediation actions in a short time period, which involves a tremendous amount of human resources for electric utilities. To solve this problem, we propose a machine learning-based automation framework to automate vulnerability analysis and determine the remediation actions for electric utilities. Then the determined remediation actions will be applied to the system to remediate vulnerabilities. However, not all vulnerabilities can be remediated quickly due to limited resources and the remediation action applying order will significantly affect the system\u27s risk level. Thus it is important to schedule which vulnerabilities should be remediated first. We will model this as a scheduling optimization problem to schedule the remediation action applying order to minimize the total risk by utilizing vulnerabilities\u27 impact and their probabilities of being exploited. Besides, an electric utility also needs to know whether vulnerabilities have already been exploited specifically in their own power system. If a vulnerability is exploited, it has to be addressed immediately. Thus, it is important to identify whether some vulnerabilities have been taken advantage of by attackers to launch attacks. Different vulnerabilities may require different identification methods. In this dissertation, we explore identifying exploited vulnerabilities by detecting and localizing false data injection attacks and give a case study in the Automatic Generation Control (AGC) system, which is a key control system to keep the power system\u27s balance. However, malicious measurements can be injected to exploited devices to mislead AGC to make false power generation adjustment which will harm power system operations. We propose Long Short Term Memory (LSTM) Neural Network-based methods and a Fourier Transform-based method to detect and localize such false data injection attacks. Detection and localization of such attacks could provide further information to better prioritize vulnerability remediation actions

Sandy Regional Assembly SIRR Analysis

The NYC Mayor's Special Initiative for Rebuilding and Resiliency (SIRR) is a comprehensive effort to formulate recommendations guiding the rebuilding of neighborhoods impacted by Superstorm Sandy, and increase the resiliency of New York City as a whole. The plan combines citywide proposals with neighborhood-specific interventions in various neighborhoods. The federal Hurricane Sandy Rebuilding Task Force administered by HUD is responsible for overseeing the rebuilding and allocation of funds for all post-Sandy projects funded by the federal government; the Task Force is also charged with preparing a Hurricane Sandy Rebuilding Strategy to present to President Obama by August 2nd. Recommendations in the SIRR Report include plans to allocate the $294 million in HUD funding already provided to New York City and must comply with the Hurricane Sandy Rebuilding Task Force guidelines. After the Mayor's SIRR Report was released in June 2013, the Sandy Regional Assembly met to assess whether community-defined priorities and recommendations had made it into the Mayor's recovery plans. The following assessment reviews the SIRR Report from the context of the Sandy Regional Assembly Recovery Agenda, including both areas where there is synergy with the goals and recommendations of the Agenda and areas where the SIRR failed to address critical community priorities

Cyber Defense Remediation in Energy Delivery Systems

The integration of Information Technology (IT) and Operational Technology (OT) in Cyber-Physical Systems (CPS) has resulted in increased efficiency and facilitated real-time information acquisition, processing, and decision making. However, the increase in automation technology and the use of the internet for connecting, remote controlling, and supervising systems and facilities has also increased the likelihood of cybersecurity threats that can impact safety of humans and property. There is a need to assess cybersecurity risks in the power grid, nuclear plants, chemical factories, etc. to gain insight into the likelihood of safety hazards. Quantitative cybersecurity risk assessment will lead to informed cyber defense remediation and will ensure the presence of a mitigation plan to prevent safety hazards. In this dissertation, using Energy Delivery Systems (EDS) as a use case to contextualize a CPS, we address key research challenges in managing cyber risk for cyber defense remediation. First, we developed a platform for modeling and analyzing the effect of cyber threats and random system faults on EDS\u27s safety that could lead to catastrophic damages. We developed a data-driven attack graph and fault graph-based model to characterize the exploitability and impact of threats in EDS. We created an operational impact assessment to quantify the damages. Finally, we developed a strategic response decision capability that presents optimal mitigation actions and policies that balance the tradeoff between operational resilience (tactical risk) and strategic risk. Next, we addressed the challenge of management of tactical risk based on a prioritized cyber defense remediation plan. A prioritized cyber defense remediation plan is critical for effective risk management in EDS. Due to EDS\u27s complexity in terms of the heterogeneous nature of blending IT and OT and Industrial Control System (ICS), scale, and critical processes tasks, prioritized remediation should be applied gradually to protect critical assets. We proposed a methodology for prioritizing cyber risk remediation plans by detecting and evaluating critical EDS nodes\u27 paths. We conducted evaluation of critical nodes characteristics based on nodes\u27 architectural positions, measure of centrality based on nodes\u27 connectivity and frequency of network traffic, as well as the controlled amount of electrical power. The model also examines the relationship between cost models of budget allocation for removing vulnerabilities on critical nodes and their impact on gradual readiness. The proposed cost models were empirically validated in an existing network ICS test-bed computing nodes criticality. Two cost models were examined, and although varied, we concluded the lack of correlation between types of cost models to most damageable attack path and critical nodes readiness. Finally, we proposed a time-varying dynamical model for the cyber defense remediation in EDS. We utilize the stochastic evolutionary game model to simulate the dynamic adversary of cyber-attack-defense. We leveraged the Logit Quantal Response Dynamics (LQRD) model to quantify real-world players\u27 cognitive differences. We proposed the optimal decision making approach by calculating the stable evolutionary equilibrium and balancing defense costs and benefits. Case studies on EDS indicate that the proposed method can help the defender predict possible attack action, select the related optimal defense strategy over time, and gain the maximum defense payoffs. We also leveraged software-defined networking (SDN) in EDS for dynamical cyber defense remediation. We presented an approach to aid the selection security controls dynamically in an SDN-enabled EDS and achieve tradeoffs between providing security and Quality of Service (QoS). We modeled the security costs based on end-to-end packet delay and throughput. We proposed a non-dominated sorting based multi-objective optimization framework which can be implemented within an SDN controller to address the joint problem of optimizing between security and QoS parameters by alleviating time complexity at O(MN2). The M is the number of objective functions, and N is the population for each generation, respectively. We presented simulation results that illustrate how data availability and data integrity can be achieved while maintaining QoS constraints

Greening development finance in the Americas

This repository item contains a report from the Boston University Global Economic Governance Initiative. The Global Economic Governance Initiative (GEGI) is a research program of the Center for Finance, Law & Policy, the Frederick S. Pardee Center for the Study of the Longer-Range Future, and the Frederick S. Pardee School of Global Studies. It was founded in 2008 to advance policy-relevant knowledge about governance for financial stability, human development, and the environment

Understanding Malicious Attacks Against Infrastructures - Overview on the Assessment and Management of Threats and Attacks to Industrial Control Systems

This report describes approaches to the assessment and management of malicious threats and attacks relating to critical infrastructures in general, and electric power infrastructures in particular. Securing infrastructures implies taking into account both the natural and man-made (intentional) events. While protecting against the natural disruptive events is a feasible (yet not trivial) task, benefiting by well-established practices, dealing with intentional attacks comes up across many difficulties, especially due to the unpredictability of such events. The report outlines the state-of-the-art in dealing with threats and malicious attacks, considering both physical and cyber actions. Several approaches taken at national and international levels towards securing the critical infrastructures are also provided.JRC.G.6-Sensors, radar technologies and cybersecurit

An intelligent system for vulnerability and remediation assessment of flooded residential buildings

Floods are natural phenomena which are a threat to human settlements. Flooding can result in costly repairs to buildings, loss of business and, in some cases, loss of life. The forecasts for climate change show a further increased risk of flooding in future years. Accordingly, the flooding of residential property has been observed as on the rise in the UK. It is difficult to prevent floods from occurring, but the effects of flooding can be managed in an attempt to reduce risks and costs of repair. This can be achieved through ensuring a good understanding of the problem, and thereby establishing good management systems which are capable of dealing with all aspects of the flood. The use of an intelligent system for assessment and remediation of buildings subjected to flooding damage can facilitate the management of this problem. Such a system can provide guidance for the assessment of vulnerability and the repair of flood damaged residential buildings; this could save time and money through the use of the advantages and benefits offered by knowledge base systems. A prototype knowledge base system has been developed in this research. The system comprises three subsystems: degree of vulnerability assessment subsystem; remediation options subsystem; and foundation damage assessment subsystem. The vulnerability assessment subsystem is used to calculate the degree of vulnerability, which will then be used by the remediation options subsystem to select remediation options strategy. The vulnerability assessment subsystem can subsequently be used to calculate the degree to which the building is vulnerable to damage by flooding even if it is not flooded. Remediation options subsystem recommended two strategy options: either ordinary remediation options in the case of vulnerability being low or, alternatively, resilience remediation options in the case of vulnerability being high. The foundation damage assessment subsystem is working alone and is used to assess the damage caused by flooding to the building s foundation, and to thereby recommend a repair option based on the damage caused and foundation type. The system has been developed based on the knowledge acquired from different sources and methods, including survey questionnaires, documents, interviews, and workshops. The system is then evaluated by experts and professionals in the industry. The developed system makes a contribution in the management and standardisation of residential building flooded damage and repair

Protecting critical infrastructure in the EU: CEPS task force report

2sìCritical infrastructures such as energy, communications, banking, transportation, public government services, information technology etc., are more vital to industrialized economies and now than ever before. At the same time, these infrastructures are becoming increasingly dependent on each other, such that failure of one of them can often propagate and result in domino effects. The emerging challenge of Critical (information) Infrastructure Protection (C(I)IP) has been recognized by nearly all member states of the European Union: politicians are increasingly aware of the threats posed by radical political movements and terrorist attacks, as well as the need to develop better response capacity in case of natural disasters. Responses to these facts have been in line with the available resources and possibilities of each country, so that certain countries are already quite advanced in translating the C(I)IP challenge into measures, whereas others are lagging behind. In the international arena of this policy domain, Europe is still in search of a role to play. Recently, CIIP policy has been integrated in the EU Digital Agenda, which testifies to the growing importance of securing resilient infrastructures for the future. This important and most topical Task Force Report is the result of in-depth discussions between experts from different backgrounds and offers a number of observations and recommendations for a more effective and joined-up European policy response to the protection of critical infrastructure.openopenAndrea Renda; Bernhard HaemmerliRenda, Andrea; Bernhard, Haemmerl