Automated Model-based Attack Tree Analysis using HiP-HOPS

As Cyber-Physical Systems (CPS) grow increasingly complex and interact with external CPS, system security remains a nontrivial challenge that continues to scale accordingly, with potentially devastating consequences if left unchecked. While there is a significant body of work on system security found in industry practice, manual diagnosis of security vulnerabilities is still widely applied. Such approaches are typically resource-intensive, scale poorly and introduce additional risk due to human error. In this paper, a model-based approach for Security Attack Tree analysis using the HiP-HOPS dependability analysis tool is presented. The approach is demonstrated within the context of a simple web-based medical application to automatically generate attack trees, encapsulated as Digital Dependability Identities (DDIs), for offline security analysis. The paper goes on to present how the produced DDIs can be used to approach security maintenance, identifying security capabilities and controls to counter diagnosed vulnerabilities

Kyberuhat konttisataman automaatiojärjestelmässä

The rapid development in connectivity of Industrial Control Systems has created a new security threat in all industrial sectors, and the maritime sector is no exception. Therefore this thesis explores cyber threats in a container terminal automation system using two methods: literature review and attack tree analysis. In this thesis, cyber threats in Industrial Control Systems were first studied in general by the means of a literature review. Then, the identified threats were applied to a software component of a terminal automation system using attack trees. Attack trees are a tool that helps in visualizing different cyber attacks. Based on the results, threats were classified in risk categories and the most problematic areas were identified. Finally, suggestions were made on how to improve cyber security of the component assessed and of the terminal automation system in general. Based on the literature review, ten different risk categories were identified. The categories cover various attacks ranging from malware and Denial-of-Service attacks all the way to physical and social attacks. When assessing the software component, three problem areas were identified: susceptibility to Denial-of-Service attacks, weak protection of communication and vulnerability of a certain software sub-component. The suggested security improvements include changes to the network design, use of stronger authentication and better management of the process automation network

Kyberuhat konttisataman automaatiojärjestelmässä

The rapid development in connectivity of Industrial Control Systems has created a new security threat in all industrial sectors, and the maritime sector is no exception. Therefore this thesis explores cyber threats in a container terminal automation system using two methods: literature review and attack tree analysis. In this thesis, cyber threats in Industrial Control Systems were first studied in general by the means of a literature review. Then, the identified threats were applied to a software component of a terminal automation system using attack trees. Attack trees are a tool that helps in visualizing different cyber attacks. Based on the results, threats were classified in risk categories and the most problematic areas were identified. Finally, suggestions were made on how to improve cyber security of the component assessed and of the terminal automation system in general. Based on the literature review, ten different risk categories were identified. The categories cover various attacks ranging from malware and Denial-of-Service attacks all the way to physical and social attacks. When assessing the software component, three problem areas were identified: susceptibility to Denial-of-Service attacks, weak protection of communication and vulnerability of a certain software sub-component. The suggested security improvements include changes to the network design, use of stronger authentication and better management of the process automation network

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic literature review, and identify 7 integrated safety and security risk assessment methods. We analyze these methods based on 5 different criteria, and identify key characteristics and applications. A key outcome is the distinction between sequential and non-sequential integration of safety and security, related to the order in which safety and security risks are assessed. This study provides a basis for developing more effective integrated safety and security risk assessment methods in the future

SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach

This paper presents the development of a Supervisory Control and Data Acquisition (SCADA) system testbed used for cybersecurity research. The testbed consists of a water storage tank's control system, which is a stage in the process of water treatment and distribution. Sophisticated cyber-attacks were conducted against the testbed. During the attacks, the network traffic was captured, and features were extracted from the traffic to build a dataset for training and testing different machine learning algorithms. Five traditional machine learning algorithms were trained to detect the attacks: Random Forest, Decision Tree, Logistic Regression, Naive Bayes and KNN. Then, the trained machine learning models were built and deployed in the network, where new tests were made using online network traffic. The performance obtained during the training and testing of the machine learning models was compared to the performance obtained during the online deployment of these models in the network. The results show the efficiency of the machine learning models in detecting the attacks in real time. The testbed provides a good understanding of the effects and consequences of attacks on real SCADA environmentsComment: E-Preprin

Adversarial behaviours knowledge area

The technological advancements witnessed by our society in recent decades have brought improvements in our quality of life, but they have also created a number of opportunities for attackers to cause harm. Before the Internet revolution, most crime and malicious activity generally required a victim and a perpetrator to come into physical contact, and this limited the reach that malicious parties had. Technology has removed the need for physical contact to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attacker’s motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio