Vulnerability and resilience of cyber-physical power systems: results from an empirical-based study

Power systems are undergoing a profound transformation towards cyber-physical systems. Disruptive changes due to energy system transition and the complexity of the interconnected systems expose the power system to new, unknown and unpredictable risks. To identify the critical points, a vulnerability assessment was conducted, involving experts from power as well as information and communication technologies (ICT) sectors. Weaknesses were identified e.g.,the lack of policy enforcement worsened by the unreadiness of involved actors. The complex dynamics of ICT makes it infeasible to keep a complete inventory of potential stressors to define appropriate preparation and prevention mechanisms. Therefore, we suggest applying a resilience management approach to increase the resilience of the system. It aims at a better ride through failures rather than building higher walls. We conclude that building resilience in cyber-physical power systems is feasible and helps in preparing for the unexpected

Multi-Layer Cyber-Physical Security and Resilience for Smart Grid

The smart grid is a large-scale complex system that integrates communication technologies with the physical layer operation of the energy systems. Security and resilience mechanisms by design are important to provide guarantee operations for the system. This chapter provides a layered perspective of the smart grid security and discusses game and decision theory as a tool to model the interactions among system components and the interaction between attackers and the system. We discuss game-theoretic applications and challenges in the design of cross-layer robust and resilient controller, secure network routing protocol at the data communication and networking layers, and the challenges of the information security at the management layer of the grid. The chapter will discuss the future directions of using game-theoretic tools in addressing multi-layer security issues in the smart grid.Comment: 16 page

Evaluating Cascading Impact of Attacks on Resilience of Industrial Control Systems: A Design-Centric Modeling Approach

A design-centric modeling approach was proposed to model the behaviour of the physical processes controlled by Industrial Control Systems (ICS) and study the cascading impact of data-oriented attacks. A threat model was used as input to guide the construction of the CPS model where control components which are within the adversary's intent and capabilities are extracted. The relevant control components are subsequently modeled together with their control dependencies and operational design specifications. The approach was demonstrated and validated on a water treatment testbed. Attacks were simulated on the testbed model where its resilience to attacks was evaluated using proposed metrics such as Impact Ratio and Time-to-Critical-State. From the analysis of the attacks, design strengths and weaknesses were identified and design improvements were recommended to increase the testbed's resilience to attacks

Building resilient cyber-physical power systems: an approach using vulnerability assessment and resilience management

Power systems are undergoing a profound transformation towards cyber- physical systems. Disruptive changes due to energy system transition and the complexity of the interconnected systems expose the power system to new, unknown, and unpredictable risks. To identify the critical points, a vulnerability assessment was conducted, involving experts from the power as well as the information and communication technologies (ICT) sectors. Weaknesses were identified, e. g., the lack of policy enforcement, which are worsened by the unreadiness of the actors involved. Due to the complex dynamics of ICT, it is infeasible to keep a complete inventory of potential stressors to define appropriate preparation and prevention mechanisms. Therefore, we suggest applying a resilience management approach to increase the resilience of the system. It aims at better riding through failures rather than building higher walls. We conclude that building resilience in cyber-physical power systems is feasible and helps in preparing for the unexpected.Energiesysteme befinden sich in einem tiefgreifenden Wandel hin zu cyber- physischen Systemen. Disruptive Veränderungen, die von der Transformation des Energiesystems und der Komplexität der miteinander verbundenen Systeme herrühren, setzen das Stromnetz neuen, unbekannten Risiken aus. Mit einer Vulnerabilitätsanalyse unter Einbeziehung von Experten aus den Bereichen Energie und Informations- und Kommunikationstechnologien (IKT) wurden Schwachstellen identifiziert, z. B. Nachteile durch die fehlende Durchsetzung von Regulierungen, und eine mangelnde Anpassungsbereitschaft der beteiligten Akteure. Die komplexe IKT-Dynamik macht es unmöglich, potenzielle Stressoren vollständig zu erfassen, um geeignete Präventionsmechanismen zu definieren. Die vorgeschlagenen Resilienzmanagementmaßnahmen zielen darauf ab, Krisen besser zu bewältigen, anstatt auf höhere Barrieren zu setzen. Die Resilienz cyber-physikalischer Energiesysteme ist möglich

Conceptualizing human resilience in the face of the global epidemiology of cyber attacks

Computer security is a complex global phenomenon where different populations interact, and the infection of one person creates risk for another. Given the dynamics and scope of cyber campaigns, studies of local resilience without reference to global populations are inadequate. In this paper we describe a set of minimal requirements for implementing a global epidemiological infrastructure to understand and respond to large-scale computer security outbreaks. We enumerate the relevant dimensions, the applicable measurement tools, and define a systematic approach to evaluate cyber security resilience. From the experience in conceptualizing and designing a cross-national coordinated phishing resilience evaluation we describe the cultural, logistic, and regulatory challenges to this proposed public health approach to global computer assault resilience. We conclude that mechanisms for systematic evaluations of global attacks and the resilience against those attacks exist. Coordinated global science is needed to address organised global ecrime