Risk based resilient network design

This paper presents a risk-based approach to resilient network design. The basic design problem considered is that given a working network and a fixed budget, how best to allocate the budget for deploying a survivability technique in different parts of the network based on managing the risk. The term risk measures two related quantities: the likelihood of failure or attack, and the amount of damage caused by the failure or attack. Various designs with different risk-based design objectives are considered, for example, minimizing the expected damage, minimizing the maximum damage, and minimizing a measure of the variability of damage that could occur in the network. A design methodology for the proposed risk-based survivable network design approach is presented within an optimization model framework. Numerical results and analysis illustrating the different risk based designs and the tradeoffs among the schemes are presented. © 2011 Springer Science+Business Media, LLC

Combating False Reports for Secure Networked Control in Smart Grid via Trustiness Evaluation

Smart grid, equipped with modern communication infrastructures, is subject to possible cyber attacks. Particularly, false report attacks which replace the sensor reports with fraud ones may cause the instability of the whole power grid or even result in a large area blackout. In this paper, a trustiness system is introduced to the controller, who computes the trustiness of different sensors by comparing its prediction, obtained from Kalman filtering, on the system state with the reports from sensor. The trustiness mechanism is discussed and analyzed for the Linear Quadratic Regulation (LQR) controller. Numerical simulations show that the trustiness system can effectively combat the cyber attacks to smart grid.Comment: It has been submitted to IEEE International Conference on Communications (ICC

Towards Quantifying Programmable Logic Controller Resilience Against Intentional Exploits

Supervisory Control and Data Acquisition (SCADA) systems control and monitor services for the nation\u27s critical infrastructure. Recent cyber induced events (e.g., Stuxnet) provide an example of a targeted, covert cyber attack against a SCADA system that resulted in physical effects. Of particular note is how Stuxnet exploited the trust relationship between the human machine interface (HMI) and programmable logic controllers (PLCs). Current methods for validating system operating parameters rely on message exchange and network communications protocols, generally observed at the HMI. Although sufficient at the macro level, this method does not provide detection of malware that exhibits physical effects via covert manipulation of the PLC, as demonstrated by Stuxnet. In this research, an alternative method that leverages direct analysis of PLC input and output to derive the true state of SCADA end-devices is introduced. The behavioral input-output characteristics are modeled using Petri nets to derive metrics for quantifying resilient properties of systems against malicious exploits. The results yield metrics that are applicable towards quantifying resilience in PLCs and implementing real-time security solutions. These findings enable detecting programming changes that affect input and output relationships, identifying the degree of deviation from a baseline program, and minimizing performance losses against disruptive events

A Framework for Understanding, Prioritizing, and Applying Systems Security Engineering Processes, Activities, and Tasks

Current systems security practices lack an effective approach to prioritize and tailor systems security efforts to develop and field secure systems in challenging operational environments, which results in business and mission stakeholders becoming more susceptible to an array of disruptive events. This work informs Systems Engineers on recent developments in the field of system security engineering and provides a framework for more fully understanding the application of Systems Security Engineering (SSE) processes, activities, and tasks as described in the recently released National Institute of Standards and Technology (NIST) Special Publication 800-160. This SSE framework uniquely offers a repeatable and tailorable methodology that allows system developers to focus on high Return-on-Investment (RoI) SSE processes, activities, and tasks to more efficiently meet stakeholder protection needs and deliver trustworthy secure systems

Robustness of Interdependent Networks: The case of communication networks and the power grid

In this paper, we study the robustness of interdependent networks, in which the state of one network depends on the state of the other network and vice versa. In particular, we focus on the interdependency between the power grid and communication networks, where the grid depends on communications for its control, and the communication network depends on the grid for power. A real-world example is the Italian blackout of 2003, when a small failure in the power grid cascaded between the two networks and led to a massive blackout. In this paper, we study the minimum number of node failures needed to cause total blackout (i.e., all nodes in both networks to fail). In the case of unidirectional interdependency between the networks we show that the problem is NP-hard, and develop heuristics to find a near-optimal solution. On the other hand, we show that in the case of bidirectional interdependency this problem can be solved in polynomial time. We believe that this new interdependency model gives rise to important, yet unexplored, robust network design problems for interdependent networked infrastructures.Comment: 6 pages, submitted to GlobeCom 201

Classifying resilience approaches for protecting smart grids against cyber threats

Smart grids (SG) draw the attention of cyber attackers due to their vulnerabilities, which are caused by the usage of heterogeneous communication technologies and their distributed nature. While preventing or detecting cyber attacks is a well-studied field of research, making SG more resilient against such threats is a challenging task. This paper provides a classification of the proposed cyber resilience methods against cyber attacks for SG. This classification includes a set of studies that propose cyber-resilient approaches to protect SG and related cyber-physical systems against unforeseen anomalies or deliberate attacks. Each study is briefly analyzed and is associated with the proper cyber resilience technique which is given by the National Institute of Standards and Technology in the Special Publication 800-160. These techniques are also linked to the different states of the typical resilience curve. Consequently, this paper highlights the most critical challenges for achieving cyber resilience, reveals significant cyber resilience aspects that have not been sufficiently considered yet and, finally, proposes scientific areas that should be further researched in order to enhance the cyber resilience of SG.Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature. Funding for open access charge: Universidad de Málaga / CBUA

Introduction of programmable logic controller in industrial engineering curriculum

Recent trends in process control and industrial automation scenarios have resulted in the emergence of many pioneering techniques that have revolutionized the manufacturing industry. In order to maintain quality and precision, advances have been associated with the increasing use of microprocessors in process control applications. Most of the industrial process control systems utilize Programmable Logic Controllers (PLC). Also due to the increase in internet usage and recent innovations in PLC software, remote monitoring and PLC control of process through the internet is also a recent trend. This thesis presents course/lab material for integration in the Industrial Engineering curriculum. The course/lab content was designed to improve the student\u27s knowledge and to broaden the industrial engineering curriculum at West Virginia University (WVU). This thesis proposes the use of inexpensive T100MD+ PLCs. A traffic light control system was developed to introduce the fundamental concepts of Boolean algebra and real-time control. A series of control exercises can be carried on the traffic light system. A temperature sensitive system was also developed. Students can test various PID control strategies on this hardware/software platform. Students will also have the ability to control the process via the internet