Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Holistic Security and Safety for Factories of the Future

The accelerating transition of traditional industrial processes towards fully automated and intelligent manufacturing is being witnessed in almost all segments. This major adoption of enhanced technology and digitization processes has been originally embraced by the Factories of the Future and Industry 4.0 initiatives. The overall aim is to create smarter, more sustainable, and more resilient future-oriented factories. Unsurprisingly, introducing new production paradigms based on technologies such as machine learning (ML), the Internet of Things (IoT), and robotics does not come at no cost as each newly incorporated technique poses various safety and security challenges. Similarly, the integration required between these techniques to establish a unified and fully interconnected environment contributes to additional threats and risks in the Factories of the Future. Accumulating and analyzing seemingly unrelated activities, occurring simultaneously in different parts of the factory, is essential to establish cyber situational awareness of the investigated environment. Our work contributes to these efforts, in essence by envisioning and implementing the SMS-DT, an integrated platform to simulate and monitor industrial conditions in a digital twin-based architecture. SMS-DT is represented in a three-tier architecture comprising the involved data and control flows: edge, platform, and enterprise tiers. The goal of our platform is to capture, analyze, and correlate a wide range of events being tracked by sensors and systems in various domains of the factory. For this aim, multiple components have been developed on the basis of artificial intelligence to simulate dominant aspects in industries, including network analysis, energy optimization, and worker behavior. A data lake was also used to store collected information, and a set of intelligent services was delivered on the basis of innovative analysis and learning approaches. Finally, the platform was tested in a textile industry environment and integrated with its ERP system. Two misuse cases were simulated to track the factory machines, systems, and people and to assess the role of SMS-DT correlation mechanisms in preventing intentional and unintentional actions. The results of these misuse case simulations showed how the SMS-DT platform can intervene in two domains in the first scenario and three in the second one, resulting in correlating the alerts and reporting them to security operators in the multi-domain intelligent correlation dashboard.The present work has been developed under the EUREKA ITEA3 Project Cyber-Factory#1 (ITEA-17032) and Project CyberFactory#1PT (ANI—P2020 40124) co-funded by Portugal 2020. Furthermore, this work also received funding from the project UIDB/00760/2020.info:eu-repo/semantics/publishedVersio

A Survey on Industrial Control System Testbeds and Datasets for Security Research

The increasing digitization and interconnection of legacy Industrial Control Systems (ICSs) open new vulnerability surfaces, exposing such systems to malicious attackers. Furthermore, since ICSs are often employed in critical infrastructures (e.g., nuclear plants) and manufacturing companies (e.g., chemical industries), attacks can lead to devastating physical damages. In dealing with this security requirement, the research community focuses on developing new security mechanisms such as Intrusion Detection Systems (IDSs), facilitated by leveraging modern machine learning techniques. However, these algorithms require a testing platform and a considerable amount of data to be trained and tested accurately. To satisfy this prerequisite, Academia, Industry, and Government are increasingly proposing testbed (i.e., scaled-down versions of ICSs or simulations) to test the performances of the IDSs. Furthermore, to enable researchers to cross-validate security systems (e.g., security-by-design concepts or anomaly detectors), several datasets have been collected from testbeds and shared with the community. In this paper, we provide a deep and comprehensive overview of ICSs, presenting the architecture design, the employed devices, and the security protocols implemented. We then collect, compare, and describe testbeds and datasets in the literature, highlighting key challenges and design guidelines to keep in mind in the design phases. Furthermore, we enrich our work by reporting the best performing IDS algorithms tested on every dataset to create a baseline in state of the art for this field. Finally, driven by knowledge accumulated during this survey's development, we report advice and good practices on the development, the choice, and the utilization of testbeds, datasets, and IDSs

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Simulating the Impact of Traffic Calming Strategies

This study assessed the impact of traffic calming measures to the speed, travel times and capacity of residential roadways. The study focused on two types of speed tables, speed humps and a raised crosswalk. A moving test vehicle equipped with GPS receivers that allowed calculation of speeds and determination of speed profiles at 1s intervals were used. Multi-regime model was used to provide the best fit using steady state equations; hence the corresponding speed-flow relationships were established for different calming scenarios. It was found that capacities of residential roadway segments due to presence of calming features ranged from 640 to 730 vph. However, the capacity varied with the spacing of the calming features in which spacing speed tables at 1050 ft apart caused a 23% reduction in capacity while 350-ft spacing reduced capacity by 32%. Analysis showed a linear decrease of capacity of approximately 20 vphpl, 37 vphpl and 34 vphpl when 17 ft wide speed tables were spaced at 350 ft, 700 ft, and 1050 ft apart respectively. For speed hump calming features, spacing humps at 350 ft reduced capacity by about 33% while a 700 ft spacing reduced capacity by 30%. The study concludes that speed tables are slightly better than speed humps in terms of preserving the roadway capacity. Also, traffic calming measures significantly reduce the speeds of vehicles, and it is best to keep spacing of 630 ft or less to achieve desirable crossing speeds of less or equal to 15 mph especially in a street with schools nearby. A microscopic simulation model was developed to replicate the driving behavior of traffic on urban road diets roads to analyze the influence of bus stops on traffic flow and safety. The impacts of safety were assessed using surrogate measures of safety (SSAM). The study found that presence of a bus stops for 10, 20 and 30 s dwell times have almost 9.5%, 12%, and 20% effect on traffic speed reductions when 300 veh/hr flow is considered. A comparison of reduction in speed of traffic on an 11 ft wide road lane of a road diet due to curbside stops and bus bays for a mean of 30s with a standard deviation of 5s dwell time case was conducted. Results showed that a bus stop bay with the stated bus dwell time causes an approximate 8% speed reduction to traffic at a flow level of about 1400 vph. Analysis of the trajectories from bust stop locations showed that at 0, 25, 50, 75, 100, 125, 150, and 175 feet from the intersection the number of conflicts is affected by the presence and location of a curbside stop on a segment with a road diet

Transport Systems: Safety Modeling, Visions and Strategies

This reprint includes papers describing the synthesis of current theory and practice of planning, design, operation, and safety of modern transport, with special focus on future visions and strategies of transport sustainability, which will be of interest to scientists dealing with transport problems and generally involved in traffic engineering as well as design, traffic networks, and maintenance engineers

Analysis, simulation and testing of ITS applications based on wireless communication technologies

Intelligent Transportation Systems (ITS) aim to improve road transport safety and efficiency, to manage road networks in the interest of the society and to provide real time responses to events. In order to reach these goals, real time feedback to the drivers is expected through the integration of telecommunications, sensing and information technologies with transport engineering. Wireless communication technologies, that have been used in industrial applications for more than 30 years, play a crucial role in ITS, as based on the concept of multiple devices (on both vehicle and infrastructure side) interconnected in different ways. Connectivity, in tandem with sensing technologies, is fuelling the innovations that will inevitably lead to the next big opportunity for road transport: autonomous vehicles. Therefore, this study has investigated - through analysis, simulation and field testing – on applications based on wireless communication technologies meant to support both Data acquisition and Data diffusion as fundamental aspects/ phases in ITS, where data is widely individuated as being the key element

Toward a Bio-Inspired System Architecting Framework: Simulation of the Integration of Autonomous Bus Fleets & Alternative Fuel Infrastructures in Closed Sociotechnical Environments

Cities are set to become highly interconnected and coordinated environments composed of emerging technologies meant to alleviate or resolve some of the daunting issues of the 21st century such as rapid urbanization, resource scarcity, and excessive population demand in urban centers. These cybernetically-enabled built environments are expected to solve these complex problems through the use of technologies that incorporate sensors and other data collection means to fuse and understand large sums of data/information generated from other technologies and its human population. Many of these technologies will be pivotal assets in supporting and managing capabilities in various city sectors ranging from energy to healthcare. However, among these sectors, a significant amount of attention within the recent decade has been in the transportation sector due to the flood of new technological growth and cultivation, which is currently seeing extensive research, development, and even implementation of emerging technologies such as autonomous vehicles (AVs), the Internet of Things (IoT), alternative xxxvi fueling sources, clean propulsion technologies, cloud/edge computing, and many other technologies. Within the current body of knowledge, it is fairly well known how many of these emerging technologies will perform in isolation as stand-alone entities, but little is known about their performance when integrated into a transportation system with other emerging technologies and humans within the system organization. This merging of new age technologies and humans can make analyzing next generation transportation systems extremely complex to understand. Additionally, with new and alternative forms of technologies expected to come in the near-future, one can say that the quantity of technologies, especially in the smart city context, will consist of a continuously expanding array of technologies whose capabilities will increase with technological advancements, which can change the performance of a given system architecture. Therefore, the objective of this research is to understand the system architecture implications of integrating different alternative fueling infrastructures with autonomous bus (AB) fleets in the transportation system within a closed sociotechnical environment. By being able to understand the system architecture implications of alternative fueling infrastructures and AB fleets, this could provide performance-based input into a more sophisticated approach or framework which is proposed as a future work of this research

Building Effective Network Security Frameworks using Deep Transfer Learning Techniques

Network traffic is growing at an outpaced speed globally. According to the 2020 Cisco Annual Report, nearly two-thirds of the global population will have internet connectivity by the year 2023. The number of devices connected to IP networks will also triple the total world population\u27s size by the same year. The vastness of forecasted network infrastructure opens opportunities for new technologies and businesses to take shape, but it also increases the surface of security vulnerabilities. The number of cyberattacks are growing worldwide and are becoming more diverse and sophisticated. Classic network intrusion detection architectures monitor a system to detect malicious activities and policy violations in its information stream using various signature libraries. Still, due to a heavy inflow of network traffic in modern network infrastructures, it becomes easier for cybercriminals to infiltrate systems undetected to steal or destroy information assets successfully. Classic network intrusion detection architectures\u27 speed and efficiency also fail to meet expectations in a real-time processing scenario. Considering the above limitations, this thesis aims to present novel methodologies to design and architect network intrusion detection systems using applied deep learning techniques. Neural networks can derive patterns and signatures from a raw dataset and use the learned signatures to predict the nature and classify the forthcoming data at an outpaced speed. The robustness of neural network architecture can be augmented to build a real-time and efficient network security framework. In this paper, we will study various machine learning and deep learning concepts as well as techniques. Combining the strengths of the presented models for their latent feature extraction, memory retention, and classification abilities, we will develop a hybrid network intrusion detection system using the CNN-LSTM architecture. Further, we will compare our results with the recent research in this field of study