Electric System Vulnerabilities: a State of the Art of Defense Technologies

Vulnerability of the European electrical infrastructure appears to be growing due to several factors: - demand is always growing, and, although this growth may be forecast, it cannot be anytime easily faced; - transactions increase, following electrical system liberalisation, and this involves operating the whole infrastructure closer to the system capacity and security limits; - an increased control systems complexity, required for secure system operation, may in turn raise system vulnerability, due both to accidental faults and malicious attacks; - critical infrastructures, and the electrical system primarily, are well known to be a privileged target in warfare, as well as terrorist attacks. In recent years, both Europe and America have experienced a significant number of huge blackouts, whose frequency and impact looks progressively growing. These events had common roots in the fact that current risk assessment methodologies and current system controls appear to be no longer adequate. Beyond the growing complexity of the electrical system as a whole, two main reasons can be listed: - system analysis procedures based on these methodologies did not identify security threats emerging from failures of critical physical components; - on-line controls were not able to avoid system collapse. This report provides a state-of-the-art of the technology on both regards: - as far as risk assessment methodologies are concerned, an overview of the conceptual power system reliability framework is provided, and the current N-1 principle for risk assessment in power systems is introduced, together with off-the-shelf enforcement methodologies, like optimal power flow. Emerging methodologies for dynamic security assessment are also discussed. The power system reliability approach is compared with the global approach to dependability introduced by computer scientists, and the conceptual clashes pointed out. Ways ahead to conciliate both views are outlined. - concerning power system controls, the report overviews the existing defense plans, making specific reference to the current Italian situation. The two major recent blackout events in the American North East and Italy are analysed, and the drawbacks of the existing arrangements and the installed control systems are discussed. Emerging technologies, such as phasor measurement units and wide area protection are introduced. Their likely impact on the existing control room is discussed. Finally, potential cyber vulnerabilities of the new control systems are introduced, the role of communication standards in that context is discussed, and an overview of the current state of the art is presented.JRC.G.6-Sensors, radar technologies and cybersecurit

Efficient Passive ICS Device Discovery and Identification by MAC Address Correlation

Owing to a growing number of attacks, the assessment of Industrial Control Systems (ICSs) has gained in importance. An integral part of an assessment is the creation of a detailed inventory of all connected devices, enabling vulnerability evaluations. For this purpose, scans of networks are crucial. Active scanning, which generates irregular traffic, is a method to get an overview of connected and active devices. Since such additional traffic may lead to an unexpected behavior of devices, active scanning methods should be avoided in critical infrastructure networks. In such cases, passive network monitoring offers an alternative, which is often used in conjunction with complex deep-packet inspection techniques. There are very few publications on lightweight passive scanning methodologies for industrial networks. In this paper, we propose a lightweight passive network monitoring technique using an efficient Media Access Control (MAC) address-based identification of industrial devices. Based on an incomplete set of known MAC address to device associations, the presented method can guess correct device and vendor information. Proving the feasibility of the method, an implementation is also introduced and evaluated regarding its efficiency. The feasibility of predicting a specific device/vendor combination is demonstrated by having similar devices in the database. In our ICS testbed, we reached a host discovery rate of 100% at an identification rate of more than 66%, outperforming the results of existing tools.Comment: http://dx.doi.org/10.14236/ewic/ICS2018.

US-CERT Control System Center Input/Output (I/O) Conceputal Design

This document was prepared for the US-CERT Control Systems Center of the National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs the federal departments to identify and prioritize critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the NCSD to address the control system security component addressed in the National Strategy to Secure Cyberspace and the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems; the I/O upgrade described in this document supports these goals. The vulnerability assessment Test Bed, located in the Information Operations Research Center (IORC) facility at Idaho National Laboratory (INL), consists of a cyber test facility integrated with multiple test beds that simulate the nation's critical infrastructure. The fundamental mission of the Test Bed is to provide industry owner/operators, system vendors, and multi-agency partners of the INL National Security Division a platform for vulnerability assessments of control systems. The Input/Output (I/O) upgrade to the Test Bed (see Work Package 3.1 of the FY-05 Annual Work Plan) will provide for the expansion of assessment capabilities within the IORC facility. It will also provide capabilities to connect test beds within the Test Range and other Laboratory resources. This will allow real time I/O data input and communication channels for full replications of control systems (Process Control Systems [PCS], Supervisory Control and Data Acquisition Systems [SCADA], and components). This will be accomplished through the design and implementation of a modular infrastructure of control system, communications, networking, computing and associated equipment, and measurement/control devices. The architecture upgrade will provide a flexible patching system providing a quick ''plug and play''configuration through various communication paths to gain access to live I/O running over specific protocols. This will allow for in-depth assessments of control systems in a true-to-life environment. The full I/O upgrade will be completed through a two-phased approach. Phase I, funded by DHS, expands the capabilities of the Test Bed by developing an operational control system in two functional areas, the Science & Technology Applications Research (STAR) Facility and the expansion of various portions of the Test Bed. Phase II (see Appendix A), funded by other programs, will complete the full I/O upgrade to the facility

Issues common to Australian critical infrastructure providers scada networks discovered through computer and network vulnerability analysis

This paper reports on generic issues discovered as a result of conducting computer and network vulnerability assessments (CNVA) on Australian critical infrastructure providers. Generic issues discovered included policy, governance, IT specific such as segregation, patching and updating. Physical security was also lacking in some cases. Another issue was that previous security audits had failed to identify any of these issues. Of major concern is that despite education and awareness programs, and a body of knowledge referring to these issues, they are still occurring. It may be necessary for the federal government to force organisations to undergo computer and network vulnerability assessment from recognised experts on a regular basis

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Vulnerability reduction of infrastructure reconstruction projects

Various infrastructure segments of numerous countries have been repeatedly subjected to natural and man-made disasters. The potential reason of damaging infrastructure facilities and their services is resultant disaster risks due to natural or man-made hazards connect with vulnerable infrastructure facilities and vulnerable communities. The simplest way to prevent or mitigate disaster losses is addressing vulnerabilities. The main study based on which this paper was compiled aimed at exploring and investigating the vulnerabilities of infrastructures and communities benefited from infrastructures and possible solutions to overcome them. This paper presents the literature review conducted on vulnerabilities of infrastructures and empirical evidence collated on best possible DRR strategies to overcome such vulnerabilities of infrastructures. The main study was conducted using case study strategy and the expert interviews. This paper is entirely based on the data collated from the expert interviews conducted in Sri Lanka and United Kingdom. The expert interviews discovered various DRR strategies to overcome the vulnerabilities of the infrastructure project