A survey on cyber security for smart grid communications

A smart grid is a new form of electricity network with high fidelity power-flow control, self-healing, and energy reliability and energy security using digital communications and control technology. To upgrade an existing power grid into a smart grid, it requires significant dependence on intelligent and secure communication infrastructures. It requires security frameworks for distributed communications, pervasive computing and sensing technologies in smart grid. However, as many of the communication technologies currently recommended to use by a smart grid is vulnerable in cyber security, it could lead to unreliable system operations, causing unnecessary expenditure, even consequential disaster to both utilities and consumers. In this paper, we summarize the cyber security requirements and the possible vulnerabilities in smart grid communications and survey the current solutions on cyber security for smart grid communications. © 2012 IEEE

Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems

The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition (SCADA) systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of "nightmare" scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes (1) critical/noncritical combination verification, (2) cascade confirmation, and (3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies

An integrated risk analysis framework for safety and cybersecurity of industrial SCADA system

The industrial control system (ICS) refers to a collection of various types of control systems commonly found in industrial sectors and critical infrastructures such as energy, oil and gas, transportation, and manufacturing. The supervisory control and data acquisition (SCADA) system is a type of ICS that controls and monitors operations and industrial processes scattered across a large geographic area. SCADA systems are relying on information and communication technology to improve the efficiency of operations. This integration means that SCADA systems are targeted by the same threats and vulnerabilities that affect ICT assets. This means that the cybersecurity problem in SCADA system is exacerbated by the IT heritage issue. If the control system is compromised due to this connection, serious consequences may follow. This leads to the necessity to have an integrated framework that covers both safety and security risk analysis in this context. This thesis proposes an integrated risk analysis framework that comprise of four stages, and that build on the advances of risk science and industry standards, to improve understanding of SCADA system complexity, and manage risks considering process safety and cybersecurity in a holistic approach. The suggested framework is committed to improving safety and security risk analysis by examining the expected consequences through integrated risk identifications and identifying adequate safeguards and countermeasures to defend cyber-attack scenarios. A simplified SCADA system and an undesirable scenario of overpressure in the pipeline are presented in which the relevant stages of the framework are applied

The industrial internet of things (IIoT) : an analysis framework

Historically, Industrial Automation and Control Systems (IACS) were largely isolated from conventional digital networks such as enterprise ICT environments. Where connectivity was required, a zoned architecture was adopted, with firewalls and/or demilitarized zones used to protect the core control system components. The adoption and deployment of ‘Internet of Things’ (IoT) technologies is leading to architectural changes to IACS, including greater connectivity to industrial systems. This paper reviews what is meant by Industrial IoT (IIoT) and relationships to concepts such as cyber-physical systems and Industry 4.0. The paper develops a definition of IIoT and analyses related partial IoT taxonomies. It develops an analysis framework for IIoT that can be used to enumerate and characterise IIoT devices when studying system architectures and analysing security threats and vulnerabilities. The paper concludes by identifying some gaps in the literature

Securing industrial control system environments: the missing piece

Cyberattacks on industrial control systems (ICSs) are no longer matters of anticipation. These systems are continually subject to malicious attacks without much resistance. Network breaches, data theft, denial of service, and command and control functions are examples of common attacks on ICSs. Despite available security solutions, safety, security, resilience, and performance require both private public sectors to step-up strategies to address increasing security concerns on ICSs. This paper reviews the ICS security risk landscape, including current security solution strategies in order to determine the gaps and limitations for effective mitigation. Notable issues point to a greater emphasis on technology security while discounting people and processes attributes. This is clearly incongruent with; emerging security risk trends, the biased security strategy of focusing more on supervisory control and data acquisition systems, and the emergence of more sector-specific solutions as against generic security solutions. Better solutions need to include approaches that follow similar patterns as the problem trend. These include security measures that are evolutionary by design in response to security risk dynamics. Solutions that recognize and include; people, process and technology security enhancement into asingle system, and addressing all three-entity vulnerabilities can provide a better solution for ICS environments

To Deceive or not Deceive: Unveiling The Adoption Determinants Of Defensive Cyber Deception in Norwegian Organizations

Due to the prevailing threat landscape in Norway, it is imperative for organizations to safe- guard their infrastructures against cyber threats. One of the technologies that is advan- tageous against these threats is defensive cyber deception, which is an approach in cyber security that aims to be proactive, to interact with the attackers, trick them, deceive them and use this to the defenders advantage. This type of technology can help organizations defend against sophisticated threat actors that are able to avoid more traditional defensive mechanisms, such as Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). In order to aid the adoption of defensive cyber deception in Norway, we asked the question: "What affects the adoption of defensive cyber deception in organizations in Nor- way?". To answer this question, we utilized the Technology, Organization, and Environment (TOE) Framework to identity what factors affect an organization’s adoption of defensive cyber deception. Through our use of the framework, we identified eighteen different factors which affect an organization’s adoption of defensive cyber deception. These factors are the product of the empirical data analysis from eight different semi-structured interview with individuals from six different organizations in Norway. The main theoretical implications of our research is the introduction of a TOE model for defensive cyber deception, focusing specifically on organizations in Norway as well as contributing with a maturity estimate model for defensive cyber deception. For the practical implications of our research, we have identified seven different benefits that defensive cyber deception provides. We are also con- tributing to raising the awareness of defensive cyber deception in Norwegian research and we hope that our TOE model can aid organizations that are considering adopting the tech- nology. We hope that these implications and contributions can act as a spark for both the adoption of defensive cyber deception in organizations as well as the start of a new wave for the cyber security researchers within Norway. Keywords: Cyber Security, Defensive Cyber Deception, TOE Framework, Adoptio

To Deceive or not Deceive: Unveiling The Adoption Determinants Of Defensive Cyber Deception in Norwegian Organizations

Due to the prevailing threat landscape in Norway, it is imperative for organizations to safeguard their infrastructures against cyber threats. One of the technologies that is advantageous against these threats is defensive cyber deception, which is an approach in cyber security that aims to be proactive, to interact with the attackers, trick them, deceive them and use this to the defenders advantage. This type of technology can help organizations defend against sophisticated threat actors that are able to avoid more traditional defensive mechanisms, such as Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). In order to aid the adoption of defensive cyber deception in Norway, we asked the question: "What affects the adoption of defensive cyber deception in organizations in Norway?". To answer this question, we utilized the Technology, Organization, and Environment (TOE) Framework to identity what factors affect an organization's adoption of defensive cyber deception. Through our use of the framework, we identified eighteen different factors which affect an organization's adoption of defensive cyber deception. These factors are the product of the empirical data analysis from eight different semi-structured interview with individuals from six different organizations in Norway. The main theoretical implications of our research is the introduction of a TOE model for defensive cyber deception, focusing specifically on organizations in Norway as well as contributing with a maturity estimate model for defensive cyber deception. For the practical implications of our research, we have identified seven different benefits that defensive cyber deception provides. We are also contributing to raising the awareness of defensive cyber deception in Norwegian research and we hope that our TOE model can aid organizations that are considering adopting the technology. We hope that these implications and contributions can act as a spark for both the adoption of defensive cyber deception in organizations as well as the start of a new wave for the cyber security researchers within Norway. Keywords: Cyber Security, Defensive Cyber Deception, TOE Framework, Adoptio

A Graphical Adversarial Risk Analysis Model for Oil and Gas Drilling Cybersecurity

Oil and gas drilling is based, increasingly, on operational technology, whose cybersecurity is complicated by several challenges. We propose a graphical model for cybersecurity risk assessment based on Adversarial Risk Analysis to face those challenges. We also provide an example of the model in the context of an offshore drilling rig. The proposed model provides a more formal and comprehensive analysis of risks, still using the standard business language based on decisions, risks, and value.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

An Integrated Cybersecurity Risk Management (I-CSRM) Framework for Critical Infrastructure Protection

Risk management plays a vital role in tackling cyber threats within the Cyber-Physical System (CPS) for overall system resilience. It enables identifying critical assets, vulnerabilities, and threats and determining suitable proactive control measures to tackle the risks. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This research aims for an effective Cyber Security Risk Management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and Comprehensive Assessment Model (CAM) for evaluating the effectiveness of the existing controls. The proposed approach considers relevant CSRM concepts such as threat actor attack pattern, Tactic, Technique and Procedure (TTP), controls and assets and maps these concepts with the VERIS community dataset (VCDB) features for the purpose of risk predication. Also, the tool serves as an additional component of the proposed framework that enables asset criticality, risk and control effectiveness calculation for a continuous risk assessment. Lastly, the thesis employs a case study to validate the proposed i-CSRM framework and i-CSRMT in terms of applicability. Stakeholder feedback is collected and evaluated using critical criteria such as ease of use, relevance, and usability. The analysis results illustrate the validity and acceptability of both the framework and tool for an effective risk management practice within a real-world environment. The experimental results reveal that using the fuzzy set theory in assessing assets' criticality, supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers’ have shown exemplary performance in predicting different risk types including denial of service, cyber espionage, and Crimeware. An accurate prediction can help organisations model uncertainty with machine learning classifiers, detect frequent cyber-attacks, affected assets, risk types, and employ the necessary corrective actions for its mitigations. Lastly, to evaluate the effectiveness of the existing controls, the CAM approach is used, and the result shows that some controls such as network intrusion, authentication, and anti-virus show high efficacy in controlling or reducing risks. Evaluating control effectiveness helps organisations to know how effective the controls are in reducing or preventing any form of risk before an attack occurs. Also, organisations can implement new controls earlier. The main advantage of using the CAM approach is that the parameters used are objective, consistent and applicable to CPS