STPA-SafeSec: Safety and Security Analysis for Cyber-Physical Systems

AbstractCyber-physical systems tightly integrate physical processes and information and communication technologies. As today's critical infrastructures, e.g., the power grid or water distribution networks, are complex cyber-physical systems, ensuring their safety and security becomes of paramount importance. Traditional safety analysis methods, such as HAZOP, are ill-suited to assess these systems. Furthermore, cybersecurity vulnerabilities are often not considered critical, because their effects on the physical processes are not fully understood. In this work, we present STPA-SafeSec, a novel analysis methodology for both safety and security. Its results show the dependencies between cybersecurity vulnerabilities and system safety. Using this information, the most effective mitigation strategies to ensure safety and security of the system can be readily identified. We apply STPA-SafeSec to a use case in the power grid domain, and highlight its benefits

Anomaly detection through massive event correlation in ICT networks

Zsfassung in dt. Sprache. - Literaturverz. S. 111 - 113Mit der Entwicklung und dem verbreiteten Einsatz von Informations- und Kommunikationsnetzwerken stieg auch der Umfang und die Komplexität von Attacken in diesen Netzwerken. Jüngste Vorfälle zeigen, dass aktuelle Sicherheitssysteme nicht ausreichen, um gezielte und gut vorbereitete Angriffe zu verhindern. War eine Attacke erst erfolgreich, ist eine zeitnahe Erkennung wichtig um die Auswirkungen einzudämmen. Mit der verbreiteten Anwendung von Internet Protokollen im Bereich von -Supervisory and Data Acquisistion- (SCADA) Systemen sind industrielle Netzwerke oft schon jetzt den selben Bedrohungen ausgesetzt wie herkömmliche, vernetzte Systeme. Diese Arbeit präsentiert einen neuartigen Anomalieerkennungsansatz. Dieser basiert auf der zeitlichen Korrelaion von Log-Datein verschiedener Systeme in einem überwachten Netzwerk. Das System generiert ein Modell, welches das normale Verhalten verscheidener Komponenten im überwachten System beschreibt. Dabei verlässt sich das System nicht auf vordefinierte Regeln und benötigt auch kein Wissen über Syntax oder Semantik der Log-Zeilen, die es verarbeiten muss. Stattdessen wird das Model auf Basis der verarbeiteten Zeilen erstellt und fortlaufend weiterentwickelt, solange das Netzwerk überwacht wird. Ein vollständig kontrolliertes Netzwerk wird verwendet, um Testdaten zu generieren, die frei von Anomalien sind. Anhand dieser Testdaten wird gezeigt, dass das generierte Model in der Lage ist, aussagekräftige Teilmengen der verarbeiteten Zeilen zu unterscheiden. Diese Teilmengen werden weiters verwendet, um zu zeigen, dass auch Implikationen zwischen Ereignissen verschiedener, verteilter Komponenten erkannt werden. Basierend auf einem semi-synthetischen Datensatz, in dem Anomalien eingebaut sind, wird die Anwendbarkeit des Ansatzes in herkömmlichen IT-Netzwerken demonstriert. Weiters wird anhand eines Datensatzes aus dem Produktivsystem eines österreichischen Energieanbieters die Eignung im SCADA Bereich gezeigt.As Information and Communication Technology (ICT) networks and their complexity evolved, so did the goals and the technical processes of attacks. Recent security incidents show that current security mechanisms are often not sufficient to prohibit targeted attacks. If an attack on a system is successful timely detection is critical to mitigate its impact. With the increasing use of common Internet protocols in connection with Supervisory Control and Data Acquisition (SCADA) systems, industrial networks are exposed to the same threats as corporate networks. This work proposes a novel anomaly detection approach, based on the timely correlation and analysis of log-files from various sources in a monitored network. The framework builds a system model that describes the normal behaviour of the different components in the monitored network. It does not rely on any information about syntax or semantics of the processed log-lines. Instead, the model is generated based on the processed information and constantly evolves while the system is monitoring the network. Using data from a controlled ICT network, this thesis shows that the generated model distinguishes meaningful subsets of log-files, and is able to model complex implications between different network components. An evaluation based on semi-synthetic log-data demonstrates the application of the approach in common ICT networks. Additionally, real-world data from a utility provider is used to demonstrate the system-s application in the domain of SCADA systems.11

A Cyber-Physical Security Analysis of Synchronous-Islanded Microgrid Operation

Cyber-security research in the field of smart grids is often performed with a focus on either the power and control domain or the Information and Communications Technology (ICT) domain. The characteristics of the power equipment or ICT domain are commonly not collectively considered. This work provides an analysis of the physical effects of cyber-attacks on microgrids – a smart grid construct that allows continued power supply when disconnected from a main grid. Different types of microgrid operations are explained (connected, islanded and synchronous-islanding) and potential cyber-attacks and their physical effects are analyzed. A testbed that is based on physical power and ICT equipment is presented to validate the results in both the physical and ICT domain

Evidential Network Modeling for Cyber-Physical System State Inference

Cyber-physical systems (CPSs) have dependability requirements that are associated with controlling a physical process. Cyber-attacks can result in those requirements not being met. Consequently, it is important to monitor a CPS in order to identify deviations from normal operation. A major challenge is inferring the cause of these deviations in a trustworthy manner. This is necessary to support the implementation of correct and timely control decisions, in order to mitigate cyber-attacks and other causes of reduced dependability. This paper presents evidential networks as a solution to this problem. Through the evaluation of a representative use case for cyber-physical control systems, this paper shows novel approaches to integrate low-level sensors of different types, in particular those for cyber-attack detection, and reliabilities into evidential networks. The results presented indicate that evidential networks can identify system states with an accuracy that is comparable to approaches that use classical Bayesian probabilities to describe causality. However, in addition, evidential networks provide information about the uncertainty of a derived system state, which is a significant benefit, as it can be used to build trust in the results of automatic reasoning systems

Secure Communications in Smart Grid: Networking and Protocols

The key attributes of a smarter power grid include: pervasive interconnection of smart devices; extensive data generation and collection; and rapid reaction to events across a widely dispersed physical infrastructure. Modern telecommunications technologies are being deployed across power systems to support these monitoring and control capabilities. To enable interoperability, several new communications protocols and standards have been developed over the past 10 to 20 years. These continue to be refined, even as new systems are rolled out.This new hyper-connected communications infrastructure provides an environment rich in sub-systems and physical devices that are attractive to cyber-attackers. Indeed, as smarter grid operations become dependent on interconnectivity, the communications network itself becomes a target. Consequently, we examine cyber-attacks that specifically target communications, particularly state-of-the-art standards and protocols. We further explore approaches and technologies that aim to protect critical communications networks against intrusions, and to monitor for, and detect, intrusions that infiltrate Smart Grid systems