Quantitative Resilience Assessment of Critical Infrastructures using High-Performance Simulations

Accessing the resilience of large cyber-physical systems (LCPS) is essential for ensuring the continuity of operations and minimising the impact of disruptions caused by natural disasters, cyberattacks, and other stressful events. Recent empirical studies of LCPS have demonstrated the usefulness of modelling and simulation in assessing properties that emerge from component interactions, including resilience. However, the sheer complexity of CIs poses challenges for modellers: 1) Resilience assessment requires high-fidelity models that include a probabilistic model of the system and adverse events of interest, such as accidental failures or malicious activities, and a physics simulation model of LCPS processes, such as power/liquid/gas flows. 2) Assessing resilience with high statistical significance requires a systematic exploration of the space of possible adverse events and recovery from their effects. Exploring this space requires a significant amount of effort. This work offers solutions intended to help modellers overcome these difficulties by using the recent advances in modelling LCPSs and high-performance computing: i) It offers a new modelling methodology for building agent-based hybrid hierarchical stochastic models using a new domain-specific language. The new modelling approach allows easy integration of a) a variety of modelling formalisms used to model cyber-attacks on CI/LCPS; and b) a set of deterministic models, as needed by the chosen level of fidelity and specific for the modelled CI. However, the deterministic models are not the focus of this work. Such models are assumed to exist in software available from third-party vendors. ii) It presents a set of tools to support this methodology: the visual modeller and an extensible Monte Carlo simulation engine designed to utilise high-performance and cloud computing capabilities. The engine and the editor utilise modern development practices and technologies to provide a state-of-the-art solution. This thesis provides a survey of the relevant literature, summarises the progress with the modelling methodology, and presents the results published to date with case studies based on an extended Nordic32, a reference architecture of a power transmission network with the SCADA subsystem. The studies explore the effects caused by adversaries targeting IT infrastructure and demonstrate the application of a defence-in-depth approach to reduce the effects of these attacks

Tool Support for Assurance Case Building Blocks, Providing a Helping Hand with CAE

This paper presents a tool for structuring arguments in assurance cases. The tool is designed to support the methodology of Claims-Arguments-Evidence (CAE) Building Blocks that provides a series of archetypal CAE fragments to help structure cases more formally and systematically. It assists with the de-velopment and maintenance of structured assurance cases by providing facil-ities to manage CAE blocks and partially automate the generation of claim structures. In addition to the tool, new visual guidelines called “Helping hand” is provided to assist in applying the building blocks. The tool has been implemented on the Adelard ASCE platform. The target users are assurance case developers and reviewers. The tool and associated methodology can also be useful for people learning how to structure cases in a more rigorous and systematic manner

Using Structured Assurance Case Approach to Analyse Security and Reliability of Critical Infrastructures

The evaluation of the security, reliability and resilience of critical infrastruc-tures (CI) faces a wide range of challenges ranging from the scale and tempo of attacks to the need to address complex and interdependent systems of sys-tems. Model-based approaches and probabilistic design are fundamental to the evaluation of CI and we need to know whether we can trust these mod-els. This paper presents an approach we are developing to justify the models used to assure CI using structured assurance cases based on Claims, Argu-ments and Evidence (CAE). The modelling and quantitative evaluation of the properties are supported by the Preliminary Interdependency Analysis (PIA) method and platform applied to a case study – a reference power transmission network enhanced with an industrial distributed system of monitoring, protection and control. We discuss the usefulness of the model-ling and assurance case structuring approaches, some findings from the case study, and outline the directions of further work

Model-based Evaluation of the Resilience of Critical Infrastructures under Cyber Attacks

In this paper we report recent results on modelling the impact of cy-ber-attacks on the resilience of complex industrial systems. We use a hybrid model of the system under study in which the accidental failures and the mali-cious behaviour of the Adversary are modelled stochastically, while the conse-quences of failures and attacks are modelled in detail using deterministic mod-els. This modelling approach is demonstrated on a complex case study - a refer-ence power transmission network (NORDIC 32), enhanced with a detailed model of the computer and communication network used for monitoring, pro-tection and control compliant with the international standard IEC 61850. We studied the resilience of the modelled system under different scenarios: i) a base-line scenario in which the modelled system operates in the presence of ac-cidental failures without cyber-attacks; ii) several different scenarios of cyber-attacks. We discuss the usefulness of the modelling approach, of the findings, and outline directions for further work

Quantitative Evaluation of the Efficacy of Defence-in-Depth in Critical Infrastructures

This chapter reports on a model-based approach to assessing cyber-risks in a cyber-physical system (CPS), such as power-transmission systems. We demonstrate that quantitative cyber-risk assessment, despite its inherent difficulties, is feasible. In this regard: i) we give experimental evidence (using Monte-Carlo simulation) showing that the losses from a specific cyber-attack type can be established accurately using an abstract model of cyber-attacks – a model constructed without taking into account the details of the specific attack used in the study; ii) we establish the benefits from deploying defence-in-depth (DiD) against failures and cyber-attacks for two types of attackers: a) an attacker unaware of the nature of DiD, and b) an attacker who knows in detail the DiD they face in a particular deployment, and launches attacks sufficient to defeat DiD. This study provides some insight into the benefits of combining design-diversity – to harden some of the protection devices in a CPS – with periodic “proactive recovery” of protection devices. The results are discussed in the context of making evidence-based decisions about maximising the benefits from DiD in a particular CPS

HPS: High Performance Simulation Engine of cyber-physical systems

HPS is a high-performance agent-based simulation engine, used for stochastic simulation of complex cyber-physical systems (CPS). A CPS is defined as a network of probabilistic state machines, a set of determinisitic models (e.g. flow models defined for the CPS) and a model of an Adversary (i.e. cyber-attackers). The engine is written in Golang and can be embedded into an application or a service or can be started as a stand alone application from the command-line. The base component of the model is a state machine, which resides within an environment. The state machine can be implemented in various ways: as a Markov state machine, as a hierarchical composition of Markov state machines, or as an engine plugin. The .zip file includes the engine itself and a set of models (json files), related to NORDIC-32, a well-known Power transmission system, extended with a models of SCADA and of sub-stations instrumentation/measurement, compliant with IEC 61850. The archive also includes the results of some of the analyses completed to date