Pub Date : 2018-08-01DOI: 10.1109/RWEEK.2018.8473549
N. Jacobs, S. Hossain-McKenzie, E. Vugrin
Control systems for critical infrastructure are becoming increasingly interconnected while cyber threats against critical infrastructure are becoming more sophisticated and difficult to defend against. Historically, cyber security has emphasized building defenses to prevent loss of confidentiality, integrity, and availability in digital information and systems, but in recent years cyber attacks have demonstrated that no system is impenetrable and that control system operation may be detrimentally impacted. Cyber resilience has emerged as a complementary priority that seeks to ensure that digital systems can maintain essential performance levels, even while capabilities are degraded by a cyber attack. This paper examines how cyber security and cyber resilience may be measured and quantified in a control system environment. Load Frequency Control is used as an illustrative example to demonstrate how cyber attacks may be represented within mathematical models of control systems, to demonstrate how these events may be quantitatively measured in terms of cyber security or cyber resilience, and the differences and similarities between the two mindsets. These results demonstrate how various metrics are applied, the extent of their usability, and how it is important to analyze cyber-physical systems in a comprehensive manner that accounts for all the various parts of the system.
{"title":"Measurement and Analysis of Cyber Resilience for Control Systems: An Illustrative Example","authors":"N. Jacobs, S. Hossain-McKenzie, E. Vugrin","doi":"10.1109/RWEEK.2018.8473549","DOIUrl":"https://doi.org/10.1109/RWEEK.2018.8473549","url":null,"abstract":"Control systems for critical infrastructure are becoming increasingly interconnected while cyber threats against critical infrastructure are becoming more sophisticated and difficult to defend against. Historically, cyber security has emphasized building defenses to prevent loss of confidentiality, integrity, and availability in digital information and systems, but in recent years cyber attacks have demonstrated that no system is impenetrable and that control system operation may be detrimentally impacted. Cyber resilience has emerged as a complementary priority that seeks to ensure that digital systems can maintain essential performance levels, even while capabilities are degraded by a cyber attack. This paper examines how cyber security and cyber resilience may be measured and quantified in a control system environment. Load Frequency Control is used as an illustrative example to demonstrate how cyber attacks may be represented within mathematical models of control systems, to demonstrate how these events may be quantitatively measured in terms of cyber security or cyber resilience, and the differences and similarities between the two mindsets. These results demonstrate how various metrics are applied, the extent of their usability, and how it is important to analyze cyber-physical systems in a comprehensive manner that accounts for all the various parts of the system.","PeriodicalId":206638,"journal":{"name":"2018 Resilience Week (RWS)","volume":"306 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121287444","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/RWEEK.2018.8473517
M. Mylrea, S. Gourisetti
The U.S. power grid is a complex system of systems that requires a trustworthy, reliable, and secure global supply chain. A formidable challenge considering the increasing number of networked industrial control systems (ICS) and energy delivery systems (EDS) and growing number of intermediary distributors, vendors and integrators involved. Grid modernization has increased the use of “smart” energy devices that automate, digitize, network, and bring together the cyber-physical energy supply chain. In the current Energy Internet of Things (EIoT) environment, the growth of data speed and size requirements as well as the number of critical cyber assets has generated new North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance requirements and cyber supply chain security challenges for vendors, regulators, and utilities. The issuance of Order No. 829 by the Federal Energy Regulatory Commission (FERC) instructed the North American Electric Reliability Corporation (NERC) to confront cybersecurity supply chain risk management for ICS software and hardware, as well as the networking and computing services associated with Bulk Electric System (BES) operations. To meet these goals, current technology and processes must be improved to better identify, monitor, and audit vulnerable EIoT environments. This paper examines how blockchain technology can enable NERC CIP compliance as well as aid in the security of the BES supply chain through an immutable cryptographically signed distributed ledger that allows for improved data security, provenance and auditability.
{"title":"Blockchain for Supply Chain Cybersecurity, Optimization and Compliance","authors":"M. Mylrea, S. Gourisetti","doi":"10.1109/RWEEK.2018.8473517","DOIUrl":"https://doi.org/10.1109/RWEEK.2018.8473517","url":null,"abstract":"The U.S. power grid is a complex system of systems that requires a trustworthy, reliable, and secure global supply chain. A formidable challenge considering the increasing number of networked industrial control systems (ICS) and energy delivery systems (EDS) and growing number of intermediary distributors, vendors and integrators involved. Grid modernization has increased the use of “smart” energy devices that automate, digitize, network, and bring together the cyber-physical energy supply chain. In the current Energy Internet of Things (EIoT) environment, the growth of data speed and size requirements as well as the number of critical cyber assets has generated new North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance requirements and cyber supply chain security challenges for vendors, regulators, and utilities. The issuance of Order No. 829 by the Federal Energy Regulatory Commission (FERC) instructed the North American Electric Reliability Corporation (NERC) to confront cybersecurity supply chain risk management for ICS software and hardware, as well as the networking and computing services associated with Bulk Electric System (BES) operations. To meet these goals, current technology and processes must be improved to better identify, monitor, and audit vulnerable EIoT environments. This paper examines how blockchain technology can enable NERC CIP compliance as well as aid in the security of the BES supply chain through an immutable cryptographically signed distributed ledger that allows for improved data security, provenance and auditability.","PeriodicalId":206638,"journal":{"name":"2018 Resilience Week (RWS)","volume":"117 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124145729","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/RWEEK.2018.8473509
Rakesh M. Verma, D. Crane., O. Gnawali
Hurricane Harvey was a major disaster that struck Texas in August 2017. We wondered whether such disasters are being exploited by phishers, as phishing is one of the most popular attacks. In October 2017, we surveyed the University of Houston population to study their experiences and behavior during/after the storm. Over 300 responses were received. This paper discusses our study design and the results from that survey. Results show that the storm did cause about 6.3% of the participants to change their behavior, i.e., they clicked on links or downloaded attachments they normally would NOT have. An analysis using the symmetric Jensen-Shannon divergence shows that the increased email volume and the timing of arrival or non-arrival of hurricane-related spam had the biggest impacts.
{"title":"Phishing During and After Disaster: Hurricane Harvey","authors":"Rakesh M. Verma, D. Crane., O. Gnawali","doi":"10.1109/RWEEK.2018.8473509","DOIUrl":"https://doi.org/10.1109/RWEEK.2018.8473509","url":null,"abstract":"Hurricane Harvey was a major disaster that struck Texas in August 2017. We wondered whether such disasters are being exploited by phishers, as phishing is one of the most popular attacks. In October 2017, we surveyed the University of Houston population to study their experiences and behavior during/after the storm. Over 300 responses were received. This paper discusses our study design and the results from that survey. Results show that the storm did cause about 6.3% of the participants to change their behavior, i.e., they clicked on links or downloaded attachments they normally would NOT have. An analysis using the symmetric Jensen-Shannon divergence shows that the increased email volume and the timing of arrival or non-arrival of hurricane-related spam had the biggest impacts.","PeriodicalId":206638,"journal":{"name":"2018 Resilience Week (RWS)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134273062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/RWEEK.2018.8473465
Will Nichols, P. Hawrylak, John Hale, M. Papa
Hybrid attack graphs are a powerful tool when analyzing the cybersecurity of a cyber-physical system. However, it is important to ensure that this tool correctly models reality, particularly when modelling safety-critical applications, such as a nuclear reactor. By automatically verifying that a simulation reaches the state predicted by an attack graph by analyzing the final state of the simulation, this verification procedure can be accomplished. As such, a mechanism to estimate if a simulation reaches the expected state in a hybrid attack graph is proposed here for the nuclear reactor domain.
{"title":"Methodology to Estimate Attack Graph System State from a Simulation of a Nuclear Research Reactor","authors":"Will Nichols, P. Hawrylak, John Hale, M. Papa","doi":"10.1109/RWEEK.2018.8473465","DOIUrl":"https://doi.org/10.1109/RWEEK.2018.8473465","url":null,"abstract":"Hybrid attack graphs are a powerful tool when analyzing the cybersecurity of a cyber-physical system. However, it is important to ensure that this tool correctly models reality, particularly when modelling safety-critical applications, such as a nuclear reactor. By automatically verifying that a simulation reaches the state predicted by an attack graph by analyzing the final state of the simulation, this verification procedure can be accomplished. As such, a mechanism to estimate if a simulation reaches the expected state in a hybrid attack graph is proposed here for the nuclear reactor domain.","PeriodicalId":206638,"journal":{"name":"2018 Resilience Week (RWS)","volume":"264 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122662875","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/RWEEK.2018.8473536
R. Nuqui, Junho Hong, A. Kondabathini, D. Ishchenko, D. Coats
Modern power systems today are protected and controlled increasingly by embedded systems of computing technologies with a great degree of collaboration enabled by communication. Energy cyber-physical systems such as power systems infrastructures are increasingly vulnerable to cyber-attacks on the protection and control layer. We present a method of securing protective relays from malicious change in protective relay settings via collaboration of devices. Each device checks the proposed setting changes of its neighboring devices for consistency and coordination with its own settings using setting rules based on relay coordination principles. The method is enabled via peer-to-peer communication between IEDs. It is validated in a cyber-physical test bed containing a real time digital simulator and actual relays that communicate via IEC 61850 GOOSE messages. Test results showed improvement in cyber physical security by using domain based rules to block malicious changes in protection settings caused by simulated cyber-attacks. The method promotes the use of defense systems that are aware of the physical systems which they are designed to secure.
{"title":"A Collaborative Defense for Securing Protective Relay Settings in Electrical Cyber Physical Systems","authors":"R. Nuqui, Junho Hong, A. Kondabathini, D. Ishchenko, D. Coats","doi":"10.1109/RWEEK.2018.8473536","DOIUrl":"https://doi.org/10.1109/RWEEK.2018.8473536","url":null,"abstract":"Modern power systems today are protected and controlled increasingly by embedded systems of computing technologies with a great degree of collaboration enabled by communication. Energy cyber-physical systems such as power systems infrastructures are increasingly vulnerable to cyber-attacks on the protection and control layer. We present a method of securing protective relays from malicious change in protective relay settings via collaboration of devices. Each device checks the proposed setting changes of its neighboring devices for consistency and coordination with its own settings using setting rules based on relay coordination principles. The method is enabled via peer-to-peer communication between IEDs. It is validated in a cyber-physical test bed containing a real time digital simulator and actual relays that communicate via IEC 61850 GOOSE messages. Test results showed improvement in cyber physical security by using domain based rules to block malicious changes in protection settings caused by simulated cyber-attacks. The method promotes the use of defense systems that are aware of the physical systems which they are designed to secure.","PeriodicalId":206638,"journal":{"name":"2018 Resilience Week (RWS)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114923650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/RWEEK.2018.8473535
Kasun Amarasinghe, Chathurika S. Wickramasinghe, Daniel L. Marino, C. Rieger, Milos Manicl
Modern infrastructure is heavily reliant on systems with interconnected computational and physical resources, named Cyber-Physical Systems (CPSs). Hence, building resilient CPSs is a prime need and continuous monitoring of the CPS operational health is essential for improving resilience. This paper presents a framework for calculating and monitoring of health in CPSs using data driven techniques. The main advantages of this data driven methodology is that the ability of leveraging heterogeneous data streams that are available from the CPSs and the ability of performing the monitoring with minimal a priori domain knowledge. The main objective of the framework is to warn the operators of any degradation in cyber, physical or overall health of the CPS. The framework consists of four components: 1) Data acquisition and feature extraction, 2) state identification and real time state estimation, 3) cyber-physical health calculation and 4) operator warning generation. Further, this paper presents an initial implementation of the first three phases of the framework on a CPS testbed involving a Microgrid simulation and a cyber-network which connects the grid with its controller. The feature extraction method and the use of unsupervised learning algorithms are discussed. Experimental results are presented for the first two phases and the results showed that the data reflected different operating states and visualization techniques can be used to extract the relationships in data features.
{"title":"Framework for Data Driven Health Monitoring of Cyber-Physical Systems","authors":"Kasun Amarasinghe, Chathurika S. Wickramasinghe, Daniel L. Marino, C. Rieger, Milos Manicl","doi":"10.1109/RWEEK.2018.8473535","DOIUrl":"https://doi.org/10.1109/RWEEK.2018.8473535","url":null,"abstract":"Modern infrastructure is heavily reliant on systems with interconnected computational and physical resources, named Cyber-Physical Systems (CPSs). Hence, building resilient CPSs is a prime need and continuous monitoring of the CPS operational health is essential for improving resilience. This paper presents a framework for calculating and monitoring of health in CPSs using data driven techniques. The main advantages of this data driven methodology is that the ability of leveraging heterogeneous data streams that are available from the CPSs and the ability of performing the monitoring with minimal a priori domain knowledge. The main objective of the framework is to warn the operators of any degradation in cyber, physical or overall health of the CPS. The framework consists of four components: 1) Data acquisition and feature extraction, 2) state identification and real time state estimation, 3) cyber-physical health calculation and 4) operator warning generation. Further, this paper presents an initial implementation of the first three phases of the framework on a CPS testbed involving a Microgrid simulation and a cyber-network which connects the grid with its controller. The feature extraction method and the use of unsupervised learning algorithms are discussed. Experimental results are presented for the first two phases and the results showed that the data reflected different operating states and visualization techniques can be used to extract the relationships in data features.","PeriodicalId":206638,"journal":{"name":"2018 Resilience Week (RWS)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122026710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/RWEEK.2018.8473551
T. Pratt, Eric M. Jesse, Joseph L. Loof
Spectrum sharing is enabled through different strategies at the physical and medium access layers, including reduction of the required average transmit energy per good bit. In this work, we propose a preamble-free communications technique that is feasible with coherent MIMO systems. At the transmitter, packets comprising multicarrier symbols with cyclic prefixes are transmitted, but without preambles typically required for channel estimation and carrier frequency offset estimation. At the receiver, classification methods are used to demodulate the signal without need for channel estimation. We illustrate the approach for a simple coherent MIMO technique, binary PolSK, and demonstrate its efficacy by demodulating preamble-free packets transmitted in over-the-air experiments in multi-path channels.
{"title":"Preamble-Free Binary Polarization Shift Keying in Frequency Selective Channels","authors":"T. Pratt, Eric M. Jesse, Joseph L. Loof","doi":"10.1109/RWEEK.2018.8473551","DOIUrl":"https://doi.org/10.1109/RWEEK.2018.8473551","url":null,"abstract":"Spectrum sharing is enabled through different strategies at the physical and medium access layers, including reduction of the required average transmit energy per good bit. In this work, we propose a preamble-free communications technique that is feasible with coherent MIMO systems. At the transmitter, packets comprising multicarrier symbols with cyclic prefixes are transmitted, but without preambles typically required for channel estimation and carrier frequency offset estimation. At the receiver, classification methods are used to demodulate the signal without need for channel estimation. We illustrate the approach for a simple coherent MIMO technique, binary PolSK, and demonstrate its efficacy by demodulating preamble-free packets transmitted in over-the-air experiments in multi-path channels.","PeriodicalId":206638,"journal":{"name":"2018 Resilience Week (RWS)","volume":"95 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116724625","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: