International Journal of Critical Infrastructure Protection最新文献

The stability of power systems is paramount to industrial operations. The deleterious inherent characteristics of false data injection attacks (FDIA) have drawn substantial interest due to their severe threats to power grids. Contemporary detection systems face numerous challenges as attackers employ various tactics, such as injecting complex elements into measurement data and formulating quick attack strategies against critical nodes and transmission lines in the power grid network topology. Conventional models often fail to adapt to the intricacies of practical situations because they focus predominantly on detecting individual components. To overcome the above predicaments, this paper proposes a lightweight detection model integrating deep separable convolutional layers, squeeze neural networks, and a bidirectional long short-term memory architecture named DSE-BiLSTM. The acquisition process of network topological characteristics is accomplished through variable graph attention autoencoder (VGAAE). This approach leverages the effectiveness of the graph convolution (GCN) layer to acquire each node’s topological feature and the graph attention (GAT) module to identify and extract the topological features of critical nodes. Furthermore, the topology information obtained by the both techniques is embedded in one-dimensional vector space in the same form as measurement data. By combining the output of VGAAE with meter measurements, the feature fusion of temporal and spatial modalities is realized. DSE-BiLSTM with optimal hyperparameters achieves an F1-score of 99.56% and a row accuracy (RACC) of 93.10% on the conventional dataset. The experimental results of FDIA detection with composite datasets of IEEE 14-bus and IEEE 118-bus systems show that the F1-score and RACC of DSE-BiLSTM remain above 84.51% and 83.56% under various attack strengths and noise levels. In addition, as the power grid network scales up, noise level’s effect on detection performance decreases, while attack strength’s effect on recognition capability increases. DSE-BiLSTM can effectively process the composite data of spatiotemporal multimodes and provides a feasible solution for the localization and detection of FDIA in realistic scenes.

This comprehensive review paper explores power system resilience, emphasizing its evolution and comparison with reliability. It conducts a thorough analysis of the definition and characteristics of resilience and presents quantitative metrics to assess and quantify power system resilience. Additionally, the paper investigates the relevance of complex network theory in the context of power system resilience. An integral part of this review involves examining the incorporation of data-driven techniques to enhance power system resilience, including the role of predictive analytics. Furthermore, the paper explores recent techniques for resilience enhancement, encompassing both planning and operational methods. Technological innovations such as microgrid deployment, renewable energy integration, peer-to-peer energy trading, automated switches, and mobile energy storage systems are detailed in their role in enhancing power systems against disruptions. The paper also analyzes existing research gaps and challenges, providing future directions for improvements in power system resilience. Thus, it offers a comprehensive understanding that helps improve the ability of distribution systems to withstand and recover from extreme events and disruptions.

Smart meters, being a vital component in the advanced metering infrastructure (AMI), provide an opportunity to remotely monitor and control power usage and act like a bridge between customers and utilities. The installation of millions of smart meters in the power grid is a step forward towards a green transition. However, it also constitutes a massive cybersecurity vulnerability. Cyberattacks on AMI can result in inaccurate billing, energy theft, service disruptions, privacy breaches, network vulnerabilities, and malware distribution. Thus, utility companies should implement robust cyber-security measures to mitigate such risks. In order to assess the impact of cybersecurity breaches on AMI, this paper presents a cyber-attack scenario on grid measurements obtained via smart meters and assesses the stochastic grid estimations under attack. This paper also presents an efficient method for the detection and identification of anomalous data within the power grid by leveraging the distance between measurements and the confidence ellipse centered around the estimated value. To assess the proposed method, a comparative analysis is done against the chi-square test for detection and the largest normalized distribution test for the identification of bad data. Furthermore, by using a Danish low-voltage grid as a base case, this paper introduces two test cases to evaluate the performance of the proposed method under single and multiple-node cyber-attacks on the grid state estimation. Results show a notable improvement in accuracy when using the proposed method. Additionally, based on these numerical results, protective countermeasures are presented for the grid.

The increasing interest in autonomous ships within the maritime industry is driven by the pursuit of revenue optimization, operational efficiency, safety improvement and going greener. However, the industry’s increasing reliance on emerging technologies for the development of autonomous ships extends the attack surface, leaving the underlying ship systems vulnerable to potential exploitation by malicious actors. In response to these emerging challenges, this research extends an existing cyber risk assessment approach called FMECA-ATT&CK based on failure modes, effects and criticality analysis (FMECA), and the MITRE ATT&CK framework. As a part of our work, we have expanded the FMECA-ATT&CK approach to assessing cyber risks related to systems with artificial intelligence components in cyber-enabled autonomous ships (e.g. autonomous engine monitoring and control). This new capability was developed using the information and semantics encoded in the MITRE ATLAS framework. FMECA-ATT&CK has been adopted due to its comprehensive and adaptable nature and its promising venue for supporting continuous cyber risk assessment. It helps evaluate the cyber risks associated with the complex and state-of-the-art operational technologies on board autonomous ships. The cyber risk assessment approach assists cybersecurity experts in aligning mitigation strategies for the cyber defence of autonomous ships. It also contributes towards advancing overall cybersecurity in the maritime industry and ensures the safe and secure sailing of autonomous ships. Our key findings after applying the proposed approach against a model of an autonomous cargo ship is the identification of the Navigation Situation Awareness System (NSAS) of the ship as being at the highest risk followed by the Autonomous Engine Monitoring and Control (AEMC) system. Additionally, we identified 3 high, 48 medium, and 5776 low risks across 29 components.

The recent upsurge in electric vehicle (EV) adoption has led to greener mobility but has also broadened the attack surface due to the increased interconnection between the entities like EV, EV charger, grid etc. We show in this paper that among these entities, the EV charger provides a possible attack surface through the available communication network. Adversaries at a minimum can disrupt the vehicular charging process known as denial of charging (DoC) attack. This attack is demonstrated on the real hardware setup of an EV charging, where we have considered the Bharat EV DC charging standard (BEVC-DC001) adopted by India which uses the controller area network (CAN) bus to communicate between EV charger and EV. The DoC attack can have significant consequences both on the electrical grid as well as individuals. The EV chargers (with connected EV) collectively serve as a large load demand, whose sudden inaccessibility would disrupt the supply–demand balance, triggering over frequency relays to either cause local or national blackout. Such a scenario is presented in this work on a microgrid (MG), in a real-time OPAL-RT environment. Not only can this attack lead to major transportation related problems but would also disrupt medical and emergency services.

Critical maritime infrastructure protection has become a priority in ocean governance, particularly in Europe. Increased geopolitical tensions, regional conflicts, and the Nord Stream pipeline attacks in the Baltic Sea of September 2022 have been the main catalysts for this development. Calls for enhancing critical maritime infrastructure protection have multiplied, yet, what this implies in practice is less clear. This is partially a question of engineering and risk analysis. It also concerns how the multitude of actors involved can act concertedly. Dialogue, information sharing, and coordination are required, but there is a lack of discussion about which institutional set ups would lend themselves. In this article, we argue that the maritime counter-piracy operations off Somalia, as well as maritime cybersecurity governance hold valuable lessons to provide new answers for the institutional question in the critical maritime infrastructure protection agenda. We start by clarifying what is at stake in the CMIP agenda and why it is a major contemporary governance challenge. We then examine and assess the instruments found in maritime counter-piracy and maritime cybersecurity governance, including why and how they provide effective solutions for enhancing critical maritime infrastructure protection. Finally, we assess the ongoing institution building for CMIP in Europe. While we focus on the European experience, our discussion on designing institutions carries forward lessons for CMIP in other regions, too.

This paper investigates the views of practitioners on the decision-making influences and the transnational considerations affecting risk assessment (RA) for critical infrastructure (CI) and its protection (CIP).

The investigation is based on a thematic analysis of the interviews of twelve RA practitioners. The analysis identified an overarching theme supporting the view that the team approach is the one true remedy to RA process shortcomings as well as five other themes: (1) the value of the human influence in RA; (2) transnationalism - an unfathomable notion; (3) consistency is no panacea to performance; (4) CI organizational RA-influencing forces; and (5) CI RA-enablers and impediments.

The investigation suggests that the team approach to effective RA for CIP is considered as the absolute panacea in the eyes of practitioners although both insights from the current industry RA practice through the interviews themselves, and an investigation of relevant literature suggests that although this is warmheartedly recommended (a) there are no set rules and guidelines in its application, (b) it is not coordinated nor applied consistently, and (c) it is not an integral part of RA processes. Notwithstanding the reality that a team approach to RA for CIP is being contemplated by practitioners, albeit with lagging consistency and coordination, it is evident that additional research is necessary to broaden the understanding of its value.

In power systems, generation must be maintained in constant equilibrium with consumption. A key indicator for this balance is the frequency of the power grid. The load frequency control (LFC) system is responsible for maintaining the frequency close to its nominal value and the power deviation of tie-lines at their scheduled levels. However, the remote communication system of LFC exposes it to several cyber threats. A successful cyberattack against LFC attempts to affect the field measurements that are transferred though its remote control loop. In this work, a data-driven, attack recovery method is proposed against denial of service and false data injection attacks, called DAR-LFC. For this purpose, a deep neural network is developed that generates estimations of the area control error (ACE) signal. When a cyberattack against the LFC occurs, the proposed estimator can temporarily compute and replace the affected ACE, mitigating the effects of the cyberattacks. The effectiveness and the scalability of the DAR-LFC is verified on a single and a two area LFC simulations in MATLAB/Simulink.

Data manipulation attacks targeting network traffic of SCADA systems may compromise the reliability of an Industrial Control system (ICS). This can mislead the control center about the real-time operating conditions of the ICS and can alter commands sent to the field equipment. Deep Learning techniques appear as a suitable solution for detecting such complicated attacks. This paper proposes a Network based Anomaly Detection System (NADS) to detect data manipulation attacks with a focus on Modbus/TCP-based SCADA systems. The proposed NADS is a sequence to sequence auto encoder which uses the long short term memory units with embedding layer, teacher forcing technique and attention mechanism. The model has been trained and tested using the SWaT dataset, which corresponds to a scaled-down water treatment plant. The model detected 23 of 36 attacks and outperformed two other existing NADS with an improvement of 0.22 for simple attacks and obtained a recall value of 0.86 on attack 36 compared to the other NADS which obtained 0.74.