International Journal of Critical Infrastructure Protection最新文献_第3页

Threat model for IEC 61850 based substation automation system 基于IEC 61850的变电站自动化系统的威胁模型

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-08-23 DOI: 10.1016/j.ijcip.2025.100789

Mihael Marović , Ante Đerek , Stjepan Groš , Ivan Kovačević

Threat models have major importance in the area of computer systems security, as they can help identify oversights in the security requirements of a system and influence the design of protection mechanisms. The objective of this paper is to improve the understanding of threats specific to the substation automation system based on the IEC 61850 standard. This would make the discussion and understanding of the protection mechanisms for IEC 61850 more fruitful. So, in this paper, we have developed a detailed threat model for a substation automation system based on the IEC 61850 standard. The developed threat model is based on attack trees and provides a visual and comprehensive overview of potential attack scenarios. The construction of the attack tree follows a top-down approach, starting with the attacker’s goal and encompassing all potential sequences of steps to achieve this goal. When considering possible ways to achieve a goal, we utilise the MITRE ATT&CK framework and take the specifics of the IEC 61850 substation automation system model into account. We used the threat model to discuss the effect of applying communication protection mechanisms to protect IEC 61850 substation automation system (SAS). While a few other threat models exist for IEC 61850 substation automation system, the model we presented here is significantly more comprehensive, it is adaptable and based on a novel threat modelling method that incorporates the MITRE attack pattern in the process of constructing an attack tree. One of the key findings of this article is the identification of the four fundamentally different ways to sabotage an IEC 61850 SAS. Other findings are related to the adaptivity of the attack tree, limitations of the attack tree, and mapping of known attacks on IEC 61850 SAS onto the attack tree.

威胁模型在计算机系统安全领域具有重要意义，因为它们可以帮助识别系统安全需求中的疏忽，并影响保护机制的设计。本文的目的是提高对基于IEC 61850标准的变电站自动化系统特定威胁的理解。这将使对IEC 61850保护机制的讨论和理解更加富有成果。因此，本文基于IEC 61850标准，建立了变电站自动化系统的详细威胁模型。开发的威胁模型基于攻击树，提供了对潜在攻击场景的可视化和全面概述。攻击树的构造遵循自顶向下的方法，从攻击者的目标开始，并包含实现该目标的所有潜在步骤序列。在考虑实现目标的可能方法时，我们使用MITRE ATT&；CK框架，并考虑到IEC 61850变电站自动化系统模型的具体情况。利用威胁模型讨论了应用通信保护机制保护IEC 61850变电站自动化系统（SAS）的效果。虽然IEC 61850变电站自动化系统存在一些其他的威胁模型，但我们在这里提出的模型更加全面，适应性强，并且基于一种新的威胁建模方法，该方法在构建攻击树的过程中结合了MITRE攻击模式。本文的主要发现之一是确定了破坏IEC 61850 SAS的四种根本不同的方法。其他发现与攻击树的适应性、攻击树的局限性以及将针对IEC 61850 SAS的已知攻击映射到攻击树有关。

{"title":"Threat model for IEC 61850 based substation automation system","authors":"Mihael Marović , Ante Đerek , Stjepan Groš , Ivan Kovačević","doi":"10.1016/j.ijcip.2025.100789","DOIUrl":"10.1016/j.ijcip.2025.100789","url":null,"abstract":"<div><div>Threat models have major importance in the area of computer systems security, as they can help identify oversights in the security requirements of a system and influence the design of protection mechanisms. The objective of this paper is to improve the understanding of threats specific to the substation automation system based on the IEC 61850 standard. This would make the discussion and understanding of the protection mechanisms for IEC 61850 more fruitful. So, in this paper, we have developed a detailed threat model for a substation automation system based on the IEC 61850 standard. The developed threat model is based on attack trees and provides a visual and comprehensive overview of potential attack scenarios. The construction of the attack tree follows a top-down approach, starting with the attacker’s goal and encompassing all potential sequences of steps to achieve this goal. When considering possible ways to achieve a goal, we utilise the MITRE ATT&CK framework and take the specifics of the IEC 61850 substation automation system model into account. We used the threat model to discuss the effect of applying communication protection mechanisms to protect IEC 61850 substation automation system (SAS). While a few other threat models exist for IEC 61850 substation automation system, the model we presented here is significantly more comprehensive, it is adaptable and based on a novel threat modelling method that incorporates the MITRE attack pattern in the process of constructing an attack tree. One of the key findings of this article is the identification of the four fundamentally different ways to sabotage an IEC 61850 SAS. Other findings are related to the adaptivity of the attack tree, limitations of the attack tree, and mapping of known attacks on IEC 61850 SAS onto the attack tree.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100789"},"PeriodicalIF":5.3,"publicationDate":"2025-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144922855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Resilience of interdependent infrastructure networks: Review and future directions 相互依赖的基础设施网络的弹性：回顾和未来方向

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-08-21 DOI: 10.1016/j.ijcip.2025.100793

Wenjing Tong , Hong Xian Li , Farnad Nasirzadeh , Fuyi Yao , Yingbo Ji

Interdependent infrastructure systems are instrumental for facility operations. Existing research has emphasised the resilience of infrastructure networks from theoretical to methodological perspectives. This paper aims to identify the current trends and future directions using a mixed method combining bibliometric analysis and systematic review. 101 highly relevant articles are selected for analysis, and scientific literature maps are constructed to analyse co-authorship, co-citation, and keywords. In addition, systematic review is conducted to identify the main research themes, including characteristics analysis of interdependent infrastructure resilience, resilience assessment, and improvement strategies. The potential avenues for future research are also identified, including developing data-driven, interpretable resilience models using advanced algorithms; analysing performance evolution mechanisms integrating temporal and geographic perspectives, assessing resilience emphasising dynamic equilibrium states; improving the holistic resilience considering the trade-off of different targets. This research contributes to the body of knowledge of interdependent infrastructure resilience and exposes the research needs in this area.

相互依赖的基础设施系统对设施运营至关重要。现有的研究从理论到方法的角度都强调了基础设施网络的弹性。本文旨在运用文献计量分析和系统综述相结合的方法，确定当前的趋势和未来的发展方向。选择101篇高度相关的文章进行分析，并构建科学文献图来分析共同作者，共同引用和关键词。此外，本文还进行了系统综述，确定了主要研究主题，包括相互依存基础设施弹性特征分析、弹性评估和改进策略。还确定了未来研究的潜在途径，包括使用先进算法开发数据驱动的可解释弹性模型；综合时间和地理角度分析绩效演化机制，评估强调动态平衡状态的弹性；考虑不同目标的权衡，提高整体弹性。本研究为基础设施相互依赖弹性的知识体系做出了贡献，并揭示了该领域的研究需求。

{"title":"Resilience of interdependent infrastructure networks: Review and future directions","authors":"Wenjing Tong , Hong Xian Li , Farnad Nasirzadeh , Fuyi Yao , Yingbo Ji","doi":"10.1016/j.ijcip.2025.100793","DOIUrl":"10.1016/j.ijcip.2025.100793","url":null,"abstract":"<div><div>Interdependent infrastructure systems are instrumental for facility operations. Existing research has emphasised the resilience of infrastructure networks from theoretical to methodological perspectives. This paper aims to identify the current trends and future directions using a mixed method combining bibliometric analysis and systematic review. 101 highly relevant articles are selected for analysis, and scientific literature maps are constructed to analyse co-authorship, co-citation, and keywords. In addition, systematic review is conducted to identify the main research themes, including characteristics analysis of interdependent infrastructure resilience, resilience assessment, and improvement strategies. The potential avenues for future research are also identified, including developing data-driven, interpretable resilience models using advanced algorithms; analysing performance evolution mechanisms integrating temporal and geographic perspectives, assessing resilience emphasising dynamic equilibrium states; improving the holistic resilience considering the trade-off of different targets. This research contributes to the body of knowledge of interdependent infrastructure resilience and exposes the research needs in this area.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100793"},"PeriodicalIF":5.3,"publicationDate":"2025-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144892319","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Vulnerability assessment of interdependent road-power networks with probability-based coupling strategies 基于概率耦合策略的道路电力网络脆弱性评估

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-08-12 DOI: 10.1016/j.ijcip.2025.100792

Qiaojun Guo , Xin Gao , Damin Dong , Guangtai Zhang

The road network and power grid are vital components of urban infrastructures, but their interdependence significantly amplifies vulnerability. Thus, this paper studies the vulnerability of the interdependent road-power network constructed by a probability-based coupling strategies. First, the road network and the power grid are abstracted as two single networks, respectively, where user equilibrium and the Kirchhoff’s law are used to construct the cascading failure model. Then, to establish an effective interdependent relationship between them, we propose ranking proportion reflecting the ranking of a node in the single network and construct the interdependent link between networks through the probability determined by the difference of ranking proportion, thereby developing a probability-based framework for generating coupling strategies. This can produce coupling strategies with a specific assortativity coefficient based on various kinds of metrics. Finally, we use the real-world Shanghai road network and the IEEE 118-node power grid to conduct a case study on the vulnerability of the interdependent network with sixteen assortative and disassortative coupling strategies obtained by the proposed framework with four topological and functional metrics. Experimental results show that under intentional attacks, the interdependent network with disassortative coupling strategies regarding fluctuations of power loads exhibits slight vulnerability; under random failures, disassortative coupling strategies regarding the power load mitigate its vulnerability. In addition, there is little difference in the vulnerability of the interdependent network with assortative coupling strategies regardless of attack strategies. Besides, its vulnerability is more significant while adopting coupling strategies regarding classic topological metrics.

道路网络和电网是城市基础设施的重要组成部分，但它们之间的相互依赖性大大增加了脆弱性。因此，本文研究了基于概率耦合策略构建的相互依赖道路-电力网络的脆弱性。首先，将路网和电网分别抽象为两个单独的网络，利用用户均衡和基尔霍夫定律构建级联故障模型；然后，为了建立它们之间有效的相互依赖关系，我们提出了反映单个网络中节点排名的排名比例，并通过排名比例差异决定的概率来构建网络之间的相互依赖联系，从而开发了基于概率的耦合策略生成框架。这可以产生基于各种度量的具有特定选型系数的耦合策略。最后，以现实世界的上海道路网络和IEEE 118节点电网为例，对基于4个拓扑和功能指标的框架所获得的16种分类和非分类耦合策略进行了脆弱性分析。实验结果表明，在故意攻击下，基于电力负荷波动的非分类耦合策略的相互依赖网络表现出轻微的脆弱性；在随机故障情况下，针对电力负荷的非分类耦合策略可以降低其脆弱性。此外，无论攻击策略如何，分类耦合策略下的相互依赖网络的脆弱性差异不大。此外，针对经典拓扑指标采用耦合策略时，其脆弱性更为显著。

{"title":"Vulnerability assessment of interdependent road-power networks with probability-based coupling strategies","authors":"Qiaojun Guo , Xin Gao , Damin Dong , Guangtai Zhang","doi":"10.1016/j.ijcip.2025.100792","DOIUrl":"10.1016/j.ijcip.2025.100792","url":null,"abstract":"<div><div>The road network and power grid are vital components of urban infrastructures, but their interdependence significantly amplifies vulnerability. Thus, this paper studies the vulnerability of the interdependent road-power network constructed by a probability-based coupling strategies. First, the road network and the power grid are abstracted as two single networks, respectively, where user equilibrium and the Kirchhoff’s law are used to construct the cascading failure model. Then, to establish an effective interdependent relationship between them, we propose ranking proportion reflecting the ranking of a node in the single network and construct the interdependent link between networks through the probability determined by the difference of ranking proportion, thereby developing a probability-based framework for generating coupling strategies. This can produce coupling strategies with a specific assortativity coefficient based on various kinds of metrics. Finally, we use the real-world Shanghai road network and the IEEE 118-node power grid to conduct a case study on the vulnerability of the interdependent network with sixteen assortative and disassortative coupling strategies obtained by the proposed framework with four topological and functional metrics. Experimental results show that under intentional attacks, the interdependent network with disassortative coupling strategies regarding fluctuations of power loads exhibits slight vulnerability; under random failures, disassortative coupling strategies regarding the power load mitigate its vulnerability. In addition, there is little difference in the vulnerability of the interdependent network with assortative coupling strategies regardless of attack strategies. Besides, its vulnerability is more significant while adopting coupling strategies regarding classic topological metrics.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100792"},"PeriodicalIF":5.3,"publicationDate":"2025-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144887265","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Hardware security modules for sustainable energy systems: Targeted review 可持续能源系统的硬件安全模块：有针对性的审查

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-08-12 DOI: 10.1016/j.ijcip.2025.100791

Yehia Ibrahim Alzoubi

As the global transition toward green energy intensifies, the integration of Hardware Security Modules (HSMs) into sustainable energy systems is emerging as a critical component for ensuring cybersecurity and operational resilience. HSMs are essential for safeguarding sensitive data, enabling secure communication, and maintaining the integrity of operations within smart grids and renewable energy infrastructures, which are increasingly susceptible to cyber threats. Despite the growing relevance of HSMs in this domain, there remains a significant gap in the academic literature concerning their specific adoption and optimization in sustainable energy contexts. This paper addresses this gap by providing a comprehensive analysis of the role and integration of HSMs in sustainable energy systems. It examines how HSMs enhance system security through advanced cryptographic protections, operational robustness, and secure data exchange. The study further explores key optimization strategies, such as energy-efficient circuit design, advanced process technologies, and duty-cycling mechanisms that align HSM functionality with energy sustainability goals. Additionally, the paper identifies and discusses major challenges affecting HSM deployment, such as cost constraints, energy consumption, and interoperability with legacy infrastructure. By synthesizing these findings, the paper unveils the strategic implementation of HSMs in sustainable energy frameworks and lays a foundation for future empirical investigations aimed at validating and extending the discussed approaches.

随着全球向绿色能源转型的加剧，将硬件安全模块（hsm）集成到可持续能源系统中正在成为确保网络安全和运营弹性的关键组成部分。hsm对于保护敏感数据、实现安全通信以及维护智能电网和可再生能源基础设施的运营完整性至关重要，这些基础设施越来越容易受到网络威胁。尽管hsm在这一领域的相关性越来越大，但关于其在可持续能源背景下的具体采用和优化的学术文献仍然存在重大差距。本文通过对可持续能源系统中hsm的作用和整合进行全面分析，解决了这一差距。它研究了hsm如何通过高级加密保护、操作健壮性和安全的数据交换来增强系统安全性。该研究进一步探讨了关键的优化策略，如节能电路设计，先进的工艺技术，以及使HSM功能与能源可持续性目标保持一致的职责循环机制。此外，本文确定并讨论了影响HSM部署的主要挑战，例如成本限制、能源消耗以及与遗留基础设施的互操作性。通过综合这些发现，本文揭示了可持续能源框架中hsm的战略实施，并为旨在验证和扩展所讨论方法的未来实证研究奠定了基础。

{"title":"Hardware security modules for sustainable energy systems: Targeted review","authors":"Yehia Ibrahim Alzoubi","doi":"10.1016/j.ijcip.2025.100791","DOIUrl":"10.1016/j.ijcip.2025.100791","url":null,"abstract":"<div><div>As the global transition toward green energy intensifies, the integration of Hardware Security Modules (HSMs) into sustainable energy systems is emerging as a critical component for ensuring cybersecurity and operational resilience. HSMs are essential for safeguarding sensitive data, enabling secure communication, and maintaining the integrity of operations within smart grids and renewable energy infrastructures, which are increasingly susceptible to cyber threats. Despite the growing relevance of HSMs in this domain, there remains a significant gap in the academic literature concerning their specific adoption and optimization in sustainable energy contexts. This paper addresses this gap by providing a comprehensive analysis of the role and integration of HSMs in sustainable energy systems. It examines how HSMs enhance system security through advanced cryptographic protections, operational robustness, and secure data exchange. The study further explores key optimization strategies, such as energy-efficient circuit design, advanced process technologies, and duty-cycling mechanisms that align HSM functionality with energy sustainability goals. Additionally, the paper identifies and discusses major challenges affecting HSM deployment, such as cost constraints, energy consumption, and interoperability with legacy infrastructure. By synthesizing these findings, the paper unveils the strategic implementation of HSMs in sustainable energy frameworks and lays a foundation for future empirical investigations aimed at validating and extending the discussed approaches.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100791"},"PeriodicalIF":5.3,"publicationDate":"2025-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144841154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhancing cybersecurity in railways: Machine learning approaches for attack detection 加强铁路网络安全：攻击检测的机器学习方法

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-08-08 DOI: 10.1016/j.ijcip.2025.100788

Beatriz Otero Calviño, Eva Rodriguez, Juan José Costa, Mercedes Oriol

Ensuring the security of railway systems is crucial to protecting both passengers and infrastructure from the increasing threat of cyberattacks. As these threats grow in complexity and frequency, the need for resilient attack detection systems becomes more pressing.

This study tackles the challenge of attack detection in railway systems using machine learning techniques. By integrating Generative Adversarial Networks (GANs), Convolutional Neural Networks (CNNs), and Transfer Learning (TL), we enhance detection accuracy and develop a robust approach capable of identifying both known and emerging threats. Our methodology utilized the Electra Modbus dataset as the source domain and was transferred to the Electra S7Comm dataset as the target domain. Experimental results highlight the effectiveness of GAN-based data augmentation in mitigating the scarcity of attack samples, enhancing both the robustness and generalizability of our detection models. Additionally, the application of pre-trained models through transfer learning played a crucial role in achieving superior performance. Our proposed solution can be deployed within railway networks to strengthen security measures, enabling proactive responses to cyber threats, safeguarding critical infrastructure, and ensuring uninterrupted operations.

确保铁路系统的安全对于保护乘客和基础设施免受日益严重的网络攻击威胁至关重要。随着这些威胁的复杂性和频率的增加，对弹性攻击检测系统的需求变得更加迫切。本研究利用机器学习技术解决了铁路系统攻击检测的挑战。通过集成生成对抗网络（GANs）、卷积神经网络（cnn）和迁移学习（TL），我们提高了检测准确性，并开发了一种能够识别已知和新出现的威胁的鲁棒方法。我们的方法使用Electra Modbus数据集作为源域，并将其转换为Electra S7Comm数据集作为目标域。实验结果强调了基于gan的数据增强在缓解攻击样本稀缺性方面的有效性，增强了我们的检测模型的鲁棒性和泛化性。此外，通过迁移学习的预训练模型的应用在取得优异成绩方面发挥了至关重要的作用。我们提出的解决方案可以部署在铁路网络中，以加强安全措施，主动响应网络威胁，保护关键基础设施，并确保不间断运营。

{"title":"Enhancing cybersecurity in railways: Machine learning approaches for attack detection","authors":"Beatriz Otero Calviño, Eva Rodriguez, Juan José Costa, Mercedes Oriol","doi":"10.1016/j.ijcip.2025.100788","DOIUrl":"10.1016/j.ijcip.2025.100788","url":null,"abstract":"<div><div>Ensuring the security of railway systems is crucial to protecting both passengers and infrastructure from the increasing threat of cyberattacks. As these threats grow in complexity and frequency, the need for resilient attack detection systems becomes more pressing.</div><div>This study tackles the challenge of attack detection in railway systems using machine learning techniques. By integrating Generative Adversarial Networks (GANs), Convolutional Neural Networks (CNNs), and Transfer Learning (TL), we enhance detection accuracy and develop a robust approach capable of identifying both known and emerging threats. Our methodology utilized the Electra Modbus dataset as the source domain and was transferred to the Electra S7Comm dataset as the target domain. Experimental results highlight the effectiveness of GAN-based data augmentation in mitigating the scarcity of attack samples, enhancing both the robustness and generalizability of our detection models. Additionally, the application of pre-trained models through transfer learning played a crucial role in achieving superior performance. Our proposed solution can be deployed within railway networks to strengthen security measures, enabling proactive responses to cyber threats, safeguarding critical infrastructure, and ensuring uninterrupted operations.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100788"},"PeriodicalIF":5.3,"publicationDate":"2025-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144829738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

How interdependent coupling affects the resilience of urban critical infrastructure(UCI) 相互依赖耦合如何影响城市关键基础设施的弹性

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-08-05 DOI: 10.1016/j.ijcip.2025.100790

Li Guo , Jianing Hu , Mengjuan Luo , Shihao Ren , Xiaobin Dong , Pengcheng Li

Urban critical infrastructure systems do not exist in isolation. They are interdependent and interact with each other, constructing a multilayer network model can effectively and accurately simulate the relationship between these systems, to better understand and analyze their interactions and impact on the overall resilience of the system. This study constructs eight different coupling-type multilayer cascading failure models to explore the robustness patterns of interdependent coupling networks under two different coupling patterns (chain and triangle) and different coupling ratios. The research results indicate that (1) both chain and triangle coupling networks exhibit optimal adjustable capacity parameter values, but the optimal adjustable capacity values for these two coupling patterns are not the same; (2) the robustness of the triangle coupling network is superior to that of the chain coupling network, although, under degree-matching coupling types, the robustness of the two coupling patterns is similar; (3) under the same coupling pattern, different coupling types of multilayer networks exhibit differences in robustness, and the optimal inter-layer coupling types vary within different coupling ratio ranges; (4) under different coupling patterns, for the same coupling ratio range, the optimal inter-layer coupling types also differ. These findings provide a foundation for more precise modeling, thereby enabling the development of more effective strategies to enhance the resilience and reliability of interdependent urban critical infrastructure systems under varying coupling conditions.

城市关键基础设施系统不是孤立存在的。它们相互依存、相互作用，构建多层网络模型可以有效、准确地模拟这些系统之间的关系，更好地理解和分析它们之间的相互作用以及对系统整体弹性的影响。本文构建了8种不同耦合类型的多层级联失效模型，探讨了两种不同耦合模式（链式和三角式）和不同耦合比下相互依赖耦合网络的鲁棒性规律。研究结果表明：(1)链式和三角形耦合网络均具有最优可调容量参数值，但两种耦合模式的最优可调容量值不同；(2)三角耦合网络的鲁棒性优于链式耦合网络，但在度匹配耦合类型下，两种耦合模式的鲁棒性相似；(3)在相同耦合模式下，不同耦合类型的多层网络鲁棒性存在差异，在不同耦合比范围内，最优层间耦合类型存在差异；(4)在不同耦合方式下，对于相同的耦合比范围，层间最优耦合方式也不同。这些发现为更精确的建模奠定了基础，从而能够制定更有效的策略，以增强相互依赖的城市关键基础设施系统在不同耦合条件下的弹性和可靠性。

{"title":"How interdependent coupling affects the resilience of urban critical infrastructure(UCI)","authors":"Li Guo , Jianing Hu , Mengjuan Luo , Shihao Ren , Xiaobin Dong , Pengcheng Li","doi":"10.1016/j.ijcip.2025.100790","DOIUrl":"10.1016/j.ijcip.2025.100790","url":null,"abstract":"<div><div>Urban critical infrastructure systems do not exist in isolation. They are interdependent and interact with each other, constructing a multilayer network model can effectively and accurately simulate the relationship between these systems, to better understand and analyze their interactions and impact on the overall resilience of the system. This study constructs eight different coupling-type multilayer cascading failure models to explore the robustness patterns of interdependent coupling networks under two different coupling patterns (chain and triangle) and different coupling ratios. The research results indicate that (1) both chain and triangle coupling networks exhibit optimal adjustable capacity parameter values, but the optimal adjustable capacity values for these two coupling patterns are not the same; (2) the robustness of the triangle coupling network is superior to that of the chain coupling network, although, under degree-matching coupling types, the robustness of the two coupling patterns is similar; (3) under the same coupling pattern, different coupling types of multilayer networks exhibit differences in robustness, and the optimal inter-layer coupling types vary within different coupling ratio ranges; (4) under different coupling patterns, for the same coupling ratio range, the optimal inter-layer coupling types also differ. These findings provide a foundation for more precise modeling, thereby enabling the development of more effective strategies to enhance the resilience and reliability of interdependent urban critical infrastructure systems under varying coupling conditions.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100790"},"PeriodicalIF":5.3,"publicationDate":"2025-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144912267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

From breach to bias: Measuring reputation value and trust recovery after cyber incidents in critical infrastructure 从违规到偏见：衡量关键基础设施网络事件后的声誉价值和信任恢复

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-08-05 DOI: 10.1016/j.ijcip.2025.100787

Bonnie Rushing , Shouhuai Xu , Ashley Fairman

Cybersecurity incidents increasingly affect not only operational integrity but also business reputation, especially for companies managing critical infrastructure. This study introduces the Reputation Impact Score (RIS), a novel, repeatable metric that quantifies reputational damage using a combination of financial volatility, investor trust, and sentiment analysis from employees and customers. The RIS model is applied to real-world case studies of high-profile cybersecurity incidents affecting operational technology (OT) companies, including Equifax, SolarWinds, and American Water Works. By integrating open-source financial data and public sentiment ratings, the RIS enables organizations to assess recovery progress and predict potential reputational harm. This work introduces a practical framework to quantify reputational resilience in critical infrastructure firms.

网络安全事件不仅日益影响运营完整性，还影响商业声誉，尤其是对管理关键基础设施的公司而言。本研究引入了声誉影响评分（RIS），这是一种新颖的、可重复的指标，它通过结合金融波动、投资者信任以及员工和客户的情绪分析来量化声誉损害。RIS模型应用于影响运营技术（OT）公司的高调网络安全事件的现实案例研究，包括Equifax、SolarWinds和American Water Works。通过整合开源财务数据和公众情绪评级，RIS使组织能够评估恢复进度并预测潜在的声誉损害。这项工作引入了一个实用的框架来量化关键基础设施公司的声誉弹性。

引用次数: 0

SuPOR: A lightweight stream cipher for confidentiality and attack-resilient visual data security in IoT SuPOR：用于物联网中机密性和抗攻击视觉数据安全的轻量级流密码

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-07-25 DOI: 10.1016/j.ijcip.2025.100786

Ifeoluwapo Aribilola , Saeed Hamood Alsamhi , John G. Breslin , Mamoona Naveed Asghar

The rapid growth of Internet of Things (IoT) technologies, particularly visual sensors such as cameras and drones, has resulted in increased transmission of sensitive visual data containing personally identifiable information (PII). Securing this data during storage and transmission (e.g., cloud or edge servers) is essential for maintaining privacy and security. However, existing encryption methods often face challenges due to computational overhead and vulnerability to attacks, especially on resource-limited IoT devices. To bridge this research gap, this paper presents SuPOR, a single-round lightweight cipher tailored for visual data protection in IoT environments. The SuPOR framework incorporates five fundamental cryptographic principles—Substitution, Permutation, XOR, right circular shift, and swap—which are executed in sequential steps. These include: (1) constructing a secure S-box using Möbius linear transformations and Galois fields for pixel-level substitution, (2) permuting the substituted pixels to improve diffusion, (3) applying a cryptographically secure pseudo-random number generator (CSPRNG) to generate a 64-bit one-time key for XORing, (4) performing right circular shifts on pixel byte arrays, and (5) executing element swaps to further obfuscate the data. Comprehensive security and statistical assessments demonstrate that SuPOR offers strong resistance against various attack vectors while maintaining minimal computational overhead, with a linear time complexity of

O (n m + n (3 \times f r a m e s i z e))

. Experimental comparisons indicate that SuPOR surpasses several state-of-the-art stream ciphers designed for IoT visual data, making it highly suitable for real-time, resource-constrained environments. The findings provide a practical and efficient solution to enhance the privacy and security of visual data in IoT systems, effectively safeguarding sensitive information from threats.

物联网（IoT）技术的快速发展，特别是相机和无人机等视觉传感器，导致包含个人身份信息（PII）的敏感视觉数据的传输增加。在存储和传输期间（例如，云或边缘服务器）保护这些数据对于维护隐私和安全至关重要。然而，由于计算开销和易受攻击，特别是在资源有限的物联网设备上，现有的加密方法经常面临挑战。为了弥补这一研究差距，本文提出了SuPOR，这是一种为物联网环境中的视觉数据保护量身定制的单轮轻量级密码。SuPOR框架包含五个基本的加密原则—替换、置换、异或、右循环移位和交换—它们按顺序执行。这些包括：(1)使用Möbius线性变换和伽罗瓦域构建安全的s盒进行像素级替换，(2)排列替换的像素以改善扩散，(3)应用加密安全伪随机数生成器（CSPRNG）为XORing生成64位一次性密钥，(4)在像素字节数组上执行正确的循环移位，以及(5)执行元素交换以进一步混淆数据。综合安全和统计评估表明，SuPOR在保持最小计算开销的同时，对各种攻击向量具有很强的抵抗力，线性时间复杂度为0 （nm+n(3×framesize)）。实验比较表明，SuPOR超过了为物联网视觉数据设计的几种最先进的流密码，使其非常适合实时，资源受限的环境。研究结果为增强物联网系统中视觉数据的隐私和安全性提供了一种实用高效的解决方案，有效保护敏感信息免受威胁。

{"title":"SuPOR: A lightweight stream cipher for confidentiality and attack-resilient visual data security in IoT","authors":"Ifeoluwapo Aribilola , Saeed Hamood Alsamhi , John G. Breslin , Mamoona Naveed Asghar","doi":"10.1016/j.ijcip.2025.100786","DOIUrl":"10.1016/j.ijcip.2025.100786","url":null,"abstract":"<div><div>The rapid growth of Internet of Things (IoT) technologies, particularly visual sensors such as cameras and drones, has resulted in increased transmission of sensitive visual data containing personally identifiable information (PII). Securing this data during storage and transmission (e.g., cloud or edge servers) is essential for maintaining privacy and security. However, existing encryption methods often face challenges due to computational overhead and vulnerability to attacks, especially on resource-limited IoT devices. To bridge this research gap, this paper presents <em>SuPOR</em>, a single-round lightweight cipher tailored for visual data protection in IoT environments. The <em>SuPOR</em> framework incorporates five fundamental cryptographic principles—<strong>Su</strong>bstitution, <strong>P</strong>ermutation, X<strong>OR</strong>, right circular shift, and swap—which are executed in sequential steps. These include: (1) constructing a secure S-box using Möbius linear transformations and Galois fields for pixel-level substitution, (2) permuting the substituted pixels to improve diffusion, (3) applying a cryptographically secure pseudo-random number generator (CSPRNG) to generate a 64-bit one-time key for <strong>XOR</strong>ing, (4) performing right circular shifts on pixel byte arrays, and (5) executing element swaps to further obfuscate the data. Comprehensive security and statistical assessments demonstrate that <em>SuPOR</em> offers strong resistance against various attack vectors while maintaining minimal computational overhead, with a linear time complexity of <span><math><mrow><mi>O</mi><mrow><mo>(</mo><mi>n</mi><mi>m</mi><mo>+</mo><mi>n</mi><mrow><mo>(</mo><mn>3</mn><mo>×</mo><mi>f</mi><mi>r</mi><mi>a</mi><mi>m</mi><mi>e</mi><mi>s</mi><mi>i</mi><mi>z</mi><mi>e</mi><mo>)</mo></mrow><mo>)</mo></mrow></mrow></math></span>. Experimental comparisons indicate that <em>SuPOR</em> surpasses several state-of-the-art stream ciphers designed for IoT visual data, making it highly suitable for real-time, resource-constrained environments. The findings provide a practical and efficient solution to enhance the privacy and security of visual data in IoT systems, effectively safeguarding sensitive information from threats.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100786"},"PeriodicalIF":5.3,"publicationDate":"2025-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144721505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Digital twin application in lifecycle security of critical infrastructures: A systematic literature review 数字孪生在关键基础设施生命周期安全中的应用：系统的文献综述

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-07-18 DOI: 10.1016/j.ijcip.2025.100783

Taru Itäpelto, Mohammed Elhajj, Marten van Sinderen

Critical infrastructures are essential for the functioning of society. However, their increasing connectivity makes them vulnerable to growing cybersecurity threats. Traditional testing methods, such as testbeds, often struggle to accurately replicate real-world complexities and can be expensive to maintain. Although digital twins are gaining attention as a potential solution, providing high-fidelity virtual replicas with simulation, prediction, and control capabilities, their specific role in enhancing cybersecurity for critical infrastructures throughout their lifecycles has not been thoroughly explored. To address this gap, our study conducts a systematic literature review of 43 peer-reviewed papers published between 2013 and 2024 to investigate how digital twins can tackle cybersecurity challenges throughout critical infrastructures’ lifecycles. Our analysis offers a detailed classification of cybersecurity use cases enabled by digital twins, maps these use cases to the lifecycle phases of critical infrastructures, and evaluates the feasibility and justifications of both proposed and implemented solutions as long-term cybersecurity enhancers. Our findings underscore the potential of digital twins to foster a sustainable, long-term partnership with critical infrastructures, leading to improved cybersecurity. Additionally, we propose four future research directions to guide the development of robust digital twin solutions supporting the evolution of these vital systems, their operating contexts, and threat landscapes. To the best of our knowledge, this is the first study investigating digital twins’ role as a lifelong cybersecurity enhancer for critical infrastructures.

关键的基础设施对社会的运作至关重要。然而，它们日益增长的连通性使它们容易受到日益增长的网络安全威胁。传统的测试方法，比如测试台，通常很难准确地复制真实世界的复杂性，并且维护起来很昂贵。虽然数字孪生作为一种潜在的解决方案正在受到关注，提供具有模拟、预测和控制能力的高保真虚拟复制品，但它们在整个生命周期中增强关键基础设施网络安全方面的具体作用尚未得到彻底探讨。为了解决这一差距，我们的研究对2013年至2024年间发表的43篇同行评议论文进行了系统的文献综述，以研究数字孪生如何在关键基础设施的整个生命周期中应对网络安全挑战。我们的分析提供了数字孪生支持的网络安全用例的详细分类，将这些用例映射到关键基础设施的生命周期阶段，并评估了提议和实施的解决方案作为长期网络安全增强器的可行性和合理性。我们的研究结果强调了数字孪生在促进与关键基础设施的可持续长期合作伙伴关系，从而改善网络安全方面的潜力。此外，我们提出了四个未来的研究方向，以指导强大的数字孪生解决方案的发展，支持这些重要系统的发展，其操作环境和威胁景观。据我们所知，这是第一个调查数字孪生作为关键基础设施终身网络安全增强器角色的研究。

{"title":"Digital twin application in lifecycle security of critical infrastructures: A systematic literature review","authors":"Taru Itäpelto, Mohammed Elhajj, Marten van Sinderen","doi":"10.1016/j.ijcip.2025.100783","DOIUrl":"10.1016/j.ijcip.2025.100783","url":null,"abstract":"<div><div>Critical infrastructures are essential for the functioning of society. However, their increasing connectivity makes them vulnerable to growing cybersecurity threats. Traditional testing methods, such as testbeds, often struggle to accurately replicate real-world complexities and can be expensive to maintain. Although digital twins are gaining attention as a potential solution, providing high-fidelity virtual replicas with simulation, prediction, and control capabilities, their specific role in enhancing cybersecurity for critical infrastructures throughout their lifecycles has not been thoroughly explored. To address this gap, our study conducts a systematic literature review of 43 peer-reviewed papers published between 2013 and 2024 to investigate how digital twins can tackle cybersecurity challenges throughout critical infrastructures’ lifecycles. Our analysis offers a detailed classification of cybersecurity use cases enabled by digital twins, maps these use cases to the lifecycle phases of critical infrastructures, and evaluates the feasibility and justifications of both proposed and implemented solutions as long-term cybersecurity enhancers. Our findings underscore the potential of digital twins to foster a sustainable, long-term partnership with critical infrastructures, leading to improved cybersecurity. Additionally, we propose four future research directions to guide the development of robust digital twin solutions supporting the evolution of these vital systems, their operating contexts, and threat landscapes. To the best of our knowledge, this is the first study investigating digital twins’ role as a lifelong cybersecurity enhancer for critical infrastructures.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100783"},"PeriodicalIF":5.3,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144721504","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A cyber-resilient mechanism for detection, classification and mitigation of intrusion on synchrophasor data in power networks 电网同步数据入侵检测、分类和缓解的网络弹性机制

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-07-06 DOI: 10.1016/j.ijcip.2025.100785

Soma Bhattacharya, Brundavanam Seshasai, Ebha Koley, Subhojit Ghosh

In recent times, owing to their ability in providing accurate synchronized phasor information with global positioning system (GPS) based common time reference, phasor measurement units (PMUs) have emerged as one of the most significant components of the wide-area monitoring system of modern power networks. However, the use of public GPS signal and increased dependence on the communication infrastructure for transmitting phasor information have made the PMU (also referred to as synchrophasor) dependent operations highly vulnerable to the cyber intrusions. Intrusions on synchrophasor data is generally executed by either manipulating the common time reference (referred to as time synchronization attack (TSA)) or by injecting a falsified data into the actual PMU acquired signal to recreate a non-existing scenario (referred to as replay attack (RA)). For both the attacks, the acquisition of manipulated data at the control centre negatively disturbs the wide-area monitoring and control operations, which might even lead the network to blackout. Motivated by the requirement of increasing the resiliency of power networks against TSA and RA, the development of an accurate, reliable and comprehensive scheme for detecting, classifying and mitigating the impact of phasor intrusions has been sought in the present work. The three-stage mechanism involves processing of the phasor data acquired from multiple PMUs using bi-directional gated recurrent unit (Bi-GRU) based classifiers to detect intrusion (first stage) and further classify the type of intrusion as TSA or RA (second stage). Post-intrusion classification, in the final stage, Bessel interpolation is applied to filter out the spoofed data and further replace it with intrusion-free (pre-attack) data. The proposed scheme has been extensively validated for practical settings in real-time testbed with regards to detecting intrusions, distinguishing intrusions from contingencies, classifying intrusion and estimating the state variables closer to the pre-attack levels.

近年来，相量测量单元（pmu）由于能够与基于全球定位系统（GPS）的通用时间基准提供精确的同步相量信息，已成为现代电网广域监测系统的重要组成部分之一。然而，公共GPS信号的使用和对传输相量信息的通信基础设施的依赖增加使得PMU（也称为同步相量）依赖操作极易受到网络入侵。对同步数据的入侵通常通过操纵公共时间参考（称为时间同步攻击（TSA））或通过向实际PMU获取的信号中注入伪造的数据来重新创建不存在的场景（称为重放攻击（RA））来执行。对于这两种攻击，在控制中心获取被操纵的数据对广域监测和控制操作产生负面干扰，甚至可能导致网络中断。由于需要提高电网对TSA和RA的弹性，目前的工作一直在寻求一种准确、可靠和全面的方案来检测、分类和减轻相量入侵的影响。该三阶段机制包括使用基于双向门控循环单元（Bi-GRU）的分类器处理从多个pmu获取的相量数据，以检测入侵（第一阶段），并进一步将入侵类型分类为TSA或RA（第二阶段）。后入侵分类，在最后阶段，使用贝塞尔插值法过滤掉被欺骗的数据，并将其替换为无入侵（攻击前）数据。该方案在检测入侵、区分入侵和突发事件、对入侵进行分类以及估计更接近攻击前水平的状态变量等方面已经在实时测试平台的实际设置中得到了广泛的验证。

{"title":"A cyber-resilient mechanism for detection, classification and mitigation of intrusion on synchrophasor data in power networks","authors":"Soma Bhattacharya, Brundavanam Seshasai, Ebha Koley, Subhojit Ghosh","doi":"10.1016/j.ijcip.2025.100785","DOIUrl":"10.1016/j.ijcip.2025.100785","url":null,"abstract":"<div><div>In recent times, owing to their ability in providing accurate synchronized phasor information with global positioning system (GPS) based common time reference, phasor measurement units (PMUs) have emerged as one of the most significant components of the wide-area monitoring system of modern power networks. However, the use of public GPS signal and increased dependence on the communication infrastructure for transmitting phasor information have made the PMU (also referred to as synchrophasor) dependent operations highly vulnerable to the cyber intrusions. Intrusions on synchrophasor data is generally executed by either manipulating the common time reference (referred to as time synchronization attack (TSA)) or by injecting a falsified data into the actual PMU acquired signal to recreate a non-existing scenario (referred to as replay attack (RA)). For both the attacks, the acquisition of manipulated data at the control centre negatively disturbs the wide-area monitoring and control operations, which might even lead the network to blackout. Motivated by the requirement of increasing the resiliency of power networks against TSA and RA, the development of an accurate, reliable and comprehensive scheme for detecting, classifying and mitigating the impact of phasor intrusions has been sought in the present work. The three-stage mechanism involves processing of the phasor data acquired from multiple PMUs using bi-directional gated recurrent unit (Bi-GRU) based classifiers to detect intrusion (first stage) and further classify the type of intrusion as TSA or RA (second stage). Post-intrusion classification, in the final stage, Bessel interpolation is applied to filter out the spoofed data and further replace it with intrusion-free (pre-attack) data. The proposed scheme has been extensively validated for practical settings in real-time testbed with regards to detecting intrusions, distinguishing intrusions from contingencies, classifying intrusion and estimating the state variables closer to the pre-attack levels.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100785"},"PeriodicalIF":4.1,"publicationDate":"2025-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144614191","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0