This paper investigates the views of practitioners on the decision-making influences and the transnational considerations affecting risk assessment (RA) for critical infrastructure (CI) and its protection (CIP).
The investigation is based on a thematic analysis of the interviews of twelve RA practitioners. The analysis identified an overarching theme supporting the view that the team approach is the one true remedy to RA process shortcomings as well as five other themes: (1) the value of the human influence in RA; (2) transnationalism - an unfathomable notion; (3) consistency is no panacea to performance; (4) CI organizational RA-influencing forces; and (5) CI RA-enablers and impediments.
The investigation suggests that the team approach to effective RA for CIP is considered as the absolute panacea in the eyes of practitioners although both insights from the current industry RA practice through the interviews themselves, and an investigation of relevant literature suggests that although this is warmheartedly recommended (a) there are no set rules and guidelines in its application, (b) it is not coordinated nor applied consistently, and (c) it is not an integral part of RA processes. Notwithstanding the reality that a team approach to RA for CIP is being contemplated by practitioners, albeit with lagging consistency and coordination, it is evident that additional research is necessary to broaden the understanding of its value.
本文调查了从业人员对影响关键基础设施(CI)及其保护(CIP)风险评估(RA)的决策影响因素和跨国考虑因素的看法。调查基于对 12 名 RA 从业人员访谈的主题分析。分析确定了一个支持团队方法是弥补 RA 流程缺陷的唯一真正办法这一观点的总主题,以及其他五个主题:(1) 人在 RA 中的影响价值;(2) 跨国主义--一个深不可测的概念;(3) 一致性不是绩效的灵丹妙药;(4) 影响 CI 组织 RA 的力量;(5) CI RA 的促进因素和障碍。调查表明,在从业人员眼中,有效开展 CIP 资源管理的团队方法被认为是绝对的灵丹妙药,但通过访谈对当前行业资源管理实践的深入了解,以及对相关文献的调查表明,虽然这种方法得到了热情推荐,但(a)在应用中没有固定的规则和准则,(b)没有得到协调,也没有得到一致应用,以及(c)它不是资源管理流程不可分割的一部分。尽管实践者正在考虑对CIP的风险评估采取团队方法,但一致性和协调性滞后,显然有必要开展更多的研究,以扩大对其价值的认识。
{"title":"Performing risk assessment for critical infrastructure protection: A study of human decision-making and practitioners' transnationalism considerations","authors":"Michalis Papamichael , Christos Dimopoulos , Georgios Boustras , Marios Vryonides","doi":"10.1016/j.ijcip.2024.100682","DOIUrl":"https://doi.org/10.1016/j.ijcip.2024.100682","url":null,"abstract":"<div><p>This paper investigates the views of practitioners on the decision-making influences and the transnational considerations affecting risk assessment (RA) for critical infrastructure (CI) and its protection (CIP).</p><p>The investigation is based on a thematic analysis of the interviews of twelve RA practitioners. The analysis identified an overarching theme supporting the view that the team approach is the one true remedy to RA process shortcomings as well as five other themes: (1) the value of the human influence in RA; (2) transnationalism - an unfathomable notion; (3) consistency is no panacea to performance; (4) CI organizational RA-influencing forces; and (5) CI RA-enablers and impediments.</p><p>The investigation suggests that the team approach to effective RA for CIP is considered as the absolute panacea in the eyes of practitioners although both insights from the current industry RA practice through the interviews themselves, and an investigation of relevant literature suggests that although this is warmheartedly recommended (a) there are no set rules and guidelines in its application, (b) it is not coordinated nor applied consistently, and (c) it is not an integral part of RA processes. Notwithstanding the reality that a team approach to RA for CIP is being contemplated by practitioners, albeit with lagging consistency and coordination, it is evident that additional research is necessary to broaden the understanding of its value.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100682"},"PeriodicalIF":3.6,"publicationDate":"2024-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140918877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-04-29DOI: 10.1016/j.ijcip.2024.100678
Andrew D. Syrmakesis , Cristina Alcaraz , Nikos D. Hatziargyriou
In power systems, generation must be maintained in constant equilibrium with consumption. A key indicator for this balance is the frequency of the power grid. The load frequency control (LFC) system is responsible for maintaining the frequency close to its nominal value and the power deviation of tie-lines at their scheduled levels. However, the remote communication system of LFC exposes it to several cyber threats. A successful cyberattack against LFC attempts to affect the field measurements that are transferred though its remote control loop. In this work, a data-driven, attack recovery method is proposed against denial of service and false data injection attacks, called DAR-LFC. For this purpose, a deep neural network is developed that generates estimations of the area control error (ACE) signal. When a cyberattack against the LFC occurs, the proposed estimator can temporarily compute and replace the affected ACE, mitigating the effects of the cyberattacks. The effectiveness and the scalability of the DAR-LFC is verified on a single and a two area LFC simulations in MATLAB/Simulink.
{"title":"DAR-LFC: A data-driven attack recovery mechanism for Load Frequency Control","authors":"Andrew D. Syrmakesis , Cristina Alcaraz , Nikos D. Hatziargyriou","doi":"10.1016/j.ijcip.2024.100678","DOIUrl":"https://doi.org/10.1016/j.ijcip.2024.100678","url":null,"abstract":"<div><p>In power systems, generation must be maintained in constant equilibrium with consumption. A key indicator for this balance is the frequency of the power grid. The load frequency control (LFC) system is responsible for maintaining the frequency close to its nominal value and the power deviation of tie-lines at their scheduled levels. However, the remote communication system of LFC exposes it to several cyber threats. A successful cyberattack against LFC attempts to affect the field measurements that are transferred though its remote control loop. In this work, a data-driven, attack recovery method is proposed against denial of service and false data injection attacks, called DAR-LFC. For this purpose, a deep neural network is developed that generates estimations of the area control error (ACE) signal. When a cyberattack against the LFC occurs, the proposed estimator can temporarily compute and replace the affected ACE, mitigating the effects of the cyberattacks. The effectiveness and the scalability of the DAR-LFC is verified on a single and a two area LFC simulations in MATLAB/Simulink.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100678"},"PeriodicalIF":3.6,"publicationDate":"2024-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141083694","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Data manipulation attacks targeting network traffic of SCADA systems may compromise the reliability of an Industrial Control system (ICS). This can mislead the control center about the real-time operating conditions of the ICS and can alter commands sent to the field equipment. Deep Learning techniques appear as a suitable solution for detecting such complicated attacks. This paper proposes a Network based Anomaly Detection System (NADS) to detect data manipulation attacks with a focus on Modbus/TCP-based SCADA systems. The proposed NADS is a sequence to sequence auto encoder which uses the long short term memory units with embedding layer, teacher forcing technique and attention mechanism. The model has been trained and tested using the SWaT dataset, which corresponds to a scaled-down water treatment plant. The model detected 23 of 36 attacks and outperformed two other existing NADS with an improvement of 0.22 for simple attacks and obtained a recall value of 0.86 on attack 36 compared to the other NADS which obtained 0.74.
{"title":"A real-time network based anomaly detection in industrial control systems","authors":"Faeze Zare , Payam Mahmoudi-Nasr , Rohollah Yousefpour","doi":"10.1016/j.ijcip.2024.100676","DOIUrl":"https://doi.org/10.1016/j.ijcip.2024.100676","url":null,"abstract":"<div><p>Data manipulation attacks targeting network traffic of SCADA systems may compromise the reliability of an Industrial Control system (ICS). This can mislead the control center about the real-time operating conditions of the ICS and can alter commands sent to the field equipment. Deep Learning techniques appear as a suitable solution for detecting such complicated attacks. This paper proposes a Network based Anomaly Detection System (NADS) to detect data manipulation attacks with a focus on Modbus/TCP-based SCADA systems. The proposed NADS is a sequence to sequence auto encoder which uses the long short term memory units with embedding layer, teacher forcing technique and attention mechanism. The model has been trained and tested using the SWaT dataset, which corresponds to a scaled-down water treatment plant. The model detected 23 of 36 attacks and outperformed two other existing NADS with an improvement of 0.22 for simple attacks and obtained a recall value of 0.86 on attack 36 compared to the other NADS which obtained 0.74.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100676"},"PeriodicalIF":3.6,"publicationDate":"2024-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140880127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-04-26DOI: 10.1016/j.ijcip.2024.100680
Mr. Antonio Carlo , Dr. Paola Breda
The cyber domain has led to growth in current satellite capabilities, which have become essential due to the increased use of both civil and military critical infrastructure (CI) management systems. In recent decades, outer space has proven to be an increasingly critical sector for the international management of commercial CI, with private operators acting on both multi- and transnational levels. However, the space domain is characterised by not only opportunities but also risks and threats. As the security implications of space were not sufficiently considered at the beginning of the space era, some of the predominant risks currently extend into the commercial sphere. These risks must be considered to ensure the resilience of connected CIs in outer space. Security is a vital issue in the cyber and space domains and should be considered in every phase of a space system's life cycle, from the development and manufacturing of space assets to their deployment and end of life. This involves CI in several sectors, each of which exhibits different but interrelated risks. For example, telecommunications and location systems increasingly require the use of CI, which creates a fragile interdependence that is extremely vulnerable to threats. This paper underlines the importance of recognising space systems as CI and emphasises the need for a better integration of these assets in a system-of-systems analysis. The consequences of global satellite disruption on terrestrial CI are used to support this view. In such a disruptive scenario, mitigation measures based on in-orbit servicing or responsive space capabilities, for example, would allow CI to be restored to first ensure national security followed by commercial activities. Moreover, this paper provides an overview of the legal and policy aspects of using space systems’ capabilities in CI to better understand their implications and encourage the development of recommendations.
网络领域导致了当前卫星能力的增长,由于民用和军用关键基础设施(CI)管理系统的使用增加,卫星能力变得至关重要。近几十年来,外层空间已被证明是商业 CI 国际管理的一个日益重要的领域,私人运营商在多国和跨国层面上都采取了行动。然而,太空领域的特点不仅是机遇,还有风险和威胁。由于在太空时代之初没有充分考虑到太空的安全影响,目前一些主要风险已延伸到商业领域。必须考虑到这些风险,以确保外层空间中相互连接的 CI 的复原力。安全是网络和空间领域的一个重要问题,应在空间系统生命周期的每个阶段加以考虑,从空间资产的开发和制造到部署和报废。这涉及多个部门的计算机信息系统,每个部门都有不同但相互关联的风险。例如,电信和定位系统越来越多地需要使用 CI,这就形成了一种脆弱的相互依存关系,极易受到威胁。本文强调了将空间系统视为 CI 的重要性,并强调有必要在系统分析中更好地整合这些资产。本文利用全球卫星中断对地面 CI 造成的后果来支持这一观点。在这种破坏性情况下,基于在轨服务或响应性空间能力等的缓解措施将使 CI 得以恢复,首先确保国家安全,然后才是商业活动。此外,本文还概述了在 CI 中使用空间系统能力的法律和政策方面,以便更好地理解其影响,并鼓励提出建议。
{"title":"Impact of space systems capabilities and their role as critical infrastructure","authors":"Mr. Antonio Carlo , Dr. Paola Breda","doi":"10.1016/j.ijcip.2024.100680","DOIUrl":"https://doi.org/10.1016/j.ijcip.2024.100680","url":null,"abstract":"<div><p>The cyber domain has led to growth in current satellite capabilities, which have become essential due to the increased use of both civil and military critical infrastructure (CI) management systems. In recent decades, outer space has proven to be an increasingly critical sector for the international management of commercial CI, with private operators acting on both multi- and transnational levels. However, the space domain is characterised by not only opportunities but also risks and threats. As the security implications of space were not sufficiently considered at the beginning of the space era, some of the predominant risks currently extend into the commercial sphere. These risks must be considered to ensure the resilience of connected CIs in outer space. Security is a vital issue in the cyber and space domains and should be considered in every phase of a space system's life cycle, from the development and manufacturing of space assets to their deployment and end of life. This involves CI in several sectors, each of which exhibits different but interrelated risks. For example, telecommunications and location systems increasingly require the use of CI, which creates a fragile interdependence that is extremely vulnerable to threats. This paper underlines the importance of recognising space systems as CI and emphasises the need for a better integration of these assets in a system-of-systems analysis. The consequences of global satellite disruption on terrestrial CI are used to support this view. In such a disruptive scenario, mitigation measures based on in-orbit servicing or responsive space capabilities, for example, would allow CI to be restored to first ensure national security followed by commercial activities. Moreover, this paper provides an overview of the legal and policy aspects of using space systems’ capabilities in CI to better understand their implications and encourage the development of recommendations.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100680"},"PeriodicalIF":3.6,"publicationDate":"2024-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140880128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper comprehensively reviews the challenges posed by cybersecurity and cyber-terrorism to energy-related infrastructures. The article highlights the difficulty in monitoring, managing, and measuring cybersecurity threats and discuss the critical need for analysis in this area, particularly in the energy sector, where control and command operations are conducted in an internetworked environment. Despite the energy industry's effective risk management practices, it remains vulnerable to cyber-terrorism, as evidenced by the Stuxnet attack. This hardware-software co-designed mechanism targeted Iranian nuclear facilities. The authors explore the technical aspects of Stuxnet and its impact on the energy sector, emphasising the need for proactive measures to mitigate the risks posed by cyber-terrorism. The economic implications of cyberattacks on energy infrastructures are also discussed, including the potential for significant financial losses and reputational damage. The authors provide practical guidance on preventive measures and defence mechanisms, such as network segmentation, access control, and encryption, to help prevent cyberattacks. In a nutshell, this paper serves as a timely and insightful reminder of the ongoing challenges faced by energy-related infrastructures in cybersecurity and cyber-terrorism. It underscores the need to continue developing effective risk management strategies and implementing appropriate measures to protect against cyber threats.
{"title":"Cybersecurity and cyber-terrorism challenges to energy-related infrastructures – Cybersecurity frameworks and economics – Comprehensive review","authors":"Sampath Kumar Venkatachary , Jagdish Prasad , Annamalai Alagappan , Leo John Baptist Andrews , Raymon Antony Raj , Sarathkumar Duraisamy","doi":"10.1016/j.ijcip.2024.100677","DOIUrl":"10.1016/j.ijcip.2024.100677","url":null,"abstract":"<div><p>This paper comprehensively reviews the challenges posed by cybersecurity and cyber-terrorism to energy-related infrastructures. The article highlights the difficulty in monitoring, managing, and measuring cybersecurity threats and discuss the critical need for analysis in this area, particularly in the energy sector, where control and command operations are conducted in an internetworked environment. Despite the energy industry's effective risk management practices, it remains vulnerable to cyber-terrorism, as evidenced by the Stuxnet attack. This hardware-software co-designed mechanism targeted Iranian nuclear facilities. The authors explore the technical aspects of Stuxnet and its impact on the energy sector, emphasising the need for proactive measures to mitigate the risks posed by cyber-terrorism. The economic implications of cyberattacks on energy infrastructures are also discussed, including the potential for significant financial losses and reputational damage. The authors provide practical guidance on preventive measures and defence mechanisms, such as network segmentation, access control, and encryption, to help prevent cyberattacks. In a nutshell, this paper serves as a timely and insightful reminder of the ongoing challenges faced by energy-related infrastructures in cybersecurity and cyber-terrorism. It underscores the need to continue developing effective risk management strategies and implementing appropriate measures to protect against cyber threats.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100677"},"PeriodicalIF":3.6,"publicationDate":"2024-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140796282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-04-20DOI: 10.1016/j.ijcip.2024.100679
Y. Shen, W. Zhou
This study analyzes the mileage and incident data between 1995 and 2016 corresponding to the onshore oil and natural gas transmission pipelines regulated by the Canada Energy Regulator (CER) and Pipeline and Hazardous Materials Safety Administration (PHMSA) of the United States. The analysis indicates that the material/weld/equipment failure is the leading failure cause for both CER and PHMSA pipeline incidents. The annual average incident rates of the CER and PHMSA pipelines are in the order of 10−3 per km except for the PHMSA gas pipelines, the annual incident rate of which is in the order of 10−4 per km. The annual average rupture rates of the CER and PHMSA pipelines vary from 3.5 × 10−5 to 4.5 × 10−5 per km. The F-N curves for the PHMSA pipelines are developed based on the mileage and incident data to quantify the societal risks posed by the pipeline in general.
{"title":"A comparison of onshore oil and gas transmission pipeline incident statistics in Canada and the United States","authors":"Y. Shen, W. Zhou","doi":"10.1016/j.ijcip.2024.100679","DOIUrl":"10.1016/j.ijcip.2024.100679","url":null,"abstract":"<div><p>This study analyzes the mileage and incident data between 1995 and 2016 corresponding to the onshore oil and natural gas transmission pipelines regulated by the Canada Energy Regulator (CER) and Pipeline and Hazardous Materials Safety Administration (PHMSA) of the United States. The analysis indicates that the material/weld/equipment failure is the leading failure cause for both CER and PHMSA pipeline incidents. The annual average incident rates of the CER and PHMSA pipelines are in the order of 10<sup>−3</sup> per km except for the PHMSA gas pipelines, the annual incident rate of which is in the order of 10<sup>−4</sup> per km. The annual average rupture rates of the CER and PHMSA pipelines vary from 3.5 × 10<sup>−5</sup> to 4.5 × 10<sup>−5</sup> per km. The F-N curves for the PHMSA pipelines are developed based on the mileage and incident data to quantify the societal risks posed by the pipeline in general.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100679"},"PeriodicalIF":3.6,"publicationDate":"2024-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1874548224000209/pdfft?md5=eddf33d8e539f2a2af96e60537f15885&pid=1-s2.0-S1874548224000209-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140770030","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-04-17DOI: 10.1016/j.ijcip.2024.100675
Midhya Mathew , Faruk Kazi
Industrial control systems (ICSs) are extensively utilized worldwide to control and regulate various processes in energy utilities. It consists of various field devices, control and monitoring devices and communication devices. This paper focuses on the testing and analysis of various attack vectors that could potentially occur in a hardware-in-loop (HIL) Industrial Control System (ICS) testbed designed for a 500 MW thermal power plant. In this testbed, four typical process scenarios have been identified that can be manipulated through cyber-attacks, leading to severe issues such as plant shutdown or even explosions. The four significant plant scenarios recognized include minimal coal mill levels and increased temperatures in the classifier, heightened primary airflow to the coal mill, the tripping of an ID fan, and adjustment of the Super-heater temperature to its lowest setting. Also, we utilize the STRIDE threat modeling methodology to accurately represents the elements of Cyber-Physical Systems (CPS), their inter-dependencies, and the potential attack entry points and system vulnerabilities.
{"title":"Hardware-in-Loop (HIL) Testbed Design of Thermal Power Plant for Threat Modeling and Attack Vector Analysis","authors":"Midhya Mathew , Faruk Kazi","doi":"10.1016/j.ijcip.2024.100675","DOIUrl":"10.1016/j.ijcip.2024.100675","url":null,"abstract":"<div><p>Industrial control systems (ICSs) are extensively utilized worldwide to control and regulate various processes in energy utilities. It consists of various field devices, control and monitoring devices and communication devices. This paper focuses on the testing and analysis of various attack vectors that could potentially occur in a hardware-in-loop (HIL) Industrial Control System (ICS) testbed designed for a 500 MW thermal power plant. In this testbed, four typical process scenarios have been identified that can be manipulated through cyber-attacks, leading to severe issues such as plant shutdown or even explosions. The four significant plant scenarios recognized include minimal coal mill levels and increased temperatures in the classifier, heightened primary airflow to the coal mill, the tripping of an ID fan, and adjustment of the Super-heater temperature to its lowest setting. Also, we utilize the STRIDE threat modeling methodology to accurately represents the elements of Cyber-Physical Systems (CPS), their inter-dependencies, and the potential attack entry points and system vulnerabilities.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100675"},"PeriodicalIF":3.6,"publicationDate":"2024-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140773883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The cyber-physical system (CPS) plays a crucial role in supporting critical infrastructure like water treatment facilities, gas stations, air conditioning components, and smart grids, which are essential to society. However, these systems are facing a growing susceptibility to a wide range of emerging attacks. Cyber-attacks against CPS have the potential to cause disruptions in the accurate sensing and actuation processes, resulting in significant harm to physical entities and posing concerns for the overall safety of society. Unlike common security measures like firewalls and encryption, which often aren't enough to deal with the unique problems that CPS architectures present, deploying machine learning-based intrusion detection systems (IDS) that are specifically made for CPS has become an important way to make them safer. The application of machine learning algorithms has been suggested as a means of mitigating cyber-attacks on CPS. However, the limited availability of labelled data pertaining to emerging attack techniques poses a significant challenge to the accurate detection of such attacks. In the given scenario, transfer learning emerges as a promising methodology for the detection of cyber-attacks, as it involves the implicit modelling of the system. In this research, we propose a new lightweight transfer learning method via ResNet50-CNN1D for intrusion detection in CPS. The Adaptive Gradient (Adagrad) optimizer was applied in the proposed model to minimize the loss function through the adjustment of network weight. We tested how well the suggested ResNet50-1D-CNN model worked using the UNSW-NB15 dataset and a control system dataset called HAI. The HAI dataset was taken from the testbed and based on a planned physical attack scenario. By calculating the coefficient scores for the top ten (10) features in the HAI and UNSW-NB15 data, it was possible to determine the relevance of a feature. The rationale behind employing transfer learning was to mitigate the complexity associated with the classification of cyber-attacks and runtime. The utilization of transfer learning resulted in notable reductions in both the training and testing times required for the detection of attacks. On the HAI data, the results showed an accuracy of 97.32 %, recall of 98.41 %, F1-score of 96.32 %, and precision of 97.09 %. On the UNSW-NB15 data, the results showed an accuracy of 99.89 %, recall of 99.09 %, F1-score of 98.01 %, and precision of 98.70 %.
{"title":"ResNet50-1D-CNN: A new lightweight resNet50-One-dimensional convolution neural network transfer learning-based approach for improved intrusion detection in cyber-physical systems","authors":"Yakub Kayode Saheed , Oluwadamilare Harazeem Abdulganiyu , Kaloma Usman Majikumna , Musa Mustapha , Abebaw Degu Workneh","doi":"10.1016/j.ijcip.2024.100674","DOIUrl":"https://doi.org/10.1016/j.ijcip.2024.100674","url":null,"abstract":"<div><p>The cyber-physical system (CPS) plays a crucial role in supporting critical infrastructure like water treatment facilities, gas stations, air conditioning components, and smart grids, which are essential to society. However, these systems are facing a growing susceptibility to a wide range of emerging attacks. Cyber-attacks against CPS have the potential to cause disruptions in the accurate sensing and actuation processes, resulting in significant harm to physical entities and posing concerns for the overall safety of society. Unlike common security measures like firewalls and encryption, which often aren't enough to deal with the unique problems that CPS architectures present, deploying machine learning-based intrusion detection systems (IDS) that are specifically made for CPS has become an important way to make them safer. The application of machine learning algorithms has been suggested as a means of mitigating cyber-attacks on CPS. However, the limited availability of labelled data pertaining to emerging attack techniques poses a significant challenge to the accurate detection of such attacks. In the given scenario, transfer learning emerges as a promising methodology for the detection of cyber-attacks, as it involves the implicit modelling of the system. In this research, we propose a new lightweight transfer learning method via ResNet50-CNN1D for intrusion detection in CPS. The Adaptive Gradient (Adagrad) optimizer was applied in the proposed model to minimize the loss function through the adjustment of network weight. We tested how well the suggested ResNet50-1D-CNN model worked using the UNSW-NB15 dataset and a control system dataset called HAI. The HAI dataset was taken from the testbed and based on a planned physical attack scenario. By calculating the coefficient scores for the top ten (10) features in the HAI and UNSW-NB15 data, it was possible to determine the relevance of a feature. The rationale behind employing transfer learning was to mitigate the complexity associated with the classification of cyber-attacks and runtime. The utilization of transfer learning resulted in notable reductions in both the training and testing times required for the detection of attacks. On the HAI data, the results showed an accuracy of 97.32 %, recall of 98.41 %, F1-score of 96.32 %, and precision of 97.09 %. On the UNSW-NB15 data, the results showed an accuracy of 99.89 %, recall of 99.09 %, F1-score of 98.01 %, and precision of 98.70 %.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100674"},"PeriodicalIF":3.6,"publicationDate":"2024-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140640963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-03-04DOI: 10.1016/j.ijcip.2024.100673
Taiyi Zhao , Yuchun Tang , Qiming Li , Jingquan Wang
During the post-disaster recovery process of the urban system (US), it is critical to understand the interdependencies of critical infrastructure systems (CISs) and strategically allocate resources among them. However, due to the complexity of the problem and the limitations of the perspective, the existing research usually ignores the implicit impact of interdependence and resource allocation on urban resilience. To bridge this gap, this study establishes a multilayer network-based methodological framework to characterize various types of interdependencies between different CISs and integrate the US as a complex “system of systems”. Then, the system functionality of the US under different resource allocation strategies is quantified and optimized by resilience metrics. This proposed framework was demonstrated in a virtual US including a transportation subsystem (TS), an electric power supply subsystem (EPSS), and a community subsystem (CS) under catastrophic earthquakes. The sensitivity of urban resilience to interdependencies is investigated, and the corresponding results reveal that urban resilience is most sensitive to the interdependence between TS and EPSS. In particular, when there exists strong interdependence between the TS and EPSS, the optimal resource allocation strategy to maximize urban resilience is assigning resource allocation coefficients of 0.1, 0.8, and 0.1 for the TS, EPSS, and CS, respectively. These results can be effectively applied in future planning and investment in urban resilience.
{"title":"Enhancing urban system resilience to earthquake disasters: Impact of interdependence and resource allocation","authors":"Taiyi Zhao , Yuchun Tang , Qiming Li , Jingquan Wang","doi":"10.1016/j.ijcip.2024.100673","DOIUrl":"10.1016/j.ijcip.2024.100673","url":null,"abstract":"<div><p>During the post-disaster recovery process of the urban system (US), it is critical to understand the interdependencies of critical infrastructure systems (CISs) and strategically allocate resources among them. However, due to the complexity of the problem and the limitations of the perspective, the existing research usually ignores the implicit impact of interdependence and resource allocation on urban resilience. To bridge this gap, this study establishes a multilayer network-based methodological framework to characterize various types of interdependencies between different CISs and integrate the US as a complex “system of systems”. Then, the system functionality of the US under different resource allocation strategies is quantified and optimized by resilience metrics. This proposed framework was demonstrated in a virtual US including a transportation subsystem (TS), an electric power supply subsystem (EPSS), and a community subsystem (CS) under catastrophic earthquakes. The sensitivity of urban resilience to interdependencies is investigated, and the corresponding results reveal that urban resilience is most sensitive to the interdependence between TS and EPSS. In particular, when there exists strong interdependence between the TS and EPSS, the optimal resource allocation strategy to maximize urban resilience is assigning resource allocation coefficients of 0.1, 0.8, and 0.1 for the TS, EPSS, and CS, respectively. These results can be effectively applied in future planning and investment in urban resilience.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100673"},"PeriodicalIF":3.6,"publicationDate":"2024-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140072274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-03-02DOI: 10.1016/j.ijcip.2024.100672
Poornachandratejasvi Laxman Bhattar , Naran M Pindoriya , Anurag Sharma
The distribution system is digitizing and occupying cyberspace with the help of information and communication technologies (ICTs). It is vulnerable to cyber-attacks like false data injection (FDI) and denial-of-services (DoS). However, limited research on cyber-attacks in the distribution system is reported in the literature, and these attacks are of serious concern to distribution system operators (DSOs). The DSO's primary challenge is to understand the attacker's perspective for FDI attack construction. Thus, the work presented in this paper aims to provide an in-depth insight for DSO to apprehend the attacker's perspective, attack flow, and the nature of the FDI attack vector. The prior knowledge of attack flow to DSO can help to protect critical infrastructures from cyber-attacks. Thus, this work comprehends the attacker's behaviour for deploying the optimal budget to disrupt the distribution system operation therein by injecting a stealthy FDI vector. The attacker is resource-constrained in terms of budget and network information. Therefore, the optimal budget for attack initiation is proposed and formulated as a multi-objective optimization problem to minimize the investment and maximize the economic loss for the DSO. Constructing the attack vectors for the attacker is challenging in the limited network information. It is complex because of network characteristics such as multi-phase configurations & an unbalanced nature, and higher resistance to reactance () ratio. Thus, the FDI attack vector construction is proposed based on non-linear programming optimization and sensitivity analysis considering partial information from the distribution system. The simulation results are presented and compared with available methods in the literature to validate the efficacy of the proposed methods.
{"title":"False data injection in distribution system: Attacker's perspective","authors":"Poornachandratejasvi Laxman Bhattar , Naran M Pindoriya , Anurag Sharma","doi":"10.1016/j.ijcip.2024.100672","DOIUrl":"10.1016/j.ijcip.2024.100672","url":null,"abstract":"<div><p>The distribution system is digitizing and occupying cyberspace with the help of information and communication technologies (ICTs). It is vulnerable to cyber-attacks like false data injection (FDI) and denial-of-services (DoS). However, limited research on cyber-attacks in the distribution system is reported in the literature, and these attacks are of serious concern to distribution system operators (DSOs). The DSO's primary challenge is to understand the attacker's perspective for FDI attack construction. Thus, the work presented in this paper aims to provide an in-depth insight for DSO to apprehend the attacker's perspective, attack flow, and the nature of the FDI attack vector. The prior knowledge of attack flow to DSO can help to protect critical infrastructures from cyber-attacks. Thus, this work comprehends the attacker's behaviour for deploying the optimal budget to disrupt the distribution system operation therein by injecting a stealthy FDI vector. The attacker is resource-constrained in terms of budget and network information. Therefore, the optimal budget for attack initiation is proposed and formulated as a multi-objective optimization problem to minimize the investment and maximize the economic loss for the DSO. Constructing the attack vectors for the attacker is challenging in the limited network information. It is complex because of network characteristics such as multi-phase configurations & an unbalanced nature, and higher resistance to reactance (<span><math><mrow><mi>r</mi><mo>/</mo><mi>x</mi></mrow></math></span>) ratio. Thus, the FDI attack vector construction is proposed based on non-linear programming optimization and sensitivity analysis considering partial information from the distribution system. The simulation results are presented and compared with available methods in the literature to validate the efficacy of the proposed methods.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100672"},"PeriodicalIF":3.6,"publicationDate":"2024-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140083874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号