International Journal of Critical Infrastructure Protection最新文献

5 G technology promises a wide range of benefits for critical infrastructure (CI), including improved reliability, increased efficiency, cost savings, and increased worker safety. However, it also brings many new risks that CI owners and operators must be prepared for to facilitate effective risk mitigation and response. These risks, however, have not been systematically assessed for CI systems. This paper investigates how the cyber-physical risk landscape will be impacted by 5 G for four major CI sectors in detail: smart transportation, smart water, smart power, and smart oil and gas networks. Compared to prior work only examining a single CI network, the authors present a comprehensive assessment of the types of threats that these sectors can expect based on past incidents, the new vulnerabilities introduced by 5 G and existing vulnerabilities exacerbated by the introduction of more connected devices, along with mitigation recommendations for each risk. Risks associated with the rollout of and transition to 5 G, risks from 5 G network disruptions, cyberattack risks, and privacy risks are included. While each of the sectors has a unique risk profile, general themes also emerged across multiple CI networks. Notably, there will be an increased number of threat vectors from smart devices reliant on the telecommunications network to provide monitoring and control of infrastructure services. Because many of these devices are accessible by the public, the risk of social engineering attacks and vulnerability to physical hacking are exacerbated. Successful risk mitigation requires collaboration among CI's many stakeholders to implement security measures at the interfaces between connected devices to limit the access to assets in case one security measure is successfully bypassed. Due to the increased interdependencies between CI networks, operators must create backup plans to keep the most essential services running on a smaller bandwidth in case of a 5 G outage or similar failure. As 5 G capabilities continue to develop and the risk landscape evolves, ongoing research is needed and CI owners and operators should be prepared to update security measures to remain ahead of identified risks and threats.

We propose a rule-based anomaly detection system for railway signalling that mitigates attacks by a Dolev-Yao attacker who is able to inject control commands to perform semantic attacks by issuing licit but mistimed control messages. The system as well mitigates the effects of a signal box compromised by an attacker with the same effect. We consider an attacker that could cause train derailments and collisions, if our countermeasure is not employed. We apply safety principles of railway operation to create a distributed anomaly detection system that inspects incoming commands on the signals and points. The proposed anomaly detection system detects mistimed control messages against light signals, points and train detection systems that lead to derailments and collisions without producing false positives, while it requires only a small amount of overhead in terms of network communication and latency compared to normal train operation.

Power grids are prone to damage induced by natural or anthropogenic hazard events that might disrupt the functionality of key/multiple grid components concurrently, resulting in a chain of cascade failures spreading throughout the grid. Through integrating grid operation-guided with structure-driven modeling strategies, the current study proposes an approach to manage the risks of such cascade failure (known as systemic-risks) to minimize the possibility of large-scale catastrophic blackouts. The operation-guided modeling strategy is implemented through dispatch and load shedding to rebalance power demand and supply after disruptive events. On the other hand, the grid structure-driven modeling strategy adopted intentional controlled islanding approach through employing a constrained spectral clustering algorithm. Introducing the latter algorithm within the integrated (operation + structure) cascade failure model facilitated identifying the optimal cut-set lines to separate the grid into a group of functioning sub-grids following initial failure and prior to cascade propagation. To demonstrate the utility of the developed systemic risk management strategy, an actual power grid was simulated using a high-fidelity physics-based model under different disruption scenarios to compare the cascade failure size with and without strategy implementation, considering different numbers of sub-grids. The simulations demonstrate that the integrated (dispatch & load shedding-controlled islanding) strategy can effectively boost the overall grid robustness, and subsequently its resilience, and effectively manage catastrophic blackout systemic risks.

Industrial Control Systems (ICSs) are a key technology for life-sustainability, social development and economic progress used in a wide range of industrial solutions, including Critical Infrastructures (CIs), becoming the primary target for multiple security attacks. With the increase of personalized and sophisticated attacks, the need for new tailored ICS cybersecurity mechanisms has increased exponentially, complying with specific ICS requirements that Information Technology (IT) security systems fail to meet. In this survey, a comprehensive study of ICS intrusion response is conducted, focusing on the use of Software-Defined Networking (SDN) for the development of intrusion response strategies in ICS. With its centralized control plane, increased programmability and global view of the entire network, SDN enables the development of intrusion response solutions that provide a coordinated response to mitigate attacks. Through the survey, an analysis of ICS security requirements and the applicability of SDN is conducted, identifying the advantages and disadvantages compared to traditional networking and protocols. Furthermore, a taxonomy on intrusion response strategies is presented, where different proposals are discussed and categorized according to intrusion response strategy and deployment environment characteristics. Finally, future research directions and challenges are identified.

The safe and stable operation of the power grid is crucial to guarantee basic human demands and promote sustainable economic and social development. To better maintain the sound operation of the power grid, it is meaningful to analyse node importance and identify critical nodes based on the topology of the grid and its performance under cascading failure scenarios. Based on complex network theory, this paper proposes four node importance assessment metrics from static and dynamic perspectives. It performs a comprehensive importance assessment of power grid nodes based on data envelopment analysis (DEA) technology and then further identifies critical nodes in the system. A case study is conducted to validate the methodology. Results show that the suggested strategy may successfully identify the grid's key nodes with high accuracy and differentiation degree. This study is of great value for formulating reasonable emergency plans and improving power grid resilience.

Resilient interdependent critical infrastructures (CIs) can better withstand cascading failures in disruptive events. This study proposes network expansion as a resilience improvement strategy for interdependent CIs and evaluates the influence of topology in interdependent network design for resilience optimization under disruption uncertainty. A resilience score consisting of network complexity and unmet demand metrics is introduced to quantify the resilience of expanded networks. Five synthetic interdependent network instances with random and hub-and-spoke (i.e., cluster) topologies are generated to represent CIs with heterogeneous node functions. Different network expansion opportunities are considered and critical node disruption scenarios are used to evaluate the impact of uncertain disruptions. We apply a two-stage stochastic multi-objective resilience optimization model to determine strategic investment decisions using the expected total cost and expected resilience score as competing objectives. Compromise solutions of expanded network designs are identified from Pareto optimal solutions and they are characterized according to their graph properties. The results show that expanded networks have improved resilience and the extent of improvement is affected by the network topology and type of disruption. Under critical node disruptions, a random network is more resilient than a hub-and-spoke structure due to its better connectivity. Characteristics of highly connected interdependent networks are high average node degree, high clustering coefficient, and low average shortest path length. Resilience improvement is more limited in expanded networks with a hub-and-spoke structure due to the negative impact of hub failures.

Organizations that possess valuable information assets and critical infrastructure are prone to Advanced Persistent Threats (APTs). The life cycle of this type of modern attack consists of multiple stages called Intrusion Kill Chain (IKC). As one of the most common approaches to deal with these attacks, organizations’ security staff use various heterogeneous security and non-security sensors in different lines of defense (Network, Host, and Application) as the primary detection levels in the monitored IT network to log the attacker’s intrusive activities. They then model their behaviors by using logged events to detect the IKC of APT attacks. However, numerous methods proposed in the literature have three primary drawbacks: 1) the inability to use both security and non-security sensors of the three mentioned detection levels in event correlation analysis, 2) high dependence on expert knowledge in setting up and maintaining common attack patterns, and 3) incapability to provide a visual representation of the attack path for security administrators to better track on-the-fly attacks in a monitored network. This paper presents a system for Community-based Advanced Persistent Threat Analysis in IT Networks (CAPTAIN) to address the aforementioned issues and challenges. The CAPTAIN framework comprises two distinct phases (including 12 different activities) that receive raw events logged by heterogeneous sensors as input and detect possible IKCs of the APT attacks as output. This system implements a novel graph-based attackers’ behavior modeling technique for detecting the IKC of APT attacks by correlating analysis of logged events and leveraging knowledge discovery on the graph. Our evaluation of the two publicly available standard datasets, Bryant and DARPA Transparent Computing, indicates that the CAPTAIN is robust, reliable against high volume events, and can detect the IKC of APT attacks with high accuracy and low false positive rates.