首页 > 最新文献

International Journal of Critical Infrastructure Protection最新文献

英文 中文
Attacking the grid: Lessons from a guerrilla conflict and efforts for peace in Colombia: 1990–2018 攻击电网:哥伦比亚游击队冲突的教训和和平努力:1990–2018
IF 3.6 3区 工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100621
Jennifer S. Holmes , Agustin Palao , Mercedez Callenes , Neil Ortiz Silva , Alvaro Cardenas

Colombia has suffered a decades long internal conflict with leftist guerrillas. Its power grid has been attacked, causing significant damage to Colombian industry and disruption to citizens. This article uses data from ISA and XM (operators of the Colombian power grid) and from Centro de Investigación y Educación Popular (CINEP), a non-profit organization tracking the internal conflict in Colombia), to compare patterns of tower attacks to the general conflict with two main leftist guerrilla groups, the Ejército de Liberación Nacional (ELN) and the Fuerzas Armadas Revolucionarias de Colombia (FARC). Using time series analysis, trends of violence, tower attacks, and peace attempts from 1990 to 2018 are examined to see if structural breaks in violence correspond to critical junctures in negotiations. Attacks on the power grid are shown to be a popular guerrilla tactic to pressure the government.

哥伦比亚与左翼游击队发生了长达数十年的内部冲突。其电网遭到袭击,对哥伦比亚工业造成重大破坏,对公民造成干扰。本文使用ISA和XM(哥伦比亚电网运营商)以及追踪哥伦比亚内部冲突的非营利组织大众投资中心(CINEP)的数据,将塔楼袭击模式与两个主要左翼游击队的一般冲突进行比较,民族解放军(ELN)和哥伦比亚革命武装力量(FARC)。使用时间序列分析,研究了1990年至2018年的暴力、塔楼袭击和和平尝试的趋势,以确定暴力的结构性中断是否与谈判的关键时刻相对应。对电网的攻击被证明是向政府施压的一种流行的游击战术。
{"title":"Attacking the grid: Lessons from a guerrilla conflict and efforts for peace in Colombia: 1990–2018","authors":"Jennifer S. Holmes ,&nbsp;Agustin Palao ,&nbsp;Mercedez Callenes ,&nbsp;Neil Ortiz Silva ,&nbsp;Alvaro Cardenas","doi":"10.1016/j.ijcip.2023.100621","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100621","url":null,"abstract":"<div><p>Colombia has suffered a decades long internal conflict with leftist guerrillas. Its power grid has been attacked, causing significant damage to Colombian industry<span> and disruption to citizens. This article uses data from ISA and XM (operators of the Colombian power grid) and from Centro de Investigación y Educación Popular (CINEP), a non-profit organization tracking the internal conflict in Colombia), to compare patterns of tower attacks to the general conflict with two main leftist guerrilla groups, the Ejército de Liberación Nacional (ELN) and the Fuerzas Armadas Revolucionarias de Colombia (FARC). Using time series analysis, trends of violence, tower attacks, and peace attempts from 1990 to 2018 are examined to see if structural breaks in violence correspond to critical junctures in negotiations. Attacks on the power grid are shown to be a popular guerrilla tactic to pressure the government.</span></p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100621"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50192876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A flexible OT testbed for evaluating on-device implementations of IEC-61850 GOOSE 一种用于评估IEC-61850 GOOSE器件实现情况的柔性OT试验台
IF 3.6 3区 工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100618
Matthew Boeding , Michael Hempel , Hamid Sharif , Juan Lopez Jr , Kalyan Perumalla

The growing convergence of Information Technology and Operational Technology has enhanced communication and visibility across power grids. This, coupled with the growing use of Distributed Energy Resources in power grids, has enhanced the grid capabilities while also creating a larger attack surface for malicious actors. A common protocol vulnerable to these attacks is the IEC-61850 GOOSE protocol due to its low-latency requirements, multicast packet delivery method, and lack of encryption. In this paper, we evaluate the security implications of different hardware implementations of this protocol by contrasting device response and recovery of two commercial off-the-shelf Intelligent Electronic Devices from separate manufacturers. The cyberattacks utilized in this paper are research-established GOOSE attacks with results measured in device latency and GOOSE endpoint response success.

信息技术和操作技术的日益融合增强了整个电网的通信和可见性。再加上分布式能源在电网中的日益使用,增强了电网的能力,同时也为恶意行为者创造了更大的攻击面。易受这些攻击的常见协议是IEC-61850 GOOSE协议,因为其低延迟要求、多播数据包传递方法和缺乏加密。在本文中,我们通过对比不同制造商的两个商用现成智能电子设备的设备响应和恢复,评估了该协议不同硬件实现的安全影响。本文中使用的网络攻击是研究建立的GOOSE攻击,其结果是测量设备延迟和GOOSE端点响应成功率。
{"title":"A flexible OT testbed for evaluating on-device implementations of IEC-61850 GOOSE","authors":"Matthew Boeding ,&nbsp;Michael Hempel ,&nbsp;Hamid Sharif ,&nbsp;Juan Lopez Jr ,&nbsp;Kalyan Perumalla","doi":"10.1016/j.ijcip.2023.100618","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100618","url":null,"abstract":"<div><p>The growing convergence of Information Technology and Operational Technology has enhanced communication and visibility across power grids. This, coupled with the growing use of Distributed Energy Resources in power grids, has enhanced the grid capabilities while also creating a larger attack surface for malicious actors. A common protocol vulnerable to these attacks is the IEC-61850 GOOSE protocol due to its low-latency requirements, multicast packet delivery method, and lack of encryption. In this paper, we evaluate the security implications of different hardware implementations of this protocol by contrasting device response and recovery of two commercial off-the-shelf Intelligent Electronic Devices from separate manufacturers. The cyberattacks utilized in this paper are research-established GOOSE attacks with results measured in device latency and GOOSE endpoint response success.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100618"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50192980","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
AKAASH: A realizable authentication, key agreement, and secure handover approach for controller-pilot data link communications AKAASH:一种可实现的控制器导频数据链路通信认证、密钥协商和安全切换方法
IF 3.6 3区 工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100619
Suleman Khan , Gurjot Singh Gaba , An Braeken , Pardeep Kumar , Andrei Gurtov

Controller-Pilot Data Link Communications (CPDLC) are rapidly replacing voice-based Air Traffic Control (ATC) communications worldwide. Being digital, CPDLC is highly resilient and bandwidth efficient, which makes it the best choice for traffic-congested airports. Although CPDLC initially seems to be a perfect solution for modern-day ATC operations, it suffers from serious security issues. For instance, eavesdropping, spoofing, man-in-the-middle, message replay, impersonation attacks, etc. Cyber attacks on the aviation communication network could be hazardous, leading to fatal aircraft incidents and causing damage to individuals, service providers, and the aviation industry. Therefore, we propose a new security model called AKAASH, enabling several paramount security services, such as efficient and robust mutual authentication, key establishment, and a secure handover approach for the CPDLC-enabled aviation communication network. We implement the approach on hardware to examine the practicality of the proposed approach and verify its computational and communication efficiency and efficacy. We investigate the robustness of AKAASH through formal (proverif) and informal security analysis. The analysis reveals that the AKAASH adheres to the CPDLC standards and can easily integrate into the CPDLC framework.

管制员-飞行员数据链路通信(CPDLC)正在全球范围内迅速取代基于语音的空中交通管制(ATC)通信。CPDLC是数字化的,具有高度的弹性和带宽效率,是交通拥堵机场的最佳选择。尽管CPDLC最初似乎是现代ATC运营的完美解决方案,但它存在严重的安全问题。例如,窃听、欺骗、中间人、信息重放、冒充攻击等。对航空通信网络的网络攻击可能是危险的,导致致命的飞机事故,并对个人、服务提供商和航空业造成损害。因此,我们提出了一种新的安全模型,称为AKAASH,实现了几个重要的安全服务,如高效和稳健的相互认证、密钥建立,以及用于启用CPDLC的航空通信网络的安全切换方法。我们在硬件上实现了该方法,以检验所提出方法的实用性,并验证其计算和通信效率和有效性。我们通过正式的(证明者)和非正式的安全分析来研究AKAASH的稳健性。分析表明,AKAASH符合CPDLC标准,可以很容易地集成到CPDLC框架中。
{"title":"AKAASH: A realizable authentication, key agreement, and secure handover approach for controller-pilot data link communications","authors":"Suleman Khan ,&nbsp;Gurjot Singh Gaba ,&nbsp;An Braeken ,&nbsp;Pardeep Kumar ,&nbsp;Andrei Gurtov","doi":"10.1016/j.ijcip.2023.100619","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100619","url":null,"abstract":"<div><p>Controller-Pilot Data Link Communications (CPDLC) are rapidly replacing voice-based Air Traffic Control (ATC) communications worldwide. Being digital, CPDLC is highly resilient and bandwidth efficient, which makes it the best choice for traffic-congested airports. Although CPDLC initially seems to be a perfect solution for modern-day ATC operations, it suffers from serious security issues. For instance, eavesdropping, spoofing, man-in-the-middle, message replay, impersonation attacks, etc. Cyber attacks on the aviation communication network could be hazardous, leading to fatal aircraft incidents and causing damage to individuals, service providers, and the aviation industry. Therefore, we propose a new security model called AKAASH, enabling several paramount security services, such as efficient and robust mutual authentication, key establishment, and a secure handover approach for the CPDLC-enabled aviation communication network. We implement the approach on hardware to examine the practicality of the proposed approach and verify its computational and communication efficiency and efficacy. We investigate the robustness of AKAASH through formal (proverif) and informal security analysis. The analysis reveals that the AKAASH adheres to the CPDLC standards and can easily integrate into the CPDLC framework.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100619"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50192981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Protocol study and anomaly detection for server-driven traffic in SCADA networks SCADA网络中服务器驱动流量的协议研究与异常检测
IF 3.6 3区 工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100612
Chih-Yuan Lin, Simin Nadjm-Tehrani

Attacks against Supervisory Control and Data Acquisition (SCADA) systems operating critical infrastructures have largely appeared in the past decades. There are several anomaly detection systems that model the traffic of request–response mechanisms, where a client initiates a request to a server and the server sends back a response later. However, many modern SCADA protocols also allow server-driven traffic without a paired request, and anomaly detection for server-driven traffic has not been well-studied. This paper provides a comprehensive understanding of server-driven traffic across different protocols, such as MMS, Siemens S7, S7-plus, and IEC 60870-5-104 (IEC-104), with traffic analysis. The analysis results show that the common postulation of periodicity and correlation within SCADA traffic holds true for most of the analyzed datasets. The paper then proposes a Multivariate Correlation Anomaly Detection (MCAD) approach for server-driven traffic that presents complicated correlations among flows. The proposed approach is compared with a univariate correlation anomaly detection approach designed for SCADA and a general purpose anomaly detection approach based on neural network techniques. These approaches are tested with an IEC-104 dataset from a real power utility with injected timing perturbations resulting from a Stuxnet-like stealthy attack scenario. The detection accuracy of MCAD outperforms the compared methods and the time-to-detection performance is promising.

在过去的几十年里,针对运行关键基础设施的监控和数据采集(SCADA)系统的攻击在很大程度上已经出现。有几个异常检测系统对请求-响应机制的流量进行建模,其中客户端向服务器发起请求,服务器稍后发回响应。然而,许多现代SCADA协议也允许服务器驱动的流量,而无需配对请求,并且服务器驱动流量的异常检测尚未得到很好的研究。本文通过流量分析,全面了解了不同协议(如MMS、Siemens S7、S7 plus和IEC 60870-5-104(IEC-104))中服务器驱动的流量。分析结果表明,SCADA流量中周期性和相关性的常见假设适用于大多数分析数据集。然后,针对服务器驱动的流量,提出了一种多变量相关异常检测(MCAD)方法,该方法呈现了流量之间的复杂相关性。将所提出的方法与为SCADA设计的单变量相关异常检测方法和基于神经网络技术的通用异常检测方法进行了比较。这些方法用来自真实电力公司的IEC-104数据集进行了测试,该数据集具有由类似Stuxnet的隐形攻击场景引起的注入时序扰动。MCAD的检测精度优于比较方法,检测时间性能良好。
{"title":"Protocol study and anomaly detection for server-driven traffic in SCADA networks","authors":"Chih-Yuan Lin,&nbsp;Simin Nadjm-Tehrani","doi":"10.1016/j.ijcip.2023.100612","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100612","url":null,"abstract":"<div><p>Attacks against Supervisory Control and Data Acquisition (SCADA) systems operating critical infrastructures have largely appeared in the past decades. There are several anomaly detection systems that model the traffic of request–response mechanisms, where a client initiates a request to a server and the server sends back a response later. However, many modern SCADA protocols also allow server-driven traffic without a paired request, and anomaly detection for server-driven traffic has not been well-studied. This paper provides a comprehensive understanding of server-driven traffic across different protocols, such as MMS, Siemens S7, S7-plus, and IEC 60870-5-104 (IEC-104), with traffic analysis. The analysis results show that the common postulation of periodicity and correlation within SCADA traffic holds true for most of the analyzed datasets. The paper then proposes a Multivariate Correlation Anomaly Detection (MCAD) approach for server-driven traffic that presents complicated correlations among flows. The proposed approach is compared with a univariate correlation anomaly detection approach designed for SCADA and a general purpose anomaly detection approach based on neural network techniques. These approaches are tested with an IEC-104 dataset from a real power utility with injected timing perturbations resulting from a Stuxnet-like stealthy attack scenario. The detection accuracy of MCAD outperforms the compared methods and the time-to-detection performance is promising.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100612"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50192982","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Software-Defined Networking approaches for intrusion response in Industrial Control Systems: A survey 工业控制系统中入侵响应的软件定义网络方法综述
IF 3.6 3区 工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100615
Xabier Etxezarreta, Iñaki Garitano, Mikel Iturbe, Urko Zurutuza
{"title":"Software-Defined Networking approaches for intrusion response in Industrial Control Systems: A survey","authors":"Xabier Etxezarreta, Iñaki Garitano, Mikel Iturbe, Urko Zurutuza","doi":"10.1016/j.ijcip.2023.100615","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100615","url":null,"abstract":"","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"91 1","pages":"100615"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"54358406","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A flexible OT testbed for evaluating on-device implementations of IEC-61850 GOOSE 一个灵活的OT测试平台,用于评估IEC-61850 GOOSE的设备上实现
IF 3.6 3区 工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100618
Matthew Boeding, M. Hempel, H. Sharif, Juan Lopez, K. Perumalla
{"title":"A flexible OT testbed for evaluating on-device implementations of IEC-61850 GOOSE","authors":"Matthew Boeding, M. Hempel, H. Sharif, Juan Lopez, K. Perumalla","doi":"10.1016/j.ijcip.2023.100618","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100618","url":null,"abstract":"","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 1","pages":"100618"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"54358440","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
National and international maritime situational awareness model examples and the effects of North Stream Pipelines sabotage 国家和国际海上态势感知模型示例和北溪管道破坏的影响
IF 3.6 3区 工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100624
Tolga Ahmet Gülcan, Kadir Emrah Erginer

While many countries and international organizations with maritime security interests and rights at sea have developed new security strategies or policies in the wake of the 9/11 terrorist attacks in the United States of America, they have accordingly changed or created new maritime security strategies or doctrines with appropriate Maritime Situational Awareness (MSA) models as well. Maritime deterioration, climate change, cyberattacks, serious and organized crime, epidemics, and state-made threats are just some of the new and growing concerns affecting maritime security. The sabotage of the Nord Stream gas pipelines in the Baltic Sea has given maritime security doctrines and frameworks a new dimension. In this article, the current maritime security approaches and maritime domain or situational awareness (MDA/MSA) model examples of some countries and international organizations from different geographic regions and also the ones that are located in the maritime choke point regions where global maritime trade routes are located and also the effects of the Nord Stream Pipelines sabotages on these are examined in light of the new threats and risks. The principle result reached in this study is that countries and international structures should have a cross governmental maritime security strategy, or at least a doctrine, in order to guide their own maritime situational awareness models and identify information sharing architectures. The most important result of the sabotages on Nord Stream Pipelines for MSA models in this study is that the fastest and most cost-effective method for protecting critical infrastructure under the seas is the concept of systems such as Mothership controlled autonomous and unmanned underwater vehicles, extra large unmanned undersea vehicles and Synthetic-aperture radar (SAR) satellites.

尽管在美利坚合众国发生9/11恐怖袭击后,许多拥有海上安全利益和权利的国家和国际组织制定了新的安全战略或政策,但它们也相应地改变或创造了新的海上安全战略或理论,并采用了适当的海上态势感知模式。海洋恶化、气候变化、网络攻击、严重和有组织犯罪、流行病和国家制造的威胁只是影响海洋安全的一些新的、日益严重的问题。波罗的海北溪天然气管道遭到破坏,给海上安全理论和框架带来了新的层面。在本文中,来自不同地理区域的一些国家和国际组织,以及位于全球海上贸易路线所在的海上瓶颈地区的国家和组织,目前的海上安全方法和海上领域或态势感知(MDA/MSA)模型示例,以及北溪管道破坏对这些方法的影响,在鉴于新的威胁和风险。本研究得出的主要结果是,各国和国际结构应制定跨政府的海上安全战略,或至少制定一项原则,以指导本国的海上态势感知模型并确定信息共享架构。本研究中MSA模型对北溪管道的破坏最重要的结果是,保护海底关键基础设施的最快、最具成本效益的方法是使用系统的概念,如母舰控制的自主和无人水下航行器、超大型无人海底航行器和合成孔径雷达(SAR)卫星。
{"title":"National and international maritime situational awareness model examples and the effects of North Stream Pipelines sabotage","authors":"Tolga Ahmet Gülcan,&nbsp;Kadir Emrah Erginer","doi":"10.1016/j.ijcip.2023.100624","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100624","url":null,"abstract":"<div><p><span>While many countries and international organizations with maritime security interests and rights at sea have developed new security strategies or policies in the wake of the 9/11 terrorist attacks in the United States of America<span>, they have accordingly changed or created new maritime security strategies or doctrines with appropriate Maritime Situational Awareness (MSA) models as well. Maritime deterioration, climate change, cyberattacks, serious and organized crime, epidemics, and state-made threats are just some of the new and growing concerns affecting maritime security. The sabotage of the Nord Stream gas pipelines in the Baltic Sea has given maritime security doctrines and frameworks a new dimension. In this article, the current maritime security approaches and maritime domain or situational awareness (MDA/MSA) model examples of some countries and international organizations from different geographic regions and also the ones that are located in the maritime choke point regions where global </span></span>maritime trade<span> routes are located and also the effects of the Nord Stream Pipelines sabotages on these are examined in light of the new threats and risks. The principle result reached in this study is that countries and international structures should have a cross governmental maritime security strategy, or at least a doctrine, in order to guide their own maritime situational awareness models and identify information sharing architectures. The most important result of the sabotages on Nord Stream Pipelines for MSA models in this study is that the fastest and most cost-effective method for protecting critical infrastructure under the seas is the concept of systems such as Mothership controlled autonomous and unmanned underwater vehicles, extra large unmanned undersea vehicles and Synthetic-aperture radar (SAR) satellites.</span></p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100624"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50192885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A forensics and compliance auditing framework for critical infrastructure protection 用于关键基础设施保护的取证和法规遵从性审核框架
IF 3.6 3区 工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100613
João Henriques , Filipe Caldeira , Tiago Cruz , Paulo Simões

Contemporary societies are increasingly dependent on products and services provided by Critical Infrastructure (CI) such as power plants, energy distribution networks, transportation systems and manufacturing facilities. Due to their nature, size and complexity, such CIs are often supported by Industrial Automation and Control Systems (IACS), which are in charge of managing assets and controlling everyday operations.

As these IACS become larger and more complex, encompassing a growing number of processes and interconnected monitoring and actuating devices, the attack surface of the underlying CIs increases. This situation calls for new strategies to improve Critical Infrastructure Protection (CIP) frameworks, based on evolved approaches for data analytics, able to gather insights from the CI.

In this paper, we propose an Intrusion and Anomaly Detection System (IADS) framework that adopts forensics and compliance auditing capabilities at its core to improve CIP. Adopted forensics techniques help to address, for instance, post-incident analysis and investigation, while the support of continuous auditing processes simplifies compliance management and service quality assessment.

More specifically, after discussing the rationale for such a framework, this paper presents a formal description of the proposed components and functions and discusses how the framework can be implemented using a cloud-native approach, to address both functional and non-functional requirements. An experimental analysis of the framework scalability is also provided.

当代社会越来越依赖关键基础设施(CI)提供的产品和服务,如发电厂、能源分配网络、运输系统和制造设施。由于其性质、规模和复杂性,此类CI通常由负责管理资产和控制日常运营的工业自动化和控制系统(IACS)支持。随着这些IACS变得更大、更复杂,包括越来越多的流程和互连的监控和执行设备,底层CI的攻击面也会增加。这种情况需要新的策略来改进关键基础设施保护(CIP)框架,该框架基于数据分析的进化方法,能够从CI中收集见解。在本文中,我们提出了一个入侵和异常检测系统(IADS)框架,其核心采用取证和合规审计功能来改进CIP。采用的取证技术有助于解决事件后的分析和调查问题,而对持续审计流程的支持简化了合规管理和服务质量评估。更具体地说,在讨论了这种框架的基本原理后,本文对所提出的组件和功能进行了正式描述,并讨论了如何使用云原生方法来实现该框架,以满足功能和非功能需求。还对框架的可伸缩性进行了实验分析。
{"title":"A forensics and compliance auditing framework for critical infrastructure protection","authors":"João Henriques ,&nbsp;Filipe Caldeira ,&nbsp;Tiago Cruz ,&nbsp;Paulo Simões","doi":"10.1016/j.ijcip.2023.100613","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100613","url":null,"abstract":"<div><p>Contemporary societies are increasingly dependent on products and services provided by Critical Infrastructure (CI) such as power plants, energy distribution networks, transportation systems and manufacturing facilities. Due to their nature, size and complexity, such CIs are often supported by Industrial Automation and Control Systems (IACS), which are in charge of managing assets and controlling everyday operations.</p><p>As these IACS become larger and more complex, encompassing a growing number of processes and interconnected monitoring and actuating devices, the attack surface of the underlying CIs increases. This situation calls for new strategies to improve Critical Infrastructure Protection (CIP) frameworks, based on evolved approaches for data analytics, able to gather insights from the CI.</p><p>In this paper, we propose an Intrusion and Anomaly Detection System (IADS) framework that adopts forensics and compliance auditing capabilities at its core to improve CIP. Adopted forensics techniques help to address, for instance, post-incident analysis and investigation, while the support of continuous auditing processes simplifies compliance management and service quality assessment.</p><p>More specifically, after discussing the rationale for such a framework, this paper presents a formal description of the proposed components and functions and discusses how the framework can be implemented using a cloud-native approach, to address both functional and non-functional requirements. An experimental analysis of the framework scalability is also provided.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100613"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50192979","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A multi-criteria framework for critical infrastructure systems resilience 关键基础设施系统弹性的多标准框架
IF 3.6 3区 工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100616
Zhuyu Yang , Bruno Barroca , Katia Laffréchine , Alexandre Weppe , Aurélia Bony-Dandrieux , Nicolas Daclin

Critical infrastructure systems (CISs) play an essential role in modern society, as they are important for maintaining critical social functions, economic organisation, and national defence. Recently, CISs resilience has gained popularity in both academic and policy filed facing increased natural or technological disasters. Resilience assessments have become convenient and common tools for disaster management, as assessment results provide useful information to CIS managers. However, CISs resilience assessment is facing challenges of being practical to use in operational risk management.

Although there are many existing assessments for CISs resilience, some shortcomings relating to assessment criteria, which cannot turn resilience useful in practical operation, are frequent in their assessment process. Existing assessments are based on different definitions, which makes criteria generalization difficult. Besides, these assessments are not comprehensive enough. Especially, few assessments address both the cost, effectiveness, and safety of optimisation actions. Moreover, most of the suggested criteria are not specific enough for being used for practical CISs risk management in real cases.

This article develops therefore a multi-criteria framework (MCF) for CISs resilience, consisting of general criteria and a guide for defining specific sub-criteria. In this MCF, the side effects, cascading effects and cost-benefit in resilience scenarios are considered indispensable for CISs resilience assessment. The paper also presents an example of the application of the developed guide through two detailed scenarios, one on a single infrastructural system affected by a natural disaster, and the other addressing the interdependence of this infrastructural system and an urban healthcare system. The designed MCF contributes to the operationalisation and comprehensiveness of CISs resilience assessments.

关键基础设施系统在现代社会中发挥着至关重要的作用,因为它们对维持关键的社会功能、经济组织和国防至关重要。最近,面对日益严重的自然或技术灾害,CISs的复原力在学术和政策领域都越来越受欢迎。复原力评估已成为灾害管理的方便和通用工具,因为评估结果为独联体管理人员提供了有用的信息。然而,CISs的恢复力评估在操作风险管理中的实际应用面临挑战。尽管现有许多针对CISs恢复力的评估,但在其评估过程中,与评估标准相关的一些缺陷经常出现,这些缺陷无法使恢复力在实际操作中发挥作用。现有的评估基于不同的定义,这使得标准难以概括。此外,这些评估还不够全面。特别是,很少有评估同时涉及优化行动的成本、有效性和安全性。此外,大多数建议的标准还不够具体,无法用于实际案例中的CISs风险管理。因此,本文为CISs弹性开发了一个多标准框架(MCF),包括一般标准和定义特定子标准的指南。在该MCF中,复原力场景中的副作用、级联效应和成本效益被认为是CISs复原力评估不可或缺的。本文还通过两个详细的场景介绍了开发指南的应用示例,一个是受自然灾害影响的单一基础设施系统,另一个是解决该基础设施系统与城市医疗系统的相互依赖性。设计的MCF有助于CISs恢复力评估的操作化和全面性。
{"title":"A multi-criteria framework for critical infrastructure systems resilience","authors":"Zhuyu Yang ,&nbsp;Bruno Barroca ,&nbsp;Katia Laffréchine ,&nbsp;Alexandre Weppe ,&nbsp;Aurélia Bony-Dandrieux ,&nbsp;Nicolas Daclin","doi":"10.1016/j.ijcip.2023.100616","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100616","url":null,"abstract":"<div><p>Critical infrastructure systems (CISs) play an essential role in modern society, as they are important for maintaining critical social functions, economic organisation, and national defence. Recently, CISs resilience has gained popularity in both academic and policy filed facing increased natural or technological disasters. Resilience assessments have become convenient and common tools for disaster management, as assessment results provide useful information to CIS managers. However, CISs resilience assessment is facing challenges of being practical to use in operational risk management.</p><p>Although there are many existing assessments for CISs resilience, some shortcomings relating to assessment criteria, which cannot turn resilience useful in practical operation, are frequent in their assessment process. Existing assessments are based on different definitions, which makes criteria generalization difficult. Besides, these assessments are not comprehensive enough. Especially, few assessments address both the cost, effectiveness, and safety of optimisation actions. Moreover, most of the suggested criteria are not specific enough for being used for practical CISs risk management in real cases.</p><p>This article develops therefore a multi-criteria framework (MCF) for CISs resilience, consisting of general criteria and a guide for defining specific sub-criteria. In this MCF, the side effects, cascading effects and cost-benefit in resilience scenarios are considered indispensable for CISs resilience assessment. The paper also presents an example of the application of the developed guide through two detailed scenarios, one on a single infrastructural system affected by a natural disaster, and the other addressing the interdependence of this infrastructural system and an urban healthcare system. The designed MCF contributes to the operationalisation and comprehensiveness of CISs resilience assessments.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100616"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50192871","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
New threats and research problems for critical infrastructure 关键基础设施面临的新威胁和研究问题
IF 3.6 3区 工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-09-01 DOI: 10.1016/S1874-5482(23)00042-2
Roberto Setola
{"title":"New threats and research problems for critical infrastructure","authors":"Roberto Setola","doi":"10.1016/S1874-5482(23)00042-2","DOIUrl":"https://doi.org/10.1016/S1874-5482(23)00042-2","url":null,"abstract":"","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100629"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50192873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
International Journal of Critical Infrastructure Protection
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1