Challenges to Adversarial Interplay Under High Uncertainty: Staged-World Study of a Cyber Security Event

Branlat, Matthieu

21 October 2011

No description available.

cognitive systems engineering

resilience engineering

cyber security

adversarial event

staged-world study

decision-making

cyber defense

cyber attack

observational study

Intrusion Detection and Recovery of a Cyber-Power System

Zhu, Ruoxi

06 June 2024

The advent of Information and Communications Technology (ICT) in power systems has revolutionized the monitoring, operation, and control mechanisms through advanced control and communication functions. However, this integration significantly elevates the vulnerability of modern power systems to cyber intrusions, posing severe risks to the integrity and reliability of the power grid. This dissertation presents the results of a comprehensive study into the detection of cyber intrusions and restoration of cyber-power systems post-attack with a focus on IEC 61850 based substations and recovery methodologies in the cyber-physical system framework. The first step of this study is to develop a novel Intrusion Detection System (IDS) specifically designed for deployment in automated substations. The proposed IDS effectively identifies falsified measurements within Manufacturing Messaging Specification (MMS) messages by verifying the consistency of electric circuit laws. This distributed approach helps avoid the transfer of contaminated measurements from substations to the control center, ensuring the integrity of SCADA systems. Utilizing a cyber-physical system testbed and the IEEE 39-bus test system, the IDS demonstrates high detection accuracy and validates its efficacy in real-time operational environments. Building upon the intrusion detection methodology, this dissertation advances into cyber system recovery strategies, which are designed to meet the challenges of restoring a power grid as a cyber-physical system following catastrophic cyberattacks. A novel restoration strategy is proposed, emphasizing the self-recovery of a substation automation system (SAS) within the substation through dynamic network reconfiguration and collaborative efforts among Intelligent Electronic Devices (IEDs). This strategy, validated through a cyber-power system testbed incorporating SDN technology and IEC 61850 protocol, highlights the critical role of cyber recovery in maintaining grid resilience. Further, this research extends its methodology to include a cyber-physical system restoration strategy that integrates an optimization-based multi-system restoration approach with cyber-power system simulation for constraint checking. This innovative strategy developed and validated using an Software Defined Networking (SDN) network for the IEEE 39-bus system, demonstrates the capability to efficiently restore the cyber-power system and maximize restoration capability following a large-scale cyberattack. Overall, this dissertation makes original contributions to the field of power system security by developing and validating effective mechanisms for the detection of and recovery from cyber intrusions in the cyber-power system. Here are the main contributions of this dissertation: 1) This work develops a distributed IDS, specifically designed for the substation automation environment, capable of pinpointing the targets of cyberattacks, including sophisticated attacks involving multiple substations. The effectiveness of this IDS in a real-time operational context is validated to demonstrate its efficiency and potential for widespread deployment. 2) A novel recovery strategy is proposed to restore the critical functions of substations following cyberattacks. This strategy emphasizes local recovery procedures that leverage the collaboration of devices within the substation network, circumventing the need for external control during the initial recovery phase. The implementation and validation of this method through a cyber-physical system testbed—specifically, within an IEC 61850 based Substation Automation System (SAS)—underscores its practicality and effectiveness in real-world scenarios. 3) The dissertation results in a new co-restoration strategy that integrates mixed integer linear programming to sequentially optimize the restoration of generators, power components, and communication nodes. This approach ensures optimal restoration decisions within a limited time horizon, enhancing the recovery capabilities of the cyber-power system. The application of an SDN based network simulator facilitates accurate modeling of cyber-power system interactions, including communication constraints and dynamic restoration scenarios. The strategy's adaptability is further improved by real-time assessment of the feasibility of the restoration sequence incorporating power flow and communication network constraints to ensure an effective recovery process. / Doctor of Philosophy / Electricity is a critical service that supports the society and economy. Today, electric power systems are becoming smarter, using advanced Information and Communications Technology to manage and distribute electricity more efficiently. This new technology creates a smart grid, a network that not only delivers power but also uses computers and other tools to remotely monitor electricity flows and address any issues that may arise. However, these smart systems with high connectivity utilizing information and communication systems can be vulnerable to cyberattacks, which could disrupt the electricity supply. To protect against these threats, this study is focused on creating systems that can detect when an abnormal condition is taking place in the cyber-power grid. These detection systems are designed to detect and identify signs of cyberattacks at key points in the power network, particularly at substations, which play a vital role in the delivery of electricity. Substations control the power grid operating conditions to make sure that electricity service is reliable and efficient for the consumers Just like traffic lights help manage the flow of vehicles, substations manage the flow of electricity to make sure electric energy is delivered to where it needed. Once a cyberattack is detected, the next step is to stop the attack and mitigate the impact it may have made to ensure that the power grid returns to normal operations as quickly as possible. This dissertation is concerned with the development and validation of analytical and computational methods to quickly identify the cyberattacks and prevent the disruptions to the electricity service. Also, the focus of this work is also on a coordinated recovery of both the cyber system ( digital controls and monitoring) and power system (physical infrastructure including transformers and transmission and distribution lines). This co-restoration approach is key to sustain the critical electricity service and ensures that the grid is resilient against the cyber threats. By developing strategies that address both the cyber and physical aspects, the proposed methodology aims to minimize downtime and reduce the impact of large-scale cyberattacks on the electrical infrastructure. The impact of the results of this dissertation is the enhancement of security and resilience of the electric energy supply in an era where the risks of cyber threats are increasingly significantly. Overall, by developing new methodologies to detect and respond to cyberattacks, the cyber-power system's capability to withstand and recover from cyberattacks is enhanced in the increasingly technology-dependent power grid environment.

Intrusion Detection

Intrusion Mitigation

Cyber Resilience

Cyber-Physical System

Cyber System Recovery

SCADA

DNP3

Digital Substations

IEC 61850

Wide spectrum attribution : using deception for attribution intelligence in cyber attacks

Nicholson, Andrew

January 2015

Modern cyber attacks have evolved considerably. The skill level required to conduct a cyber attack is low. Computing power is cheap, targets are diverse and plentiful. Point-and-click crimeware kits are widely circulated in the underground economy, while source code for sophisticated malware such as Stuxnet is available for all to download and repurpose. Despite decades of research into defensive techniques, such as firewalls, intrusion detection systems, anti-virus, code auditing, etc, the quantity of successful cyber attacks continues to increase, as does the number of vulnerabilities identified. Measures to identify perpetrators, known as attribution, have existed for as long as there have been cyber attacks. The most actively researched technical attribution techniques involve the marking and logging of network packets. These techniques are performed by network devices along the packet journey, which most often requires modification of existing router hardware and/or software, or the inclusion of additional devices. These modifications require wide-scale infrastructure changes that are not only complex and costly, but invoke legal, ethical and governance issues. The usefulness of these techniques is also often questioned, as attack actors use multiple stepping stones, often innocent systems that have been compromised, to mask the true source. As such, this thesis identifies that no publicly known previous work has been deployed on a wide-scale basis in the Internet infrastructure. This research investigates the use of an often overlooked tool for attribution: cyber de- ception. The main contribution of this work is a significant advancement in the field of deception and honeypots as technical attribution techniques. Specifically, the design and implementation of two novel honeypot approaches; i) Deception Inside Credential Engine (DICE), that uses policy and honeytokens to identify adversaries returning from different origins and ii) Adaptive Honeynet Framework (AHFW), an introspection and adaptive honeynet framework that uses actor-dependent triggers to modify the honeynet envi- ronment, to engage the adversary, increasing the quantity and diversity of interactions. The two approaches are based on a systematic review of the technical attribution litera- ture that was used to derive a set of requirements for honeypots as technical attribution techniques. Both approaches lead the way for further research in this field.

600

A Model for Cyber Attack Risks in Telemetry Networks

Shourabi, Neda Bazyar

10 1900

ITC/USA 2015 Conference Proceedings / The Fifty-First Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2015 / Bally's Hotel & Convention Center, Las Vegas, NV / This paper develops a method for analyzing, modeling and simulating cyber threats in a networked telemetry environment as part of a risk management model. The paper includes an approach for incorporating a Monte Carlo computer simulation of this modeling with sample results.

Risk Management

Cyber-attack

Monte Carlo simulation

Parallel and distributed cyber-physical system simulation

Pfeifer, Dylan Conrad

06 November 2014

The traditions of real-time and embedded system engineering have evolved into a new field of cyber-physical systems (CPSs). The increase in complexity of CPS components and the multi-domain engineering composition of CPSs challenge the current best practices in design and simulation. To address the challenges of CPS simulation, this work introduces a simulator coordination method drawing from strengths of the field of parallel and distributed simulation (PADS), yet offering benefits aimed towards the challenges of coordinating CPS engineering design simulators. The method offers the novel concept of Interpolated Event data types applied to Kahn Process Networks in order to provide simulator coordination. This can enable conservative and optimistic coordination of multiple heterogeneous and homogeneous simulators, but provide important benefits for CPS simulation, such as the opportunity to reduce functional requirements for simulator interfacing compared to existing solutions. The method is analyzed in theoretical properties and instantiated in software tools SimConnect and SimTalk. Finally, an experimental study applies the method and tools to accelerate Spice circuit simulation with tradeoffs in speed versus accuracy, and demonstrates the coordination of three heterogeneous simulators for a CPS simulation with increasing component model refinement and realism. / text

Cyber-physical systems

Parallel and distributed simulation

Cyber-Physical systems for maintenance in Industry 4.0

He, Kaifei, Jin, Man

January 2016

As two emerging terms in industry field, “Industry 4.0” and “Cyber-Physical System” have attracted an increasing amount of attention from both researchers and manufactures. Available advanced technologies brought by these terms, offers possible solutions and improvements for future maintenance. The purpose of the thesis is to identify how Industry 4.0 integrates with Cyber-Physical Systems regarding maintenance management and the requirements for companies to reach the ideal smart factory. Two researcher questions were studied to fulfill the purpose. Firstly, identifying the integration between Industry 4.0 and CPS regarding maintenance functions. Secondly, to investigate how such integration contribute to maintenance management in an ideal future factory.

Cyber-Physical Systems

Industry 4.0

Maintenance

Implementation of the DEECo component framework for embedded systems / Implementation of the DEECo component framework for embedded systems

Matěna, Vladimír

January 2014

Recent development in the field of distributed and decentralized cyber-physical systems led to emerge of DEECo model. As many DEECo use cases are embedded applications it is interesting to evaluate DEECo on embedded hardware. Currently there is only reference DEECo implementation which is written in Java thus cannot be used for embedded applications. As part of this thesis C++ DEECo mapping and embedded CDEECo++ framework were designed using FreeRTOS operating system for task scheduling and synchronization. An example application designed for the STM32F4 board demonstrates usability of the framework. This thesis contains description of the DEECo mapping into the C++ language, source codes of the CDEECo++ framework, documentation and example application including basic measurement of its real- time properties. Powered by TCPDF (www.tcpdf.org)

Gaming and Gender: Home as a Place of (Non)conformity for Women Gamers

Todd, Cherie J

January 2009

This research examines interactive multimedia video games that are played on technological devices such as: computers, gameboys, PlayStation, Portable PlayStation (PSP) and Xbox. Particular attention is paid to women 30 years of age and older, who engage in gaming activities whilst at home. This is a particularly useful group of women to investigate because it opposes stereotypical and gender-normative notions of what it means to be a 'woman at home'. Also, to the best of my knowledge, there have not been any previous studies conducted that explore this particular group in relation to geographies of home. There is an ever expanding body of literature that focuses on 'home' and the meanings that are associated with it. This research represents an attempt to seek a new way of understanding the mutually constitutive relationship between women, home, and gaming by drawing on feminist and poststructuralist theories of identities, place and space. In this thesis, I argue that there are various ways in which women's identities can become blurred by their engagements with cyber/space, and that gaming is an activity which facilitates levels of empowerment for women within the home.

women

gender

identities

home

cyber/space

"Det är lättare att vara elak på Internet men det är bättre att vara elak i verkligheten" : En intervjustudie av barns erfarenheter av nätkränkningar

Pettersson, Björn, Rodell, Annica

Unknown Date

<p><p>Eleverna i dagens skolor är uppvuxna i en digitaliserad värld. De rör sig i princip utan begränsningar i den digitala världen. Man skulle kunna säga att det är deras modersmål att uttrycka sig och befinna sig på nätet, Vi ser en klyfta i samhället med barn och ungdomars nätkunskaper på ena sidan och vuxnas förmåga till kritisk granskning på den andra. Detta påverkar i allra högsta grad hur vi handskas med digitala kränkningar i skolan. Även om barnen är experter på Internet är det de vuxna som måste hjälpa till med att ge en fungerande grund av normer, värden och kritiskt tänkande. Vi har gjort en intervjustudie med 37 barn i skolår fem. 20 av barnen går i en småstadsskola och 17 av barnen i en förortsskola. Intervjuerna har utförts som gruppintervjuer och vi har haft en kvalitativ ansats. Våra intentioner har varit att göra undersökningen från barnens perspektiv och om möjligt försöka möta och förstå deras livsvärld. I vår studie ser vi med stor tydlighet att kränkningar på nätet är verklighet för många elever idag och detta påverkar i mycket stor utsträckning deras skolvardag. I samtalen med eleverna har vi förstått att det inte är någon större skillnad på att bli kränkt på nätet och att bli kränkt i verkliga livet. Själva säger eleverna att det är lättare att skriva något elakt till en person som man inte ser och detta gör att kränkningar på nätet kan vara något grövre än kränkningar ansikte mot ansikte. Kränkningar sker i stort sett på samhällets alla nivåer och platser. Vi vill inte dra skiljelinjer mellan nätet och samhället i övrigt. Internet är en del av vårt moderna samhälle. Det speglar det som händer i det verkliga livet. Elever som blir kränkta på nätet blir även kränkta i skolan. Samma individer blir kränkta på nätet och i samhället utanför och för samma saker. Vi ser även att vuxna behöver ta sitt ansvar och genom att lära barnen kritisk granskning skydda dem mot kränkningar. Det är samtidigt skolans ansvar att utjämna oundvikliga socioekonomiska ojämlikheter och sträva mot en rättvis fördelning av kunskaper genom att bidra till Internetkunskap till alla elever.</p></p>

Internet

mobbning

kränkningar

nätkränkningar

cyber bullying

skola

"Det är lättare att vara elak på Internet men det är bättre att vara elak i verkligheten" : En intervjustudie av barns erfarenheter av nätkränkningar

Pettersson, Björn, Rodell, Annica

Unknown Date

Eleverna i dagens skolor är uppvuxna i en digitaliserad värld. De rör sig i princip utan begränsningar i den digitala världen. Man skulle kunna säga att det är deras modersmål att uttrycka sig och befinna sig på nätet, Vi ser en klyfta i samhället med barn och ungdomars nätkunskaper på ena sidan och vuxnas förmåga till kritisk granskning på den andra. Detta påverkar i allra högsta grad hur vi handskas med digitala kränkningar i skolan. Även om barnen är experter på Internet är det de vuxna som måste hjälpa till med att ge en fungerande grund av normer, värden och kritiskt tänkande. Vi har gjort en intervjustudie med 37 barn i skolår fem. 20 av barnen går i en småstadsskola och 17 av barnen i en förortsskola. Intervjuerna har utförts som gruppintervjuer och vi har haft en kvalitativ ansats. Våra intentioner har varit att göra undersökningen från barnens perspektiv och om möjligt försöka möta och förstå deras livsvärld. I vår studie ser vi med stor tydlighet att kränkningar på nätet är verklighet för många elever idag och detta påverkar i mycket stor utsträckning deras skolvardag. I samtalen med eleverna har vi förstått att det inte är någon större skillnad på att bli kränkt på nätet och att bli kränkt i verkliga livet. Själva säger eleverna att det är lättare att skriva något elakt till en person som man inte ser och detta gör att kränkningar på nätet kan vara något grövre än kränkningar ansikte mot ansikte. Kränkningar sker i stort sett på samhällets alla nivåer och platser. Vi vill inte dra skiljelinjer mellan nätet och samhället i övrigt. Internet är en del av vårt moderna samhälle. Det speglar det som händer i det verkliga livet. Elever som blir kränkta på nätet blir även kränkta i skolan. Samma individer blir kränkta på nätet och i samhället utanför och för samma saker. Vi ser även att vuxna behöver ta sitt ansvar och genom att lära barnen kritisk granskning skydda dem mot kränkningar. Det är samtidigt skolans ansvar att utjämna oundvikliga socioekonomiska ojämlikheter och sträva mot en rättvis fördelning av kunskaper genom att bidra till Internetkunskap till alla elever.

Internet

mobbning

kränkningar

nätkränkningar

cyber bullying

skola