Examining Cooperative System Responses Against Grid Integrity Attacks

Parady, Alexander D

01 January 2022

Smart grid technologies are integral to society’s transition to sustainable energy sources, but they do not come without a cost. As the energy sector shifts away from a century’s reliance on fossil fuels and centralized generation, technology that actively monitors and controls every aspect of the power infrastructure has been widely adopted, resulting in a plethora of new vulnerabilities that have already wreaked havoc on critical infrastructure. Integrity attacks that feedback false data through industrial control systems, which result in possible catastrophic overcorrections and ensuing failures, have plagued grid infrastructure over the past several years. This threat is now at an all-time high and shows little sign of cooling off. To combat this trajectory, this research explores the potential for simulated grid characteristics to examine robust security measures by use of a cyber-physical system (CPS) testbed constructed across the University of Central Florida (UCF) Resilient, Intelligent and Sustainable Energy Systems (RISES) Lab Cluster. This thesis explores hypothesized defense mechanisms and awareness algorithms to protect against unforeseen vulnerabilities brought on by grid attacks that will test the boundaries of commercial cybersecurity standards. Through an extensive probe across proposed defenses and vulnerability analysis of industrial systems, a blueprint for future research is outlined that will yield results that have the potential to ripple improvements across the power sector. The sanctity of critical infrastructure is of the highest priority for global powers. As such, this research bolsters the tools at the disposal of international entities and seeks to protect the ever-expanding lifestyle that reliable access to energy provides.

Critical Infrastructure

Smart Grid

Cybersecurity

Power Systems

Cooperative System

Cyberattack

Computer Engineering

Information Security

Reliable p-hub location problems and protection models for hub network design

Kim, Hyun

11 September 2008

No description available.

Geography

hub location problem

network design

reliability

survivability

critical infrastructure

spatial optimization

Statistical and Fuzzy Set Modeling for the Risk Analysis for Critical Infrastructure Protection

Cotellesso, Paul

25 September 2009

No description available.

Civil Engineering

Critical Infrastructure Protection

Perimeter Security

Fuzzy Triangular Model

Proportional Odds Model

Friedman's Test

Drone Use Within Critical Infrastructure - A Security Perspective

Nord, Hanne

January 2022

The use of drones is increasing not just for private use, but also for companieswithin different sectors including critical infrastructures, such as the energysector. This due to the many benefits that drones can bring in terms of loweredcosts, increased safety for people, better accessibility, and more, whenconducting varies activities such as inspections and looking for errors.Although the use of drones may be comprised of benefits, drones may also beprone to security risks related to privacy, safety, as well as informationsecurity and the confidentiality, integrity, and availability of the informationthat is collected. This Master´s thesis focused on the critical infrastructuresector following an energy company in Sweden and their use of drones forconducting various operations. The thesis also investigated how security risksfocusing on information security are viewed by the company in terms oflikelihood and consequence and how the company handles these risks. Risksrelated to information security may be caused by threats such as adversaries,technical malfunctions, weather, and climate. The seriousness of the risksmuch depend on the sensitivity of the information and, how much theinformation covers, for example of the power grid. With regards to likelihood,a factor in play is whether the information would be possible for another partyto collect as well as if information would be possible to collect at anothertime. This would impact whether an adversary would gain anything fromcompromising the information collected using a drone or, how technicalmalfunctions and natural occurrences affecting the drone, and the informationcollected would cause problems if the flight is possible to conduct at anothertime. The thesis was conducted using a qualitative approach in the form of asingle-case study. / <p>The presentation was conducted digitally through zoom. </p>

Information Security

Drones

Critical Infrastructure

Information Systems, Social aspects

BotDet: a system for real time Botnet command and control traffic detection

Ghafir, Ibrahim, Prenosil, V., Hammoudeh, M., Baker, T., Jabbar, S., Khalid, S., Jaf, S.

24 January 2020

Yes / Over the past decade, the digitization of services transformed the healthcare sector leading to a sharp rise in cybersecurity threats. Poor cybersecurity in the healthcare sector, coupled with high value of patient records attracted the attention of hackers. Sophisticated advanced persistent threats and malware have significantly contributed to increasing risks to the health sector. Many recent attacks are attributed to the spread of malicious software, e.g., ransomware or bot malware. Machines infected with bot malware can be used as tools for remote attack or even cryptomining. This paper presents a novel approach, called BotDet, for botnet Command and Control (C&C) traffic detection to defend against malware attacks in critical ultrastructure systems. There are two stages in the development of the proposed system: 1) we have developed four detection modules to detect different possible techniques used in botnet C&C communications and 2) we have designed a correlation framework to reduce the rate of false alarms raised by individual detection modules. Evaluation results show that BotDet balances the true positive rate and the false positive rate with 82.3% and 13.6%, respectively. Furthermore, it proves BotDet capability of real time detection.

Critical infrastructure security

Healthcare cyber attacks

Malware

Botnet

Command and control server

Intrusion detection system

Alert correlation

Anticipating antagonistic attacks : A qualitative study on the organizational resilience building of Swedish critical infrastructure providers

Engman, Hanna, Sprängare, Ingrid

January 2024

Critical infrastructure provides essential services to the maintenance and progression of societal functions. Due to its importance, critical infrastructure is, to a larger extent, at threat of and subject to antagonistic attacks, such as IT-attacks and cyber-attacks, during times of geopolitical instability. As a result, critical infrastructure providers face externaland internal pressures to build resilience to ensure the continuous provision of essential services. Despite this, and despite the established research field of critical infrastructure resilience, the organizational resilience of critical infrastructure providers has not been properly addressed. Through the lens of the Dynamic Capabilities Framework, the purpose of this study is to provide an insight into how critical infrastructure providers build resilience capabilities prior to adversity in the current geopolitical context. Despite their noted significances, the organizational resilience building of critical infrastructure providers and how organizational resilience is built prior to adversity are under-researched. To develop an understanding of this phenomenon, we conducted a qualitative study on six Swedish critical infrastructure providers using semi-structured interviews using a grounded theory inspired research strategy.With our findings, we discovered that in the face of geopolitical instability, critical infrastructure providers (1) build the sensing capability of observing and identifying adversity by developing situation awareness. This capability is developed by utilizing the internal expertise of selected employees and by building relationships with the external network to gather information. Furthermore, to develop the seizing capability of preparing for adversity in the given context, we found that critical infrastructure providers (2) develop multi-level human resource competencies through communicating clear expectations and responsibilities, providing education to employees, and by cultivating and establishing a safety culture. Additionally, the preparation capability is developed through (3) strategic preparation by developing scenario plans, action plans, and by collaborating with the external network. Lastly, critical infrastructure providers’ capability to prepare is developed by (4) investing capital into organization-wide physical security. With this study, we contribute novel insights of the phenomenon of the organizational resilience building of critical infrastructure providers. In the end, we have found that the organizational resilience building of critical infrastructure providers deviates from existing assessment and suggestive frameworks within the research body on organizational resilience. Accordingly, our findings have generated practical insights to managers of critical infrastructure providers, and an increased understanding to policy makers of how critical infrastructure providers approach resilience in the current geopolitical climate.

Organizational resilience

Critical infrastructure

Geopolitical instability

Anticipation

Dynamic capabilities

Business Administration

Företagsekonomi

Assessment of the Jones Act Waiver Process on Freight Transportation Networks Experiencing Disruption

Fialkoff, Marc Richard

27 October 2017

In October 2012, Hurricane Sandy caused massive disruption and destruction to the Mid-Atlantic region of the United States. The intensity of the storm forced the Port of New York and New Jersey to close, forcing cargo diversion to the Port of Norfolk in Virginia. Because of the Jones Act restriction on foreign vessels moving between U.S. ports, the restriction on short sea shipping was viewed as a barrier to recovery. Much of the critical infrastructure resilience and security literature focuses on the "hardening" of physical infrastructure, but not the relationship between law, policy, and critical infrastructure. Traditional views of transportation systems do not adequately address questions of governance and behaviors that contribute to resilience. In contrast, recent development of a System of Systems framework provides a conceptual framework to study the relationship of law and policy systems to the transportation systems they govern. Applying a System of Systems framework, this research analyzed the effect of relaxing the Jones Act on freight transportation networks experiencing a disruptive event. Using WebTRAGIS (Transportation Routing Analysis GIS), the results of the research demonstrate that relaxing the Jones Act had a marginal reduction on highway truck traffic and no change in rail traffic volume in the aftermath of a disruption. The research also analyzed the Jones Act waiver process and the barriers posed by the legal process involved in administration and review for Jones Act waivers. Recommendations on improving the waiver process include greater agency coordination and formal rulemaking to ensure certainty with the waiver process. This research is the first in studying the impact of the Jones Act on a multimodal freight transportation network. Likewise, the use of the System of Systems framework to conceptualize the law and a critical infrastructure system such as transportation provides future opportunities for studying different sets of laws and policies on infrastructure. This research externalizes law and policy systems from the transportation systems they govern. This can provide policymakers and planners with an opportunity to understand the impact of law and policy on the infrastructure systems they govern. / PHD / In October 2012, Hurricane Sandy caused massive disruption and destruction to the Mid-Atlantic region of the United States. The intensity of the storm forced the Port of New York and New Jersey to close, forcing cargo diversion to the Port of Norfolk in Virginia. Because of the Jones Act restriction on foreign vessels moving between U.S. ports, the restriction on short sea shipping was viewed as a barrier to recovery. Much of the critical infrastructure resilience and security literature focuses on the “hardening” of physical infrastructure, but not the relationship between law, policy, and critical infrastructure. Traditional views of transportation systems do not adequately address questions of governance and behaviors that contribute to resilience. In contrast, recent development of a System of Systems framework provides a conceptual framework to study the relationship of law and policy systems to the transportation systems they govern. Applying a System of Systems framework, this research analyzed the effect of relaxing the Jones Act on freight transportation networks experiencing a disruptive event. Using WebTRAGIS (Transportation Routing Analysis GIS), the results of the research demonstrate that relaxing the Jones Act had a marginal reduction on highway truck traffic and no change in rail traffic volume in the aftermath of a disruption. The research also analyzed the Jones Act waiver process and the barriers posed by the legal process involved in administration and review for Jones Act waivers. Recommendations on improving the waiver process include greater agency coordination and formal rulemaking to ensure certainty with the waiver process. This research is the first in studying the impact of the Jones Act on a multimodal freight transportation network. Likewise, the use of the System of Systems framework to conceptualize the law and a critical infrastructure system such as transportation provides future opportunities for studying different sets of laws and policies on infrastructure. This research illustrated that law and policy systems act independent of the transportation systems they govern. This can provide policymakers and planners with an opportunity to understand the impact of law and policy on the infrastructure systems they govern.

Freight Transportation

Jones Act

System of Systems

Critical Infrastructure Resilience

Diversion Analysis

Development of a Resilience Assessment Methodology for Networked Infrastructure Systems using Stochastic Simulation, with application to Water Distribution Systems

Gay Alanis, Leon F.

01 May 2013

Water distribution systems are critical infrastructure systems enabling the social and economic welfare of a community. While normal failures are expected and repaired quickly, low-probability and high consequence disruptive events have potential to cause severe damage to the infrastructure and significantly reduce their performance or even stop their function altogether. Resilient infrastructure is a necessary component towards achieving resilient and sustainable communities. Resilience concepts allow improved decision making in relation with risk assessment and management in water utilities. However, in order to operationalize infrastructure resilience concepts, it is fundamental to develop practical resilience assessment methods such as the methodology and tool proposed in this research, named Effective Resilience Assessment Methodology for Utilities (ERASMUS). ERASMUS utilizes a stochastic simulation model to evaluate the probability of resilient response from a water distribution system in case of disruption. This methodology utilizes a parametric concept of resilience, in which a resilient infrastructure system is defined in terms of a set of performance parameters compared with their socially acceptable values under a variety of disruptive events. The methodology is applied to two actual water distribution networks in the East and West coasts of the US. / Ph. D.

Critical Infrastructure Systems

Asset Management

Resilience

Water Distribution Systems

Stochastic Simulation

Porovnání stávajících kritérií a nově navržených kritérií pro zařazování subjektů a prvků kritické infrastruktury v Jihočeském kraji a vliv na počet subjektů. / Comparing of current criteria and newly designed criteria for subjects classification and elements of critical infrastructure in the South Bohemian region and its influence on subjects quantity.

KREJČOVÁ, Kateřina

January 2012

In my thesis, I focused on the issue of the critical infrastructure (CI), the Czech Republic was obliged to implement in its legislation by the January 12, 2011. This was performed by amending the crisis law. The thesis describes generally the critical infrastructure, its history and development in the conditions of the Czech Republic as well as the European Union, the basic legal regulations and it also characterizes the concepts associated with this issue. In the scope of the research I focused on comparing the fields of CI, changes in criteria and principles of determining CI elements and influence of these changes on the number of the subjects of critical infrastructure in the South Bohemian Region. As it turned out during the elaboration, it is not simple to find out the newly established numbers of CI subjects.

THE APPLICATION OF AUTONOMIC COMPUTING FOR THE PROTECTION OF INDUSTRIAL CONTROL SYSTEMS

Cox, Donald Patrick

January 2011

Critical infrastructures are defined as the basic facilities, services and utilities needed to support the functioning of society. For over three-thousand years, civil engineers have built these infrastructures to ensure that needed services and products are available to make mankind more comfortable, secure and productive. Modern infrastructure control systems are vulnerable to disruption from natural disaster, accident, negligent operation and intentional cyber assaults from malicious agents. Many critical processes within our infrastructures are continuous (e.g., electric power, etc.) and cannot be interrupted without consequence to industry and the public. Failure to protect the critical infrastructure from cyber assaults will result in physical, economic and social impacts, extending from the local to the national level. Cyber weapons have shown that harm to infrastructures can occur before system operators have time to determine the source.We present the thesis that infrastructure control systems can employ autonomic computing technology to detect anomalies and mitigate process disruption. Specifically we focus on: 1) autonomic computing algorithms that can be integrated into control systems and networks to detect and respond to anomalies; 2) autonomic technology capable of detecting and blocking infrastructure controller commands, that if executed, would result in process disruption; 3) design and construction of a prototype Autonomic Critical Infrastructure Protection appliance (ACIP) for integration and testing of autonomic algorithms; and 4) the design and construction of a test bed capable of modeling critical infrastructures and related control systems and processes for the purpose of testing and demonstrating new autonomic technologies.We report on the development of a new, multi-dimension ontology that organizes cyber assault methodologies correlated with perpetrator motivation and goals. Using this ontology, we create a theoretical framework to identify the integration points for protective technology within infrastructure control systems. We have created a unique modeling and simulation test bed for critical infrastructure systems and processes, and a prototype autonomic computing appliance. Through this work, we have developed an expanded understanding of autonomic computing theory and its application to controls systems. We also, through experimentation, prove the thesis and establish a roadmap for future research.

industrial control systems

information Technology

programmable controller

SCADA

Electrical & Computer Engineering

autonomic computing

critical infrastructure protection