A Novel Approach to Determining Real-Time Risk Probabilities in Critical Infrastructure Industrial Control Systems

Elrod, Michael

01 January 2017

Critical Infrastructure Industrial Control Systems are substantially different from their more common and ubiquitous information technology system counterparts. Industrial control systems, such as distributed control systems and supervisory control and data acquisition systems that are used for controlling the power grid, were not originally designed with security in mind. Geographically dispersed distribution, an unfortunate reliance on legacy systems and stringent availability requirements raise significant cybersecurity concerns regarding electric reliability while constricting the feasibility of many security controls. Recent North American Electric Reliability Corporation Critical Infrastructure Protection standards heavily emphasize cybersecurity concerns and specifically require entities to categorize and identify their Bulk Electric System cyber systems; and, have periodic vulnerability assessments performed on those systems. These concerns have produced an increase in the need for more Critical Infrastructure Industrial Control Systems specific cybersecurity research. Industry stakeholders have embraced the development of a large-scale test environment through the Department of Energy’s National Supervisory Control and Data Acquisition Test-bed program; however, few individuals have access to this program. This research developed a physical industrial control system test-bed on a smaller-scale that provided an environment for modeling a simulated critical infrastructure sector performing a set of automated processes for the purpose of exploring solutions and studying concepts related to compromising control systems by way of process-tampering through code exploitation, as well as, the ability to passively and subsequently identify any risks resulting from such an event. Relative to the specific step being performed within a production cycle, at a moment in time when sensory data samples were captured and analyzed, it was possible to determine the probability of a real-time risk to a mock Critical Infrastructure Industrial Control System by comparing the sample values to those derived from a previously established baseline. This research achieved such a goal by implementing a passive, spatial and task-based segregated sensor network, running in parallel to the active control system process for monitoring and detecting risk, and effectively identified a real-time risk probability within a Critical Infrastructure Industrial Control System Test-bed. The practicality of this research ranges from determining on-demand real-time risk probabilities during an automated process, to employing baseline monitoring techniques for discovering systems, or components thereof, exploited along the supply chain.

Critical Infrastructure Security

ICS

ICS test-bed

Industrial Control Systems

Parallel Risk Monitoring

Risk Assessment Methodology

Computer Sciences

How to study the Occurrence of Cascading Effects in Critical Infrastructure : Evaluating and Developing a Method for gathering data on critical infrastructure dependencies

Johansson, Viktor

January 2019

This thesis evaluates and develops a method for studying the occurrence of cascading effects between critical infrastructures. The thesis also analyzes how the results of previous research using the method may have been affected by certain aspects of the method. Applying different inclusion thresholds and exploring how material could be gathered differently, the thesis provides some tentative answers to the value of using newspaper articles when studying cascading effects. In addition, the thesis offers recommendations for future research and policy on the protection of critical infrastructures.

cascading effects

critical infrastructure

dependencies

interdependencies

newspaper articles

policy

Swedish Civil Contingencies Agency

vital societal functions.

Political Science

Statsvetenskap

How to study the Occurrence of Cascading Effects in Critical Infrastructure : Evaluating and Developing a Method for gathering data on critical infrastructure dependencies.

Johansson, Viktor

January 2019

This thesis evaluates and develops a method for studying the occurrence of cascading effects between critical infrastructures. The thesis also analyzes how the results of previous research using the method may have been affected by certain aspects of the method. Applying different inclusion thresholds and exploring how material could be gathered differently, the thesis provides some tentative answers to the value of using newspaper articles when studying cascading effects. In addition, the thesis offers recommendations for future research and policy on the protection of critical infrastructures.

cascading effects

critical infrastructure

dependencies

interdependencies

newspaper articles

policy

Swedish Civil Contingencies Agency

vital societal functions.

Political Science

Statsvetenskap

Exécution sécurisée de code sur systèmes embarqués / Trustworthy code execution on embedded devices

Perito, Daniele

13 October 2011

Les systèmes embarqués sont utilisés dans de nombreux systèmes critiques, depuis les automobiles jusqu'aux les systèmes de contrôle industriels. La plupart des recherches sur ces systèmes embarqués se sont concentrés sur l'amélioration de leur fiabilité face à des fautes ou erreurs de fonctionnent non intentionnelles, moins de travaux on été réalisés considérant les attaques intentionnelles. Ces systèmes embarqués sont de plus en plus connectés, souvent à Internet, via des réseaux sans fils, par exemple pour leur administration à distance. Cela augmente les risques d'attaques à distance ou d'injection de code malicieux. Les fautes de fonctionnement de ces équipements peuvent causer des dommages physiques comme par example rendre des appareils médicaux dangereux. Par conséquent, il est primordial de protéger ces systèmes embarqués contre les attaques. Dans cette thèse nous présentons des attaques et défenses contre les systèmes embarqués contraints. Nous présentons plusieurs attaques contre des techniques d'attestation logicielle utilisées dans les systèmes embarqués. Puis nous présentons la conception et l'implémentation d'une technique d'attestation logicielle qui est résistante aux attaque présentées précédemment. Finalement, nous présentons la conception d'une solution permettant de réaliser l'attestation de code ainsi que la création d'une racine de confiance dynamique (dynamic root of trust) pour les systèmes embarqués. Cette solution est prouvée sure et ne dépend pas d'assomptions fortes faites dans le cas de l'attestation logicielle. / Embedded devices are currently used in many critical systems, ranging from automotive to medical devices and industrial control systems. Most of the research on such devices has focused on improving their reliability against unintentional failures, while fewer efforts have been spent to prevent intentional and malicious attacks. These devices are increasingly being connected via wireless and connected to the Internet for remote administration, this increases the risk of remote exploits and malicious code injected in such devices. Failures in such devices might cause physical damage and health and safety risks. Therefore, protecting embedded devices from attacks is of the utmost importance. In this thesis we present novel attacks and defenses against low-end embedded devices. We present several attacks against software-based attestation techniques used in embedded devices. Furthermore we design and implement a novel software-based attestation technique that is immune to the aforementioned attacks. Finally, we design a hardware solution to attest and establish a dyna

Wsn

Capteurs

Actioneurs

Wsan

Protection des infrastructures critiques

Sécurité

Wsn

Sensors

Security

Wsan

Embedded systems

Critical infrastructure protection

Cip

Αρχιτεκτονική ασφάλειας δικτύων ενσωματωμένων συστημάτων

Βογιατζής, Αρτέμιος

05 May 2009

Στην παρούσα διατριβή αντιμετωπίζουμε το πρόβλημα της σχεδίασης ασφαλών δικτύων δεδομένων. Η προσέγγιση που ακολουθούμε είναι συνθετική (bottom up). Εκκινώντας από τα απλά δομικά στοιχεία της ασφάλειας, δηλαδή τους αλγόριθμους και πρωτόκολλα κρυπτογράφησης, δημιουργούμε όλο και πιο σύνθετες δομές ασφάλειας, ώστε να καταλήξουμε σε μία ολοκληρωμένη πρόταση αρχιτεκτονικής ασφάλειας για δίκτυα ενσωματωμένων συστημάτων. Αρχικά εξετάζονται θέματα υλοποίησης αλγορίθμων κρυπτογράφησης. Δίνεται έμφαση σε περιβάλλοντα περιορισμένων πόρων. Παρουσιάζουμε την CryptoPalm, μία βιβλιοθήκη κρυπτογραφίας που αναπτύξαμε για συστήματα βασισμένα στο λειτουργικό σύστημα PalmOS. Εξετάζουμε κατόπιν την ανθεκτικότητα του πρωτοκόλλου ταυτοποίησης Fiat-Shamir σε περιβάλλοντα όπου εισάγονται εσκεμμένα λάθη στους κρυπτογραφικούς υπολογισμούς. Στη συνέχεια εισάγεται η καινοτόμος προσέγγιση της χρήσης τυχαιότητας στην κρυπτογραφία και προτείνεται ένα νέο πρωτόκολλο ασφαλούς επικοινωνίας, το οποίο παρέχει τα επιθυμητά χαρακτηριστικά ασφάλειας με χαμηλό κόστος. Κάνουμε μία μελέτη περιπτώσεων (case study) για δημοφιλείς αρχιτεκτονικές δικτύων (Bluetooth και Internet) και παρουσιάζουμε ένα σύνολο πρωτότυπων επιθέσεων που αναπτύξαμε και προτείνουμε κατά περίπτωση μέτρα για την αντιμετώπιση αυτών των απειλών. Η διατριβή ολοκληρώνεται με την εισαγωγή μίας πρωτότυπης αρχιτεκτονικής για το σχεδιασμό ασφαλών δικτύων, η οποία είναι σε θέση να αντιμετωπίσει τα προβλήματα που παρουσιάζουν οι υπάρχουσες αρχιτεκτονικές. / In this thesis we address the problem of designing secure data networks. The approach is bottom-up. Starting from primitive building blocks of security e.g., algorithms and cryptographic protocols, we build more and more complex security building blocks, finally reaching in a complete security architecture for embedded systems networks. Initial focus is on implementation issues of cryptographic algorithms with emphasis on resource-limited environments. We present CryptoPalm, a cryptographic library we developed for systems based on PalmOS operating system. Then, we study the security of the Fiat-Shamir authentication protocol in environments where faults are deliberately injected during cryptographic computations. As a next step, we introduce the novel approach of using randomness in cryptography; we propose a new secure communication protocol based on randomness. This protocol achieves the desired security characteristics with low implementation cost. We present a case study of popular network security architectures (namely Bluetooth and Internet) and a set of original attacks we developed. We propose countermeasures for each fighting back these attacks. The thesis concludes by introducing a novel architecture for designing secure networks. The proposed architecture addresses the problems arising in current security architectures. Communication networks and especially the Internet are so widely accepted and used even from governments and large corporations that is becoming part of their critical infrastructure. Such a use introduces stringent security requirements that a network designer must fulfill. In contrast with pure telecommunication networks, data networks, and especially the Internet, are characterized by lack of a legal framework of operation. Under these circumstances, addressing network security is a rather hard problem. Proposed solutions are mainly based on cryptographic techniques. In this thesis we address the problem of designing secure data networks. The approach is bottom-up. Starting from primitive building blocks of security e.g., algorithms and cryptographic protocols, we build more and more complex security building blocks, finally reaching in a complete security architecture for embedded systems networks. Initial focus is on implementation issues of cryptographic algorithms with emphasis on resource-limited environments. We present CryptoPalm, a cryptographic library we developed for systems based on PalmOS operating system. Then, we study the security of the Fiat-Shamir authentication protocol in environments where faults are deliberately injected during cryptographic computations. As a next step, we introduce the novel approach of using randomness in cryptography; we propose a new secure communication protocol based on randomness. This protocol achieves the desired security characteristics with low implementation cost. We present a case study of popular network security architectures (namely Bluetooth and Internet) and a set of original attacks we developed. We propose countermeasures for each fighting back these attacks. The thesis concludes by introducing a novel architecture for designing secure networks. The proposed architecture addresses the problems arising in current security architectures.

Αρχιτεκτονική

Ασφάλεια

Δίκτυο

Διαδίκτυο

Κρυπτογραφία

Κρίσιμη υποδομή

005.8

Architecture

Security

Network

Embedded systems

Internet

Cryptography

Critical infrastructure

Secure communications for critical infrastructure control systems

Dawson, Robert Edward

January 2008

In March 2000, 1 million litres of raw sewage was released into the water system of Maroochy Shire on Queensland’s sunshine coast. This environmental disaster was caused by a disgruntled ex-contractor using a radio transmitter to illicitly access the electronically controlled pumps in the control system. In 2007 CNN screened video footage of an experimental attack against a electrical generator. The attack caused the generator to shake and smoke, visually showing the damage caused by cyber attack. These attacks highlight the importance of securing the control systems which our critical infrastructures depend on. This thesis addresses securing control systems, focusing on securing the communications for supervisory control and data acquisition (SCADA) systems. We review the architectures of SCADA systems and produce a list of the system constraints that relate to securing these systems. With these constraints in mind, we survey both the existing work in information and SCADA security, observing the need to investigate further the problem of secure communications for SCADA systems. We then present risk modelling techniques, and model the risk in a simple SCADA system, using the ISM, a software tool for modelling information security risk. In modelling the risk, we verify the hypothesis that securing the communications channel is an essential part of an effective security strategy for SCADA systems. After looking at risk modelling, and establishing the value of securing communications, we move on to key management for SCADA systems. Appropriate key management techniques are a crucial part of secure communications, and form an important part of the contributions made in this work. We present a key management protocol that has been designed to run under the constraints specific to SCADA systems. A reductionist security proof is developed for a simplified version of the protocol, showing it is secure in the Bellare Rogaway model.

Výpadek elektrické energie z pohledu krizového štábu ORP Český Krumlov / Power outage from the perspective of the crisis staff ORP Czech Krumlov

FILIPOVÁ, Eva

January 2015

Electric energy is part of our lives. We use electric energy everyday in our lives at home or work. The use ranges from home lighting to using computers or traffic lights. Electric energy became the indispensable part of our days. Electric energy is included in the fields of critical infrastructure which is essential to maintain safety and running the country. Power cut of critical infrastructure jeopardize the common being of inhabitants and also the safety of this region. Critical infrastructure is based in the Czech law of crisis management nb. 240/2000Cl and also in government regulation nb. 432/2010Cl about criteria of dealing crisis infrastructure. It is necessary to be prepared for every aspect of power cuts in the critical infrastructure field thoroughly as power cut can endanger human society and state. Because of the serious threat human society and state is essential to the individual areas of critical infrastructure failures to adequately prepare.Readiness to electrical power outage is a main theme of this thesis. The thesis focus on region of Cesky Krumlov located in South Bohemia, Czech Republic. Theoretical part of thesis named Power outage from the perspective of the crisis staff ORP Cesky Krumlov deals the aspects of electric energy and critical infrastructure. Reader learns about production, transport and distribution of electrical energy. Reader can also find information about power outages black outs. The thesis explains the meaning of word Infrastructure and also clarifies critical infrastructure and following protection of critical infrastructure. The thesis includes more information about critical infrastructure i.e. which documents deals with the problem of critical infrastructure, when and why the protection of critical infrastructure started and who was pioneer of the field problem. The thesis also describes the field of blackouts and gives the examples of the biggest blackouts which have every occurred in the world. The thesis reveals the cause of mentioned blackouts if the cause was human error, technical problem or overload of transmission system. The thesis shows the impact of blackouts on suffering population time they spent without electricity and how many people was affected with blackout, to complete the picture of blackouts. The last chapter is about crises staff. Reader learns about meaning of crisis staff and why and in which situations is the crisis staff in session. The thesis names and describes the crisis staffs at every level and describes the structure of crisis staff on every level government crises staff, county crisis staff and region crisis staff. The researcher part of this thesis is focused on region of Cesky Krumlov. The region is divided in municipalities and its belonging townships.The thesis gives picture about region population and its average age. The thesis also gives information about main water reservoirs and watercourses in region. The thesis mentions the leading farm economies which can be jeopardize during electric power outage. The thesis defines and analyses secondary crisis situations, which can occur during long lasting electrical power outage. The conclusion focus on the thesis research question "Is crises staff of region CeskýKrumlov prepared for the crises of electrical power outage?" The answer for the research question was ascertain by methods of risk analysing-the Checklist analysis and SWOT analysis. The research question was answered, based on these two analyses. One method was used to check the readiness for electrical power outage and following protection of region population of crisis staff of region CeskýKrumlov. The second method marks off strong and weak parts, opportunities and threats from the electrical power cut point of view. Following percentage calculation shows, what is the biggest danger for region of Cesky Krumlov in the moment of electrical power outage.

Dopady výpadku elektrické energie ve velkých potravinářských podnicích v Jihočeském kraji / Impacts of a power outage in great food - processing companies in South Bohemia county

HÁSKOVÁ, Michaela

January 2014

Indispensability of electricity in all areas of life, including industry, requires enterprises to be prepared for possible power outages, which would minimize impacts on the population. The aim of this thesis titled "Impacts of a power outage in great food - processing companies in the South Bohemia county" is to analyze possible impacts of power cuts in the awareness system of large food enterprises and to assess the effects it would have on the protection of the population when power outage occurs. To obtain the data for the thesis, I used a qualitative research in the form of structured interviews with employees of five large food enterprises, who are responsible for the given area. SWOT analyse was used to evaluate the interviews and a KARS method was used for the analysis of the most significant impacts of an electric power outage in the system of awareness of enterprises and in the protection of the population. The results of the research revealed a basic fact that electricity outage would mean an immediate interruption of production for the food enterprises in South Bohemia. None of the enterprises surveyed owns a standby electric power source, so the sustainability of the standby energy supply does not exist. This fact is alarming mainly from the point of view of the crisis management, because two of the surveyed enterprises are included in the Crises plan of South Bohemia and implement corresponding measures. An important factor influencing the current state of food enterprises awareness for electricity outage is undoubtedly the fact that there is no legislation in the Czech Republic at the moment, which would impose an obligation for food enterprises to prepare for electric power outages. To increase the awareness of the food enterprises for electricity outage, for example in the form back up power sources, would require considerable investments. I hope that this thesis will serve not only as a study material, but also will be a subject of discussion for food enterprises, presenting a model for a case of electric power outage.

Úroveň povědomí obyvatelstva o problematice rozsáhlých výpadků elektrické energie / The level of awareness of inhabitants about the problems of large-scale electrical power failures

HAJDAJOVÁ, Natálie

January 2018

The diploma thesis deals with large-scale electrical power failures, in other words about blackouts. The work is then divided into two sections. The theoretical part describes the (critical) infrastructure, which is undoubtedly part of the electrical energy, further introduces the reader to the electricity system of the Czech Republic and also with blackout as such. The last chapter analyzes some important outages in the world and in total of eight blackouts and trying to point out how technical defects, control errors or extreme weather manifestation can negatively affect the lives of each of us. In the practical part are mentioned two objectives. The first, main aim of the diploma thesis is to find out and assess the level of knowledge of inhabitants about the problems of large-scale electrical power failures, with a hypothesis claims that awareness of the population in selected municipalities with extended competence does not reach 80 %. The exploration is carried out on two municipalities with extended competence Uherské Hradiště and České Budějovice. Obtained data are then evaluated by a comparative approach. Based on the results of the research, remedies are being suggested, purpose of the remedies is to improve the system of informing the population about the subject matter. This is the second objective. According to the objectives and for the needs of my thesis, I used the method of collecting data in the form of a questionnaire survey which carries elements of quantitative research. The thesis and its results can serve as a study material which could be further used for other research. Also it may be inspired by considering how to improve the awareness of the inhabitants.

Optimal Resource Allocation in Social and Critical Infrastructure Networks

January 2016

abstract: We live in a networked world with a multitude of networks, such as communication networks, electric power grid, transportation networks and water distribution networks, all around us. In addition to such physical (infrastructure) networks, recent years have seen tremendous proliferation of social networks, such as Facebook, Twitter, LinkedIn, Instagram, Google+ and others. These powerful social networks are not only used for harnessing revenue from the infrastructure networks, but are also increasingly being used as “non-conventional sensors” for monitoring the infrastructure networks. Accordingly, nowadays, analyses of social and infrastructure networks go hand-in-hand. This dissertation studies resource allocation problems encountered in this set of diverse, heterogeneous, and interdependent networks. Three problems studied in this dissertation are encountered in the physical network domain while the three other problems studied are encountered in the social network domain. The first problem from the infrastructure network domain relates to distributed files storage scheme with a goal of enhancing robustness of data storage by making it tolerant against large scale geographically-correlated failures. The second problem relates to placement of relay nodes in a deployment area with multiple sensor nodes with a goal of augmenting connectivity of the resulting network, while staying within the budget specifying the maximum number of relay nodes that can be deployed. The third problem studied in this dissertation relates to complex interdependencies that exist between infrastructure networks, such as power grid and communication network. The progressive recovery problem in an interdependent network is studied whose goal is to maximize system utility over the time when recovery process of failed entities takes place in a sequential manner. The three problems studied from the social network domain relate to influence propagation in adversarial environment and political sentiment assessment in various states in a country with a goal of creation of a “political heat map” of the country. In the first problem of the influence propagation domain, the goal of the second player is to restrict the influence of the first player, while in the second problem the goal of the second player is to have a larger market share with least amount of initial investment. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2016

Computer science

Algorithms

NP Completeness Analysis

optimization problems

Resource Allocation problems

Social Networks Analysis