Mapping out dependencies in network components in critical infrastructure

Andersson, Karl

January 2018

Companies that operate with critical infrastructure face a growing threat from cyber-attacks while at the same time the development in the business is rapidly moving towards a higher level of digitalization. A common type of system in critical infrastructure is supervisory control and data acquisition systems, these systems have properties that can affect their security and will therefore serve as the basis for this thesis work. To stay protected despite systems changes, companies need to make risk assessments in order to analyze how changes will affect the overall system. One thing that is important to focus on is dependencies within the system, this means that not only interaction among computers and networks are concerned but instead a more holistic view of the system need to be considered. This thesis aims to aid the process of a future risk assessment by providing a methodology to be used as a preparatory step before a risk assessment by describing the current situation of the system. This is done by evaluating two system modeling approaches, and also by proposing a number of perspectives that each provides different kind of information about the system’s dependencies. These perspectives are then evaluated by creating system models and dependency graphs, and discussing the outcomes with experts in a utility company to find out their applicability. According to the experts, the proposed perspectives have promising properties that can be useful in future risk assessments as well as in other scenarios. Moreover, the evaluated modeling approaches got positive comments during evaluation and are considered to serve their purpose.

critical infrastructure

system dependencies

scada network

dependency analysis

mapping components

system modeling

Computer and Information Sciences

Data- och informationsvetenskap

Návrh managementu sítě pro strojírenskou společnost / Computer Network Management Design for the Engineering Company

Kapoun, Miroslav

January 2020

The diploma thesis deals with the issue of computer network management design with all the necessary steps at the level of a medium-sized engineering company. In addition to the implementation of the monitoring system, the work also focuses on the design of network devices, organizational changes, compilation of a network graph and structural settings with a precise layout for project management.

Review of an industrially implemented model of zoning principles for electricity distribution and energy production

Åberg, Erik

January 2011

The interconnection of components of industrial automation and control systems (IACS) and enterprise systems involved in processes ranging from generation and transmission to billing within electric utilities poses challenges regarding cyber security as well as division of organisational responsibility. One means of organising these components and systems is to use a zone model in which they are segmented, offering layered defences as well as a logical grouping. One such zone model is the zone model under review, which was presented by Zerbst et al. in a CIRED paper from 2009. This master thesis reviews that zone model and compares it to other industry standard zone models which have been found to be able to be categorised into either functional based models or layered defence models. The outcome is a rough definition of what kind of content fits in the various zones of the reviewed model, as well as a normalised zone model to be used for comparison. A suggested method for dividing system components into zones is based on the 4R-method considering the response time, resolution, reliability and reparability of the system component, although its accuracy has not been empirically tested.

Elektroteknik och elektronik

Potenciál kybernetických hrozeb v oblasti kritické energetické infrastruktury / The Potential of Cyber Threats in the Critical Energy Infrastructure

Starý, Jan

January 2015

Diploma thesis analyses the potential of Cyber Threats towards critical energy infrastructure in terms of network theories originating in graph theories, complex networks and technological possibilities how to compromise security of networks belonging to critical infrastructure. By the analysis of defined dependent and independent variables the author finds out how networks behave under which circumstances, what means exist in the field of network security and if adopted measures to increase security are in accordance with the effort of creation safe and decentralized system of critical energy infrastructure. Main emphasis is put on the concept of smart grids as possible solution of decentralization. In these terms technical means of security are studied especially with emphasis on SCADA (Supervisory Control And Data Acquisition) systems and the Internet as one of the essential component of communication in modern communication technologies.

Essential Healthcare Services and Cloud Computing

Hourani, Osama

January 2021

Like many organizations, critical infrastructures and essential services are adopting cloud computing. The many benefits are however clouded with security concerns. These types of organizations and services are associated with severe societal and individual consequences from failures or incidents. They are naturally subject to strict regulations and requirements. Even if critical and essential services are adopting and utilizing cloud computing, organizations hesitate due to unsolved challenges with cloud computing for critical and essential services. To mitigate such unnecessary impediments and to enhance secure Health-CC, there is a need for an exploration of existing solutions for Health-CC, as well as investigating gaps, to provide improving considerations. To address this problem, the thesis investigated existing challenges and solutions for cloud computing security, regarding cloud computing within essential healthcare. Here, called “Health-CC”, and encompasses settings and processes where cloud computing is highly involved and where system, assets, and data protection are intensively actualized. The research question required the author to identify cloud computing challenges, thematize related solutions, patterns, gaps, and laying a basis for a well-based discussion on possible improving considerations – from a pertinent critical infrastructure protection perspective, for essential healthcare services. The chosen research question necessitated a problem-driven mixed methods approach, where a systematic literature review was utilized for the overall research guidance and selection procedures. Selection criteria were formulated to capture the mentioned Health-CC security settings. An integrated traditional literature review was added for the purpose of the scientific base. At the analysis level, the mixed methods approach facilitated a thematic synthesis analysis – to identify themes, patterns, and gaps or shortcomings, as well as lay the basis for following discussion of improving security considerations. Three solution groups were identified: specific techniques, software architecture, and assessment models. Further analysis of their solution types from a pertinent critical infrastructure protection perspective, identified multiple patterns: from recurring techniques or administrative components, targeted security issues, Health-CC environment focus, framework coverage, to the type of aspects and perspectives involved. This resulted in general patterns of solution components and perspectives, although revealing several shortcomings and possible improving considerations for enhanced Health-CC security: explicit critical infrastructure protection perspective; focus on continuity aspects; multi-party and multi-actor nature of Health-CC arrangement deserves more focus; system protection emphasis; availability concept and deterring properties highly considered; cloud environment specified when possible; data protection concerns only crucial and sensitive data required by law. Its conclusions on the exploration of solutions as well as improving considerations contribute to the HealthCC security field, to a satisfying degree.

cloud computing

essential healthcare

cloud security

critical infrastructure protection

system protection

data protection.

Computer Sciences

Datavetenskap (datalogi)

Critical Digital Infrastructure Protection: An Investigatoin Into The Intergovernmental Activities Of Information Technology Directors In Florida Counties

Devenny, Joah Nicole

01 January 2004

As cyber attacks become more sophisticated, the risk to all networked computer systems increases. Whether public or private, whether federal, state, or local, the threat is equally real. Consequently, local governments must respond accordingly to understand the threats, take measures to protect themselves, and determine how to respond in the event of a system breach. Additionally, since cyber criminals do not respect geographic or administrative boundaries, local leaders must be prepared to instantly interact with other governments, agencies, and departments to suppress an attack. Guided by the theory of intergovernmental management (IGM), this exploratory research investigated how Information Technology (IT) Directors in Florida county constitutional offices use intergovernmental relations and management activities as part of their information security efforts. Specifically, this research sought to determine: 1) which IGM activities do county IT Directors most often perform; 2) do county IT Directors make more use of vertical or horizontal IGM relationships; 3) is there a relationship between office/county demographics and the IGM activities its IT Directors most often perform? To answer these questions, an electronic survey was distributed to 209 directors, of which 125 responded. Overwhelmingly, the findings indicate that these Directors rarely engage in IGM activities regardless of the purpose or type of government/department contacted. However, when seeking intergovernmental assistance, it is most often horizontally with other Departments within their own government and least often vertically with Federal offices. The most frequently performed intergovernmental activity is seeking technical assistance, however seeking program/project information is also perform more frequently than the other activities explored in this research. The least frequently performed activities involved seeking to modify established IT partnerships. Further, there was evidence of relationships between certain office/county demographics and IGM activity. The discovery of these patterns and relationships can be used to aid policy and program development, as well as to stimulate deeper inquiry into the intergovernmental dimensions involved in protecting local elements of the U.S. Critical Digital Infrastructure.

County

Critical infrastructure protection

Information technology

Intergovernmental management

Local government

Public Affairs

Security of Critical Cyber-Physical Systems: Fundamentals and Optimization

Eldosouky Mahmoud Salama, Abdelrahman A.

18 June 2019

Cyber-physical systems (CPSs) are systems that integrate physical elements with a cyber layer that enables sensing, monitoring, and processing the data from the physical components. Examples of CPSs include autonomous vehicles, unmanned aerial vehicles (UAVs), smart grids, and the Internet of Things (IoT). In particular, many critical infrastructure (CI) that are vital to our modern day cities and communities, are CPSs. This wide range of CPSs domains represents a cornerstone of smart cities in which various CPSs are connected to provide efficient services. However, this level of connectivity has brought forward new security challenges and has left CPSs vulnerable to many cyber-physical attacks and disruptive events that can utilize the cyber layer to cause damage to both cyber and physical components. Addressing these security and operation challenges requires developing new security solutions to prevent and mitigate the effects of cyber and physical attacks as well as improving the CPSs response in face of disruptive events, which is known as the CPS resilience. To this end, the primary goal of this dissertation is to develop novel analytical tools that can be used to study, analyze, and optimize the resilience and security of critical CPSs. In particular, this dissertation presents a number of key contributions that pertain to the security and the resilience of multiple CPSs that include power systems, the Internet of Things (IoT), UAVs, and transportation networks. First, a mathematical framework is proposed to analyze and mitigate the effects of GPS spoofing attacks against UAVs. The proposed framework uses system dynamics to model the optimal routes which UAVs can follow in normal operations and under GPS spoofing attacks. A countermeasure mechanism, built on the premise of cooperative localization, is then developed to mitigate the effects of these GPS spoofing attacks. To practically deploy the proposed defense mechanism, a dynamic Stackelberg game is formulated to model the interactions between a GPS spoofer and a drone operator. The equilibrium strategies of the game are analytically characterized and studied through a novel, computationally efficient algorithm. Simulation results show that, when combined with the Stackelberg strategies, the proposed defense mechanism will outperform baseline strategy selection techniques in terms of reducing the possibility of UAV capture. Next, a game-theoretic framework is developed to model a novel moving target defense (MTD) mechanism that enables CPSs to randomize their configurations to proactive deter impending attacks. By adopting an MTD approach, a CPS can enhance its security against potential attacks by increasing the uncertainty on the attacker. The equilibrium of the developed single-controller, stochastic MTD game is then analyzed. Simulation results show that the proposed framework can significantly improve the overall utility of the defender. Third, the concept of MTD is coupled with new cryptographic algorithms for enhancing the security of an mHealth Internet of Things (IoT) system. In particular, using a combination of theory and implementation, a framework is introduced to enable the IoT devices to update their cryptographic keys locally to eliminate the risk of being revealed while they are shared. Considering the resilience of CPSs, a novel framework for analyzing the component- and system-level resilience of CIs is proposed. This framework brings together new ideas from Bayesian networks and contract theory – a Nobel prize winning theory – to define a concrete system-level resilience index for CIs and to optimize the allocation of resources, such as redundant components, monitoring devices, or UAVs to help those CIs improve their resilience. In particular, the developed resilience index is able to account for the effect of CI components on the its probability of failure. Meanwhile, using contract theory, a comprehensive resource allocation framework is proposed enabling the system operator to optimally allocate resources to each individual CI based on its economic contribution to the entire system. Simulation results show that the system operator can economically benefit from allocating the resources while dams can have a significant improvement in their resilience indices. Subsequently, the developed contract-theoretic framework is extended to account for cases of asymmetric information in which the system operator has only partial information about the CIs being in some vulnerability and criticality levels. Under such asymmetry, it is shown that the proposed approach maximizes the system operator's utility while ensuring that no CI has an incentive to ask for another contract. Next, a proof-of-concept framework is introduced to analyze and improve the resilience of transportation networks against flooding. The effect of flooding on road capacities and on the free-flow travel time, is considered for different rain intensities and roads preparedness. Meanwhile, the total system's travel time before and after flooding is evaluated using the concept of a Wardrop equilibrium. To this end, a proactive mechanism is developed to reduce the system's travel time, after flooding, by shifting capacities (available lanes) between same road sides. In a nutshell, this dissertation provides a suite of analytical techniques that allow the optimization of security and resilience across multiple CPSs. / Doctor of Philosophy / Cyber-physical systems (CPSs) have recently been used in many application domains because of their ability to integrate physical elements with a cyber layer allowing for sensing, monitoring, and remote controlling. This pervasive use of CPSs in different applications has brought forward new security challenges and threats. Malicious attacks can now leverage the connectivity of the cyber layer to launch remote attacks and cause damage to the physical components. Taking these threats into consideration, it became imperative to ensure the security of CPSs. Given that many CPSs provide critical services, for instance many critical infrastructure (CI) are CPSs such as smart girds and nuclear reactors; it is then inevitable to ensure that these critical CPSs can maintain proper operation. One key measure of the CPS’s functionality, is resilience which evaluates the ability of a CPS to deliver its designated service under potentially disruptive situations. In general, resilience measures a CPS’s ability to adapt or rapidly recover from disruptive events. Therefore, it is crucial for CPSs to be resilient in face of potential failures. To this end, the central goal of this dissertation is to develop novel analytical frameworks that can evaluate and improve security and resilience of CPSs. In these frameworks, cross-disciplinary tools are used from game theory, contract theory, and optimization to develop robust analytical solutions for security and resilience problems. In particular, these frameworks led to the following key contributions in cyber security: developing an analytical framework to mitigate the effects of GPS spoofing attacks against UAVs, introducing a game-theoretic moving target defense (MTD) framework to improve the cyber security, and securing data privacy in m-health Internet of Things (IoT) networks using a MTD cryptographic framework. In addition, the dissertation led to the following contributions in CI resilience: developing a general framework using Bayesian Networks to evaluate and improve the resilience of CIs against their components failure, introducing a contract-theoretic model to allocate resources to multiple connected CIs under complete and asymmetric information scenarios, providing a proactive plan to improve the resilience of transportation networks against flooding, and, finally, developing an environment-aware framework to deploy UAVs in disaster-areas.

Cyber-Physical Systems Security

Critical Infrastructure Resilience

Unmanned Aerial Vehicles

Game Theory

Moving Target Defense

Contract Theory

Internet of Things

Temporalities of water vending : Identifying agencies in the everyday governance of water provision in Mathare, Kenya.

Dufour, Tara Virgile

January 2024

Mathare as an informal settlement of the Global South which suffers from an inconsistent water supply and periods of scarcity, relies for its provision on water vendors. This dissertation strives to advance scholarly debates on understanding the production and governance of the ‘actual water supply’ beyond and in relation to the centralised piped water network, and to thinking the conditions for possible change to modes of water supply. An empirical investigation was conducted on certain temporalities of change and continuity in the relational practices of governance actors of the water provision, the water vendors, situated in the informal settlement of Mathare in Nairobi, Kenya. As such, experiences of water scarcity among the water vendors are suggested to contribute to shape Mathare’s water provision by motivating practices circulation, especially regarding water storage. The water vendors might also crucially sustain and re-configure rules, interact with, and be affected by artefacts involved in the water infrastructure through practices of maintenance, repair, but also decay through temporary events of water infrastructure disruption. In turn, looking at relations shaping the water governance, stable relations are suggested to be re-produced through ‘twilight’ actors and temporal modalities in the water infrastructure.

urban water governance

critical infrastructure theory

water provision

everyday practices

embodiment

informal settlements

water vendors

Global South

Human Geography

Kulturgeografi

La perception du risque terroriste et de ses conséquences sur la gestion de la sécurité dans le système de transport en commun de Montréal

Browne, Tara F.

12 1900

Dans cet ouvrage, nous cherchons à comprendre l‘impact des perceptions sur la production et la gestion de la sécurité dans le réseau du transport en commun de Montréal. Quinze entrevues de recherche ont été effectuées avec des policiers de l‘Unité-Métro pour dégager les principaux éléments qui entrent dans la conception du risque. Les policiers sont appelés à travailler dans un environnement où, d‘une part, il n‘y a jamais eu d‘attaques terroristes, mais d‘autre part qui demeure une cible potentielle à la fois pour les experts, les gouvernements et dans la culture populaire. Nos résultats montrent que les policiers se développent une perception du risque qui leur est propre. En général, ils ont une attitude pragmatique qui leur permet de relativiser les situations et de décider lesquelles nécessitent une intervention de leur part. De plus, les policiers adoptent des stratégies de justification et de protection qui minimisent la perception du risque. Nos participants soulignent que ces stratégies sont nécessaires pour leur permettre d‘effectuer leurs tâches quotidiennes. Ainsi, afin d‘échapper à la paranoïa, les policiers évitent de penser à la menace terroriste et focus plutôt leur attention sur la criminalité sur laquelle ils ont l‘impression d‘avoir un pouvoir réel. Toutefois, la vigilance reste de mise. Malgré que les policiers ne conçoivent pas le risque de la même manière que les gestionnaires, la présence de l‘Unité-Métro demeure un élément important de production de la sécurité sur le terrain. / The research presented in this thesis aims to understand the impact of perceptions on the production and management of security in the Montreal transit system. Fifteen research interviews were conducted with police officers from the Metro Unit to identify the key elements involved in the perception of risk. The police officers are called to work in an environment where, on the one hand, there has never been any terrorist attacks, but on the other, remains a potential target according to experts, governments and popular culture. Our results show that the police officers develop a perception of risk specific to their tasks. In general, they have a pragmatic attitude which allows them to quickly sort situations and decide which ones need their attention. In addition, the police officers adopt justification and protection strategies that allow them to minimize their perception of risk. Participants insist that these strategies are necessary to enable them to perform their daily tasks. Thus, in order to escape falling into a paranoid state, the police officers avoid thinking about the terrorist threat, preferring to focus their attention on the crimes on which they believe to have an actual power. However, vigilance is still required. Although the police officers did not perceive the risk in the same way as administrators, the presence of the Metro Unit remains an important part of the production of security in the Montreal transit system.

Terrorisme

Perceptions

Amplification sociale du risque

Infrastructures essentielles

Tranport municipal

Terrorism

Critical infrastructure

Perceptions

Social amplification of risk

Municipal transport

Interfaces dos riscos urbanos na Região Metropolitana de São Paulo / Interfaces of urban risks in São Paulo Metropolitan Area

Moreira, Renata Maria Pinto

11 December 2018

Diante do crescimento de ameaças extremas, a gestão do risco de desastres é um campo em transformação. Marcos internacionais, que promovem a preparação da resiliência física e financeira nos países, e a lei que institui a Política Nacional de Proteção e Defesa Civil, orientam a mudança de foco da resposta à prevenção, exigindo desdobrar o tema em agendas urbanas variadas. Compreender fatores que amplificam riscos é um dos pontos dessa agenda: em contextos adensados, há vulnerabilidade criada pela própria complexidade e interdependência de grandes sistemas de infraestrutura urbana. Sobre ela, a precariedade urbana acumula vulnerabilidades que podem não resultar em simples soma, mas na escalada dos riscos. Situações classificadas como baixo risco por um setor, quando associadas, podem desencadear efeitos de grande escala. Contribuindo como método para análise de riscos desse contexto, esta tese aborda dimensão desafiadora: a Região Metropolitana de São Paulo como segunda natureza. Compreende desastres como falhas de sistemas urbanos, e busca analisar interfaces em risco que podem amplificar impactos. Identifica, nos conflitos entre escalas local e regional, riscos residuais, falhas sistêmicas, de interface e de desenvolvimento intersetorial. Como base empírica, levanta instrumentos de planejamento e de identificação de risco já existentes e potenciais, e desenvolve análise quantitativa de ocorrências na abrangência Metropolitana para os últimos 10 anos. A análise qualitativa, baseada em notícias de jornal dos períodos com eventos mais críticos, foi desdobrada por meio de entrevistas e levantamento de processos, planos, propostas e programas existentes para 3 casos emblemáticos na RMSP: inundações persistentes no Jardim Pantanal; conflitos entre ocupação, controle de inundação e o Sistema Cantareira na região Norte; e conflitos nos aproveitamentos hídricos a oeste, com impactos extrametropolitanos. As conclusões conduzem a uma agenda específica de pesquisa urbana, como campo que pode conferir visão integradora e de coordenação ao tema da gestão de riscos. / As extreme weather threats rise, disaster risk management field constantly change. Both the International policy frameworks, which promote physical and financial resilience to the countries, and the Brazilian National Policy on Civil Protection and Defense, are driving the focus from response to prevention. This requires a deeper and broader understanding of risk management in urban agenda. Understanding conditions that amplify risks is one of the points of this agenda: there are vulnerabilities created by the very complexity and interdependence of large urban infrastructure systems in large cities and metropolises. On them, urban precariousness overlaps vulnerabilities that may not result in simple sum, but in the escalating of risks. Situations classified as low risk by one sector, when associated, can trigger large-scale effects. Proposing a method for risk analysis of these situations, this thesis addresses a challenging dimension: the São Paulo Metropolitan Region and its second nature. It understands disasters as failures of urban systems, and analyzes interfaces at risk that can increase impacts. It identifies residual risks, interface and systemic failures, and intersectoral development gaps in local and regional cross-scale conflicts. The research was based on surveying existing and potential urban planning instruments and risk identification instruments, and on quantitative analysis of occurrences within the metropolitan area for the last decade. The qualitative analysis was based on newspaper reports from the periods with the most critical events. It was detailed through interviews and survey of existing processes, plans, proposals and programs for 3 emblematic cases in the São Paulo Metropolitan Area: floods in Jardim Pantanal, in the east region; conflicts between urban settlements, flood control and the Cantareira Water Supply System in the north region; and water resources conflicts in the west region, with extra-metropolitan impacts. The conclusions lead to a specific research urban agenda, as a field that might integrate and coordinate actions towards a more effective urban risk management.

Abordagem de múltipas ameaças

All hazards approach

Critical infrastructure

Floodings

Gestão de riscos urbanos

Infraestrutura crítica

Inundações

Região Metropolitana de São Paulo

São Paulo Metropolis

Urban risk management