International Journal of Critical Infrastructures (14 papers in press)
Cost-effectiveness analysis of reinforcement strategies for (multifunctional) flood defences in the Netherlands
by Fatemeh Anvarifar, Matthijs Kok, Wil Thissen, Chris Zevenbergen, Behrouz Raftari
Abstract: Dike reinforcement decision making in the Netherlands is challenged by the presence of various uncertainties. To handle uncertainty, this paper examines whether increasing the managerial flexibility of a reinforcement strategy can improve the lifecycle cost-effectiveness in the context of Dutch flood defences. Two flexible strategies are developed and compared to an inflexible baseline strategy. The strategies are examined in eight case studies, two different scenarios of sea level rise, and four discount rates. It is shown that increasing the flexibility of reinforcement strategies has the potential to improve the cost-effectiveness for monofunctional dikes. The relative cost-effectiveness of flexible strategies decreases as the dike becomes multifunctional. The results prove to be sensitive to the choice of the scenario and discount rate. It is concluded that reinforcement decision making needs to address uncertainty explicitly as well as to account for smaller scale developments around the dike. It is suggested that current engineering practice can be improved if the possibility of a variable design lifetime is also addressed in reinforcement decision making.
Keywords: Climate change; cost-effectiveness; flexibility; multifunctional dikes; reinforcement; sea level rise; strategy; uncertainty.
Resilient Industrial Control Systems based on Multiple Redundancy
by Cristina Alcaraz
Abstract: The incessant search for cost-effective recovery solutions for structural controllability has led to one of the most challenging research areas within the field of critical infrastructure protection. The resilience of large heterogeneous
distributions, like industrial control scenarios, is proving to be a complicated mission due to the inherent non-locality problems of structural controllability and its susceptibility to advanced threats. To address these issues, this paper proposes a new repair approach based on multiple redundant pathways and the lessons learnt from the work presented in . From , we have adapted the local measures, to combine them with each of the five strategies of remote reconnection described in this paper. To validate the sustainability of the combined approaches, two practical case studies are presented here, showing that a local dependence on a brother driver node together with remote dependence is enough to reach optimal states in linear times.
Keywords: Industrial Control Systems; Control; Resilience; Restoration; Structural Controllability; Community Structures.
A System Dynamics Simulation tool for the management of extreme events in urban transportation systems
by Stefano Armenia, Georgios Tsaples, Camillo Carlini, Claudia Volpetti, Riccardo Onori, Gianluca Biondi
Abstract: The objective of the paper is to present a simulation-based Interactive Environment that could help decision-makers to evaluate the direct, indirect, social and economic effects of a public transportation system closedown. The methodology that was used for the development of the simulator is System Dynamics, because it is used to understand how a systems behavior emerges and how insights can be gained into how policy changes might alter the very same behavior. The simulator is based on two simulation models that investigate the importance of an urban transportation system in two different time frameworks. The main results demonstrate that the behavior of the passengers affects the operation of the transportation system and consequently, the economic activity of the entire urban environment. Finally, the simulator and the tested policies demonstrated that the improvement of transportation drives the economic development of an urban environment.
Keywords: System Dynamics; Transportation system; terrorist attack; flight simulator; effective decision-making; crisis management.
Optimal investment in power system for defending against malicious attacks through Defender-Attacker-Defender model and Mixed Strategy Nash equilibrium
by Ali Marjanian, Soodabeh Soleymani
Abstract: One of the most important infrastructures in a country is the electric power grid. Undoubtedly, the performance of other critical structures severely depends on the power system and any breakdown or destruction in the power grid (general or partial) can damage other structures. However, since the defence budget of most countries (power system defenders) is limited, an elaborate and detailed plan should be designed for this problem. In this paper, the problem of protecting the system is formulated as a three-player game (Defender-Attacker- Defender (DAD)). The first player is the operator of the power system who is able to rectify the network topology by line switching. The second player is the attacker who intends to maximize the load loss of the system by attacking the lines and making them out of service, and the third player is the power system planner who tries to minimize the effects of attacks by allocating the budget to the different elements and recovery.
The optimal strategy for the above game is obtained based on Mixed Strategy Nash Equilibrium (MSNE). This study employed a Genetic Algorithm to seek the Mixed Strategy Nash equilibrium point. The results in this study show that: (1) the application of the three player game theory model could provide an optimal investment strategy for power systems against malicious attacks; (2) line-switching is a useful tool for improving the power network performance; (3) the proposed model accounts for the relationship between the defending budget, recovery time and the expected payoff; and (4) using GA to solve MSNE allows to obtain the optimal response in an agreeable time.
Keywords: Electric grid defence planning; Game theory; Mixed Strategy Nash Equilibrium; Malicious attack.
Achieving Desired Performance Objectives in the Energy Sector through Data Analytics
by J.S. Hurley
Abstract: The deployment of IT systems in critical infrastructure (CI) sectors has gained a lot of support because of the benefits seen in environments that utilize IT systems and networks. Benefits such as cost savings, increased efficiencies, and broader access have caught the attention of senior leaders responsible for the operation of these sectors. Unfortunately, the benefits have been accompanied by many of the IT vulnerabilities, especially the broader target base to disrupt and/or alter operations of the facilities. Senior leaders now find themselves in unfamiliar territory having very limited experience in the impact of IT systems and networks in CI sectors. Consequently, they are relying upon intuition and, in some cases, unrelated experiences to make strategic decisions that could significantly impact a broad range of services and capabilities. The potential consequences, however, of a single misstep or series of missteps could be in one case a mild inconvenience, or in another, dire. Most of the attention has been directed to the hiring of unique expertise in a few positions, such as chief data officers, data scientists, and data analysts. These highly specialized positions come at a very large cost due to the scarcity of qualified persons available. This paper promotes the alternative of focusing on the analytic capability of the sectors and how to meet the requirements and demands of more data-driven decision making across the entire enterprise. Results show that the utilities component of the Cl's Energy sector can reap immediate benefits from decision making that uses a data-driven, information-oriented, analytical strategy to quantitatively assess facilities operation, security, and resilience.
Keywords: Data-driven; information-oriented; analytical; decision making; cyber attacks.
Design and Validation of the Medusa Supply Chain Risk Assessment Methodology and System
by Spyridon Papastergiou, Nineta Polemi, Panayiotis Kotzanikolaou
Abstract: Supply Chains (SC) can be viewed as complex interconnected systems that play a vital role of the transportation and delivery of goods and services. SC usually involve various Critical Infrastructures, mainly in the transportation sector and exhibit intra-sector and cross-border dependencies with various business entities. Although efforts have been made to standardize Supply Chain Risk Assessment approaches (SC RA), there is a lack of targeted methodologies. In our previous work  we have proposed a preliminary version of the Medusa SC RA methodology, compliant with ISO28001. The primary goal of Medusa is to assess the risks of a SC rising from the interconnections and interdependencies between the various entities within it. In this paper, we significantly extend our previous work, in order to define all specific details of the Medusa SC RA, such as estimations of threat levels, consequences, risk scales, cascading risks; generation of a baseline SC security policy and identification of security controls. Furthermore we validate our methodology based on real case scenarios, derived from the pilot operations of the Medusa project; and we provide implementation details of the Medusa collaborative system which hosts the methodology and offers SC RA services to the involved business partners.
Keywords: Supply Chain; Risk Assessment; Critical Infrastructures; Dependency Graphs; experimental validation.
Special Issue on: Cyber Security of Critical Infrastructures Recent Advances and Future Directions
On the Detection of Cyber-Events in the Grid Using PCA
by Nathan Wallace, Travis Atkison
Abstract: The emergence of cyber systems to the realm of physical control
is currently being seen in the control environment of the critical infrastructure
power grid. This research describes a possible way of detecting cyber-events
including malicious intrusions. Specifically the intrusion this work examines is
data manipulation or data injection. The detection mechanism used is based on
information retrieval and feature identification methods. Principal component
analysis, a type of feature identification method, is used to transform each
observed power system instance into a new dimensional space. In this new
space a detection metric is created based on the Hotelling T2 value along with a
probabilistic metric to classify instances that may contain malicious activity. An
experimental trusted model is derived based on a pseudo-random Monte-Carlo
simulation of the Newton-Raphson method for a 5-Bus power system.
Keywords: SCADA systems; Data security; Power system simulation.
A Security Architectural Pattern for Risk Management of Industry Control Systems within Critical National Infrastructure
by Andy Wood, Ying He, Leandros A. Maglaras, Helge Janicke
Abstract: SCADA and ICS security have been focusing on addressing issues such as vulnerability discovery and intrusion detection within critical national infrastructure. Less attention has been paid to architectural solutions to the cyber security risks from an information assurance perspective. Security controls are not always traced back to the business requirements. This paper presents a holistic end-to-end view of the requirements, medium to high severity risks and proposes a generic security architectural pattern to address them. The architectural pattern is developed based on the Sherwood Applied Business Security Architecture (SABSA) top two layers, contextual and conceptual, which are responsible for understanding the business requirements and development of a concept architecture and strategy. Moreover, this research is motivated by industrial practices and has reflected the recent changes of GCHQ's mission. This research also contributes to the SCADA/ICS risk assessment by deriving holistic sets of risk management and architectural design requirements for SCADA/ICS.
Keywords: Industry Control Systems; Critical National Infrastructure; Security Architectural Pattern; Risk Management; Business Requirements; SABSA.
Complex System Governance for Critical Cyber-Physical Systems
by Polinpapilinho Katina, Charles Keating, Adrian Gheorghe, Marcelo Masera
Abstract: In cyber-physical system (CPS), software components (i.e., computational elements) are tightly intertwined with physical entities to produce distinguishing behavioral modalities. CPS, as a field, is relatively new, emerging, and somewhat fragmented in development. There are multiple agencies, entities, and activities being undertaken to address a nexus of emerging issues including cyber-threats and attack in critical systems. However, the development of CPS, as a field, albeit with good intentions and efforts, appears to be largely self-organizing. In response, we suggest governance, as posited in Complex System Governance, as an organizing construct for critical cyber-physical systems to provide more cohesion. Complex System Governance (CSG) is focused on design, execution, and evolution of metasystem functions necessary to provide for communication, control, coordination, and integration (C3I) in CPS. First, we introduce the concept of critical CPS, emphasizing current domination of self-organization as the driving force in developing viable CPS. Second, a CSG model is introduced to suggest an alternative for more purposeful system design and evolution. The paper concludes implications for future research directions.
Keywords: Complex system governance; Critical infrastructures; Cyber-physical systems; Cybersecurity; Management cybernetics; Metasystem; Systems thinking.
A process-based dependency risk analysis methodology for Critical Infrastructures
by George Stergiopoulos, Vasilis Kouktzoglou, Marianthi Theocharidou, Dimitris Gritzalis
Abstract: This paper applies research in dependency modelling to a process-based risk assessment methodology suitable for critical infrastructures. The proposed methodology dynamically assesses the evolution of cascading failures over time between assets involved in a business process of an infrastructure. This approach can be applied by a CI operator/owner to explore how a failure in a single component (asset) affects the other assets and relevant business processes. It could also be applied in an analysis that includes multiple CI operators in the same supply chain to explore the dependencies between their assets and explore how these affect the provision of key societal services. The paper presents a proof-of-concept tool, based on business-process risk assessment and graph modelling, and a realistic case example of a rail scheduling process. The approach allows risk assessors and decision makers to analyze and identify critical dependency chains and it can reveal underestimated risks due to dependencies.
Keywords: Risk assessment; business process; asset; dependency; cascading failures; risk chains; likelihood; impact; critical infrastructure.
A two-factor key verification system focused on remote user for medical applications
by Trupil Limbasiya, Sachit Shivam
Abstract: Doctors can provide health care related treatments to users by using Telecare Medicine Information Systems (TMIS). To safeguard these systems, an appropriate security scheme for authentication plus key agreement is required conclusively. Recently in 2015, Arshad et al. revealed some flaws in Bin Muhaya's authentication and key agreement scheme and proposed an enhanced system on the same. However, we demonstrate that Arshad et al.'s scheme is susceptible to session key disclosure as well as user impersonation attacks. Moreover, in pursuance of better security, we introduce a new two-factor authentication and key agreement scheme.
Keywords: Authentication; Key agreement; Session Key; TMIS;.
PREEMPTIVE: an Integrated Approach to Intrusion Detection and Prevention in Industrial Control Systems
by Estefania Etcheves Miciolino, Federico Griscioli, Maurizio Pizzonia, Dario Di Noto
Abstract: Cyber-security of Industrial Control Systems (ICSs) is notoriously hard duernto the peculiar constraints of the specific context. At the same time, the use of specifically crafted malware to target ICSs is an established offensive mean for opposing organizations, groups, or countries. We provide an overview of the results attained by the Preemptive project to improve the cyber-security of ICSs. Preemptive devised several integrated tools for detection and prevention of intrusions in this context. It also provides a way to correlate many small events giving rise to more significant ones, as well as to show the whole cyber-security state to the user by means of specific Human-Machine Interfaces.
Keywords: cyber security; SCADA protection; ICS security; IDS; events correlation.
An Anatomy of Trust in Public Key Infrastructure
by Jingwei Huang, David Nicol
Abstract: Public Key Infrastructure (PKI) is a critical component of information infrastructure, which has strong impacts through cybersecurity to the whole system of interconnected independent critical infrastructures, particularly in the context of fast growth of Internet of Things, where traditional critical infrastructure systems are transforming into smart cyber-physical systems. PKI is a mechanism of trust to support identity authentication, digital certification, secure communication, and privilege authorization. In this paper, we investigate the trust mechanism used in PKIs, and we found that the major PKI specification documents do not precisely define what trust exactly means in PKIs, and there are implicit trust assumptions in the real practice of PKIs. Some assumptions may not be always true. Those implicit trust assumptions may cause different parties particularly relying parties to have different understanding about the meaning of certificates and trust; thus possibly causing misuse of trust. This paper attempts to have an in-depth analysis to PKI trust mechanism.
Keywords: Critical Infrastructures; Critical Information Infrastructure;
Cybersecurity; PKI; Trust; PKI Trust Mechanism.
Towards Effective Cyber Security Resource Allocation: The Monte Carlo Predictive Modelling Approach
by Tesleem Fagade, Konstantinos Maraslis, Theo Tryfonas
Abstract: Organisations invest in technical and procedural capabilities to ensure the confidentiality, integrity and availability of information assets and sustain business continuity at all times. However, given growing productive assets and limited protective security budgets, there is need for deliberate evaluation of information security investment. Optimal resource allocation to security is often affected by intrinsically uncertain variables and associated factors like technical, economical and psychological; therefore, security expenditure is a crucial resource allocation decision. In spite of that, security managers and business owners are often incentivised by different drivers on whether to allocate optimal resources to cyber-specific security protective assets, or other business productive assets. Hence, there is disparity of opinion in resource allocation decisions. We explored how Monte Carlo predictive simulation model can be used within the context of Information Technology to reduce these disparities. Using a conceptual enterprise as a case study and verifiable historical cost of security breaches as parametric values, our model shows why using conventional risk assessment approach as budgeting process can result in significant over/under allocation of resources for cyber capabilities. Our model can serve as a benchmark for policy and decision support to aid stakeholders in optimizing resource allocation for cyber security investments.
Keywords: Information Security; risk assessment; Resource allocation; Monte-Carlo simulation; Security investment decision.