International Journal of Critical Infrastructures (20 papers in press)
Cost-effectiveness analysis of reinforcement strategies for (multifunctional) flood defences in the Netherlands
by Fatemeh Anvarifar, Matthijs Kok, Wil Thissen, Chris Zevenbergen, Behrouz Raftari
Abstract: Dike reinforcement decision making in the Netherlands is challenged by the presence of various uncertainties. To handle uncertainty, this paper examines whether increasing the managerial flexibility of a reinforcement strategy can improve the lifecycle cost-effectiveness in the context of Dutch flood defences. Two flexible strategies are developed and compared to an inflexible baseline strategy. The strategies are examined in eight case studies, two different scenarios of sea level rise, and four discount rates. It is shown that increasing the flexibility of reinforcement strategies has the potential to improve the cost-effectiveness for monofunctional dikes. The relative cost-effectiveness of flexible strategies decreases as the dike becomes multifunctional. The results prove to be sensitive to the choice of the scenario and discount rate. It is concluded that reinforcement decision making needs to address uncertainty explicitly as well as to account for smaller scale developments around the dike. It is suggested that current engineering practice can be improved if the possibility of a variable design lifetime is also addressed in reinforcement decision making.
Keywords: Climate change; cost-effectiveness; flexibility; multifunctional dikes; reinforcement; sea level rise; strategy; uncertainty.
Resilient Industrial Control Systems based on Multiple Redundancy
by Cristina Alcaraz
Abstract: The incessant search for cost-effective recovery solutions for structural controllability has led to one of the most challenging research areas within the field of critical infrastructure protection. The resilience of large heterogeneous
distributions, like industrial control scenarios, is proving to be a complicated mission due to the inherent non-locality problems of structural controllability and its susceptibility to advanced threats. To address these issues, this paper proposes a new repair approach based on multiple redundant pathways and the lessons learnt from the work presented in . From , we have adapted the local measures, to combine them with each of the five strategies of remote reconnection described in this paper. To validate the sustainability of the combined approaches, two practical case studies are presented here, showing that a local dependence on a brother driver node together with remote dependence is enough to reach optimal states in linear times.
Keywords: Industrial Control Systems; Control; Resilience; Restoration; Structural Controllability; Community Structures.
A System Dynamics Simulation tool for the management of extreme events in urban transportation systems
by Stefano Armenia, Georgios Tsaples, Camillo Carlini, Claudia Volpetti, Riccardo Onori, Gianluca Biondi
Abstract: The objective of the paper is to present a simulation-based Interactive Environment that could help decision-makers to evaluate the direct, indirect, social and economic effects of a public transportation system closedown. The methodology that was used for the development of the simulator is System Dynamics, because it is used to understand how a systems behavior emerges and how insights can be gained into how policy changes might alter the very same behavior. The simulator is based on two simulation models that investigate the importance of an urban transportation system in two different time frameworks. The main results demonstrate that the behavior of the passengers affects the operation of the transportation system and consequently, the economic activity of the entire urban environment. Finally, the simulator and the tested policies demonstrated that the improvement of transportation drives the economic development of an urban environment.
Keywords: System Dynamics; Transportation system; terrorist attack; flight simulator; effective decision-making; crisis management.
Optimal investment in power system for defending against malicious attacks through Defender-Attacker-Defender model and Mixed Strategy Nash equilibrium
by Ali Marjanian, Soodabeh Soleymani
Abstract: One of the most important infrastructures in a country is the electric power grid. Undoubtedly, the performance of other critical structures severely depends on the power system and any breakdown or destruction in the power grid (general or partial) can damage other structures. However, since the defence budget of most countries (power system defenders) is limited, an elaborate and detailed plan should be designed for this problem. In this paper, the problem of protecting the system is formulated as a three-player game (Defender-Attacker- Defender (DAD)). The first player is the operator of the power system who is able to rectify the network topology by line switching. The second player is the attacker who intends to maximize the load loss of the system by attacking the lines and making them out of service, and the third player is the power system planner who tries to minimize the effects of attacks by allocating the budget to the different elements and recovery.
The optimal strategy for the above game is obtained based on Mixed Strategy Nash Equilibrium (MSNE). This study employed a Genetic Algorithm to seek the Mixed Strategy Nash equilibrium point. The results in this study show that: (1) the application of the three player game theory model could provide an optimal investment strategy for power systems against malicious attacks; (2) line-switching is a useful tool for improving the power network performance; (3) the proposed model accounts for the relationship between the defending budget, recovery time and the expected payoff; and (4) using GA to solve MSNE allows to obtain the optimal response in an agreeable time.
Keywords: Electric grid defence planning; Game theory; Mixed Strategy Nash Equilibrium; Malicious attack.
Achieving Desired Performance Objectives in the Energy Sector through Data Analytics
by J.S. Hurley
Abstract: The deployment of IT systems in critical infrastructure (CI) sectors has gained a lot of support because of the benefits seen in environments that utilize IT systems and networks. Benefits such as cost savings, increased efficiencies, and broader access have caught the attention of senior leaders responsible for the operation of these sectors. Unfortunately, the benefits have been accompanied by many of the IT vulnerabilities, especially the broader target base to disrupt and/or alter operations of the facilities. Senior leaders now find themselves in unfamiliar territory having very limited experience in the impact of IT systems and networks in CI sectors. Consequently, they are relying upon intuition and, in some cases, unrelated experiences to make strategic decisions that could significantly impact a broad range of services and capabilities. The potential consequences, however, of a single misstep or series of missteps could be in one case a mild inconvenience, or in another, dire. Most of the attention has been directed to the hiring of unique expertise in a few positions, such as chief data officers, data scientists, and data analysts. These highly specialized positions come at a very large cost due to the scarcity of qualified persons available. This paper promotes the alternative of focusing on the analytic capability of the sectors and how to meet the requirements and demands of more data-driven decision making across the entire enterprise. Results show that the utilities component of the Cl's Energy sector can reap immediate benefits from decision making that uses a data-driven, information-oriented, analytical strategy to quantitatively assess facilities operation, security, and resilience.
Keywords: Data-driven; information-oriented; analytical; decision making; cyber attacks.
Design and Validation of the Medusa Supply Chain Risk Assessment Methodology and System
by Spyridon Papastergiou, Nineta Polemi, Panayiotis Kotzanikolaou
Abstract: Supply Chains (SC) can be viewed as complex interconnected systems that play a vital role of the transportation and delivery of goods and services. SC usually involve various Critical Infrastructures, mainly in the transportation sector and exhibit intra-sector and cross-border dependencies with various business entities. Although efforts have been made to standardize Supply Chain Risk Assessment approaches (SC RA), there is a lack of targeted methodologies. In our previous work  we have proposed a preliminary version of the Medusa SC RA methodology, compliant with ISO28001. The primary goal of Medusa is to assess the risks of a SC rising from the interconnections and interdependencies between the various entities within it. In this paper, we significantly extend our previous work, in order to define all specific details of the Medusa SC RA, such as estimations of threat levels, consequences, risk scales, cascading risks; generation of a baseline SC security policy and identification of security controls. Furthermore we validate our methodology based on real case scenarios, derived from the pilot operations of the Medusa project; and we provide implementation details of the Medusa collaborative system which hosts the methodology and offers SC RA services to the involved business partners.
Keywords: Supply Chain; Risk Assessment; Critical Infrastructures; Dependency Graphs; experimental validation.
Exploring the effect of national policies on the safety level of tunnels that belong to the Trans-European Road Network: A comparative analysis.
by Panagiotis Ntzeremes, Konstantinos Kirytopoulos, Ioannis Benekos
Abstract: The Trans-European Road Network (TERN) was defined to improve the road network of the European Union (EU). Hence, it should guarantee users a high and uniform level of services and safety. Road tunnels, which are a key element of TERN, must be designed to serve these purposes. To this respect and after the disastrous tunnel accidents in Europe in the late 90s, the EU introduced the Directive 2004/54/EC. The Directive imposed minimum infrastructure (including equipment) requirements for all TERNs tunnels attributing also high importance to risk assessment for further enhancing their safety. However, this paper illustrates that the variety of the risk assessment methods adopted by each Member State, although compliant with the provisions of the Directive, do not guarantee the same level of safety for all the TERN tunnels. To argue for that, two methods that share a very high degree of similarity, are used to study the same fire accident scenario at the same TERN tunnel. Despite the similarity of the methods, the differences that occurred in the estimated level of tunnel safety raises skepticism. It is concluded that the same tunnel under the same conditions can be characterised differently in regard to its safety level, depending on the method and national policies used. The outcome illustrates the need to improve policy formulation on this matter.
Keywords: Road network; Transportation; Road tunnel; Directive 54/2004/EC; Risk assessment; Infrastructure safety.
Developing a model and instrument to measure the resilience of critical infrastructure sector organisations
by Tracy Hatton, Charlotte Brown, Robert Kipp, Erica Seville, Peter Brouggy, Michelle Loveday
Abstract: Societies are highly reliant on uninterrupted critical infrastructure services. Until recently, the focus has been on the physical resilience of hard assets such as pipes, cables and buildings. But attention is also turning to a systems approach, considering the capabilities of, and interconnections between, the organisations responsible for developing, maintaining and running those infrastructures. This paper draws on existing research into organisational resilience to develop a model and measurement instrument for whole of sector resilience for selected critical infrastructure sectors, in order to identify sector resilience strengths and weaknesses, and to develop and evaluate the effectiveness of their resilience strategies and investments. The model is intended as a conversation starter to prompt further research on how critical infrastructure organisations can best address their significant co-dependencies to ensure the overall sectors ability to survive and thrive, even in times of crisis.
Keywords: model development; instrument development; measuring resilience; critical infrastructure resilience; organisational resilience; sector resilience; critical infrastructure organisations; resilience strategies.
A deterministic approach for systems-of-systems resilience quantification
by ILYAS ED-DAOUI, MHAMED ITMI, ABDELKHALAK EL HAMI, NABIL HMINA, TOMADER MAZRI
Abstract: With recent advances in systems-of-systems, reliability analysis becomes a very challenging research topic. One of the most pressing issues is to figure out a plan to handle resilience. On this basis, we propose, in this paper, a structural deterministic approach to quantitatively measure systems resilience. This approach is based on a 3-step method. First, evaluate the functional dependencies between groups by considering a system-of-systems as a large-scale interconnected network of systems distributed into interdependent groups. This leads us to better understand the overall connections and process continuity. Next, analyse how much the global architecture of the system-of-systems depends on every group. Last, estimate its structural resilience by measuring the impact of each systems failure on the other systems forming the global system and building the process. Two case studies are provided to experiment our approach. The results are cross-compared and evaluated.
Keywords: Critical infrastructures; Criticality; Failure impact; Reliability; Resilience; Systems-of-systems.
A Critical Review on Cyber Security and Cyber Terrorism - Threats to Critical Infrastructure in Energy Sector
by Sampath Kumar Venkatachary, Jagdish Prasad, Ravi Samikannu
Abstract: Cyber terrorism and Cyber security are two synonyms. With advancement in ICT technologies and extensive use of it in ICS in energy sector, it has its pros and cons. Energy sector does an excellent job of managing risks facing their operations. However, cyber security and terrorism remains opaque and stubborn to monitor, manage, measure. It is critical that the environment for this be analyzed. In this paper two aspects of Cyber security and cyber terrorism is brought into limelight and discussed. The paper highlights different vectors, algorithms used as means for cyberattack from 2003 on Critical Systems and its impacts
Keywords: Systemic Cyber Event; Syntatic Attack,.
A Fire Management Decision Support Systems to Minimize Economic Losses: A Case Study in a Petrochemical Complex
by Khaled Alutaibi, Abdullah Alsubaie, Jose Marti
Abstract: Fires are very expensive to fight and may result in devastating human, economic, and environmental effects. Due to limited fire management resources and budget constraints, fire management becomes increasingly challenging. The increased interdependencies among existing infrastructure systems make economic losses induced by fires very severe and difficult to predict. Despite recent advances in fire management decision support systems (FMDSSs), economic analysis capabilities have not received enough attention in these systems. Efficient FMDSS incorporates economic considerations to determine optimal fire fighting tactics and strategies. This paper proposes an FMDSS for developing optimal fire management plans. The proposed system adopts the Cost-Plus-Net-Value Change (C + NV C) concept to evaluate the economic efficiency of the plans. In order to capture the net value change of goods and services due to fires, an infrastructure interdependency simulator (i2Sim) is used to incorporate the interaction among infrastructure systems. The proposed FMDSS is capable of developing long-term (strategic) plans and short-term (operational) plans. The applicability of the proposed system is demonstrated using a case study involving multiple fire incidents in a large petrochemical complex.
Keywords: economic efficiency; decision support systems; firernmanagement; critical infrastructures; interdependencies; firefighting;rnindustrial fires.
The impact of partial capacity reduction on network vulnerability against cascading failure
by Kashin Sugishita, Yasuo Asakura
Abstract: Recent natural and man-made disasters have revealed the inherent weakness in mutually dependent critical infrastructures. A potential risk in such complex systems is that an influence of failures in one system can propagate along dependency and multiple systems can be broken simultaneously. Hence it is important to understand risks hidden behind dependency. Under the background, we investigate the impact of partial capacity reduction on network vulnerability against cascading failure. This study demonstrates that the partial capacity reduction increases the vulnerability of the whole network and failures can spread out easily. We also show that how critical nodes whose removals bring about devastating damage on the whole network appear in a network. Our results indicate a possibility that nodes which are located not only inside but also outside of the area of the capacity reduction can turn into critical nodes.
Keywords: cascading failure; critical infrastructures; vulnerability; network risks; capacity reduction; dependency; complex networks.
Special Issue on: Cyber Security of Critical Infrastructures Recent Advances and Future Directions
On the Detection of Cyber-Events in the Grid Using PCA
by Nathan Wallace, Travis Atkison
Abstract: The emergence of cyber systems to the realm of physical control
is currently being seen in the control environment of the critical infrastructure
power grid. This research describes a possible way of detecting cyber-events
including malicious intrusions. Specifically the intrusion this work examines is
data manipulation or data injection. The detection mechanism used is based on
information retrieval and feature identification methods. Principal component
analysis, a type of feature identification method, is used to transform each
observed power system instance into a new dimensional space. In this new
space a detection metric is created based on the Hotelling T2 value along with a
probabilistic metric to classify instances that may contain malicious activity. An
experimental trusted model is derived based on a pseudo-random Monte-Carlo
simulation of the Newton-Raphson method for a 5-Bus power system.
Keywords: SCADA systems; Data security; Power system simulation.
A Security Architectural Pattern for Risk Management of Industry Control Systems within Critical National Infrastructure
by Andy Wood, Ying He, Leandros A. Maglaras, Helge Janicke
Abstract: SCADA and ICS security have been focusing on addressing issues such as vulnerability discovery and intrusion detection within critical national infrastructure. Less attention has been paid to architectural solutions to the cyber security risks from an information assurance perspective. Security controls are not always traced back to the business requirements. This paper presents a holistic end-to-end view of the requirements, medium to high severity risks and proposes a generic security architectural pattern to address them. The architectural pattern is developed based on the Sherwood Applied Business Security Architecture (SABSA) top two layers, contextual and conceptual, which are responsible for understanding the business requirements and development of a concept architecture and strategy. Moreover, this research is motivated by industrial practices and has reflected the recent changes of GCHQ's mission. This research also contributes to the SCADA/ICS risk assessment by deriving holistic sets of risk management and architectural design requirements for SCADA/ICS.
Keywords: Industry Control Systems; Critical National Infrastructure; Security Architectural Pattern; Risk Management; Business Requirements; SABSA.
Complex System Governance for Critical Cyber-Physical Systems
by Polinpapilinho Katina, Charles Keating, Adrian Gheorghe, Marcelo Masera
Abstract: In cyber-physical system (CPS), software components (i.e., computational elements) are tightly intertwined with physical entities to produce distinguishing behavioral modalities. CPS, as a field, is relatively new, emerging, and somewhat fragmented in development. There are multiple agencies, entities, and activities being undertaken to address a nexus of emerging issues including cyber-threats and attack in critical systems. However, the development of CPS, as a field, albeit with good intentions and efforts, appears to be largely self-organizing. In response, we suggest governance, as posited in Complex System Governance, as an organizing construct for critical cyber-physical systems to provide more cohesion. Complex System Governance (CSG) is focused on design, execution, and evolution of metasystem functions necessary to provide for communication, control, coordination, and integration (C3I) in CPS. First, we introduce the concept of critical CPS, emphasizing current domination of self-organization as the driving force in developing viable CPS. Second, a CSG model is introduced to suggest an alternative for more purposeful system design and evolution. The paper concludes implications for future research directions.
Keywords: Complex system governance; Critical infrastructures; Cyber-physical systems; Cybersecurity; Management cybernetics; Metasystem; Systems thinking.
A process-based dependency risk analysis methodology for Critical Infrastructures
by George Stergiopoulos, Vasilis Kouktzoglou, Marianthi Theocharidou, Dimitris Gritzalis
Abstract: This paper applies research in dependency modelling to a process-based risk assessment methodology suitable for critical infrastructures. The proposed methodology dynamically assesses the evolution of cascading failures over time between assets involved in a business process of an infrastructure. This approach can be applied by a CI operator/owner to explore how a failure in a single component (asset) affects the other assets and relevant business processes. It could also be applied in an analysis that includes multiple CI operators in the same supply chain to explore the dependencies between their assets and explore how these affect the provision of key societal services. The paper presents a proof-of-concept tool, based on business-process risk assessment and graph modelling, and a realistic case example of a rail scheduling process. The approach allows risk assessors and decision makers to analyze and identify critical dependency chains and it can reveal underestimated risks due to dependencies.
Keywords: Risk assessment; business process; asset; dependency; cascading failures; risk chains; likelihood; impact; critical infrastructure.
A two-factor key verification system focused on remote user for medical applications
by Trupil Limbasiya, Sachit Shivam
Abstract: Doctors can provide health care related treatments to users by using Telecare Medicine Information Systems (TMIS). To safeguard these systems, an appropriate security scheme for authentication plus key agreement is required conclusively. Recently in 2015, Arshad et al. revealed some flaws in Bin Muhaya's authentication and key agreement scheme and proposed an enhanced system on the same. However, we demonstrate that Arshad et al.'s scheme is susceptible to session key disclosure as well as user impersonation attacks. Moreover, in pursuance of better security, we introduce a new two-factor authentication and key agreement scheme.
Keywords: Authentication; Key agreement; Session Key; TMIS;.
PREEMPTIVE: an Integrated Approach to Intrusion Detection and Prevention in Industrial Control Systems
by Estefania Etcheves Miciolino, Federico Griscioli, Maurizio Pizzonia, Dario Di Noto
Abstract: Cyber-security of Industrial Control Systems (ICSs) is notoriously hard duernto the peculiar constraints of the specific context. At the same time, the use of specifically crafted malware to target ICSs is an established offensive mean for opposing organizations, groups, or countries. We provide an overview of the results attained by the Preemptive project to improve the cyber-security of ICSs. Preemptive devised several integrated tools for detection and prevention of intrusions in this context. It also provides a way to correlate many small events giving rise to more significant ones, as well as to show the whole cyber-security state to the user by means of specific Human-Machine Interfaces.
Keywords: cyber security; SCADA protection; ICS security; IDS; events correlation.
An Anatomy of Trust in Public Key Infrastructure
by Jingwei Huang, David Nicol
Abstract: Public Key Infrastructure (PKI) is a critical component of information infrastructure, which has strong impacts through cybersecurity to the whole system of interconnected independent critical infrastructures, particularly in the context of fast growth of Internet of Things, where traditional critical infrastructure systems are transforming into smart cyber-physical systems. PKI is a mechanism of trust to support identity authentication, digital certification, secure communication, and privilege authorization. In this paper, we investigate the trust mechanism used in PKIs, and we found that the major PKI specification documents do not precisely define what trust exactly means in PKIs, and there are implicit trust assumptions in the real practice of PKIs. Some assumptions may not be always true. Those implicit trust assumptions may cause different parties particularly relying parties to have different understanding about the meaning of certificates and trust; thus possibly causing misuse of trust. This paper attempts to have an in-depth analysis to PKI trust mechanism.
Keywords: Critical Infrastructures; Critical Information Infrastructure;
Cybersecurity; PKI; Trust; PKI Trust Mechanism.
Towards Effective Cyber Security Resource Allocation: The Monte Carlo Predictive Modelling Approach
by Tesleem Fagade, Konstantinos Maraslis, Theo Tryfonas
Abstract: Organisations invest in technical and procedural capabilities to ensure the confidentiality, integrity and availability of information assets and sustain business continuity at all times. However, given growing productive assets and limited protective security budgets, there is need for deliberate evaluation of information security investment. Optimal resource allocation to security is often affected by intrinsically uncertain variables and associated factors like technical, economical and psychological; therefore, security expenditure is a crucial resource allocation decision. In spite of that, security managers and business owners are often incentivised by different drivers on whether to allocate optimal resources to cyber-specific security protective assets, or other business productive assets. Hence, there is disparity of opinion in resource allocation decisions. We explored how Monte Carlo predictive simulation model can be used within the context of Information Technology to reduce these disparities. Using a conceptual enterprise as a case study and verifiable historical cost of security breaches as parametric values, our model shows why using conventional risk assessment approach as budgeting process can result in significant over/under allocation of resources for cyber capabilities. Our model can serve as a benchmark for policy and decision support to aid stakeholders in optimizing resource allocation for cyber security investments.
Keywords: Information Security; risk assessment; Resource allocation; Monte-Carlo simulation; Security investment decision.