Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1007/978-3-030-37670-3_4guideproceedingsArticle/Chapter ViewAbstractPublication PagesConference Proceedingsacm-pubtype
Article

Estimating Cascading Effects in Cyber-Physical Critical Infrastructures

Published: 23 September 2019 Publication History

Abstract

Nowadays, critical infrastructures operate a large number of highly interdependent, cyber-physical systems. Thus, incidents can have far-reaching cascading effects throughout the entire infrastructure, which need to be identified and estimated to realize a proper risk management. In this paper, we present a formal model to describe the propagation of a threat through the various physical and cyber assets within a critical infrastructure and the cascading effects this has on the entire infrastructure. We further show, how this model can be implemented into a prototypical tool, which allows to efficiently simulate the cascading effects of a given incident on the entire network of the infrastructure’s cyber-physical assets. The functionalities of the tool are demonstrated using a small demo set-up of a maritime port infrastructure. In this set-up, four incident scenarios both from the physical and cyber domain are simulated and the results are discussed.

References

[1]
Bañuls VA and Turoff M Scenario construction via delphi and cross-impact analysis Technol. Forecast. Soc. Change 2011 78 9 1579-1602
[2]
BBC News: NHS cyber-attack: GPs and hospitals hit by ransomware (2017). http://www.bbc.com/news/health-39899646
[3]
Bilis EI, Kroger W, and Nan C Performance of electric power systems under physical malicious attacks IEEE Syst. J. 2013 7 4 854-865
[4]
Burnap P, Cherdantseva Y, Blyth A, Eden P, Jones K, Soulsby H, and Stoddart K Determining and sharing risk data in distributed interdependent systems IEEE Comput. 2017 50 2 72-79
[5]
Carreras, B.A., Newman, D.E., Gradney, P., Lynch, V.E., Dobson, I.: Interdependent risk in interacting infrastructure systems. In: 40th Annual Hawaii International Conference on System Sciences, 2007, HICSS 2007, pp. 112–112 (2007)
[6]
Cimpanu, C.: Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack (2018). https://www.bleepingcomputer.com/news/security/maersk-reinstalled-45-000-pcs-and-4-000-servers-to-recover-from-notpetya-attack/
[7]
Condliffe, J.: Ukraine’s power grid gets hacked again, a worrying sign for infrastructure attacks (2016). https://www.technologyreview.com/s/603262/ukraines-power-grid-gets-hacked-again-a-worrying-sign-for-infrastructure-attacks/
[8]
E-ISAC: Analysis of the Cyber Attack on the Ukrainian Power Grid. Technical report, E-ISAC, Washington, USA (2016). https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf
[9]
Gordon T and Hayward H Initial experiments with the cross impact matrix method of forecasting Futures 1968 1 2 100-116
[10]
Guo H, Zheng C, Iu HHC, and Fernando T A critical review of cascading failure analysis and modeling of power system Renew. Sustain. Energy Rev. 2017 80 9-22
[11]
Hasan S and Foliente G Modeling infrastructure system interdependencies and socioeconomic impacts of failure in extreme events: emerging R&D challenges Nat. Hazards: J. Int. Soc. Prev. Mitig. Nat. Hazards 2015 78 3 2143-2168
[12]
Heinrich-Heine-Universität Düsseldorf: G*power: Statistical power analyses for windows and mac. http://www.psychologie.hhu.de/arbeitsgruppen/allgemeine-psychologie-und-arbeitspsychologie/gpower.html. Accessed 21 Aug 2019
[13]
Koc, Y., Warnier, M., Kooij, R.E., Brazier, F.M.T.: A robustness metric for cascading failures by targeted attacks in power networks. In: 2013 10th IEEE International Conference on Networking, Sensing and Control (ICNSC). IEEE (2013)
[14]
König S and Rass S Investigating stochastic dependencies between critical infrastructures Int. J. Adv. Syst. Meas. 2018 11 3&4 250-258
[15]
König S, Rass S, Rainer B, and Schauer S Arai K, Bhatia R, and Kapoor S Hybrid dependencies between cyber and physical systems Intelligent Computing 2019 Cham Springer 550-565
[16]
König S, Schauer S, and Rass S Brumley BB and Röning J A stochastic framework for prediction of malware spreading in heterogeneous networks Secure IT Systems 2016 Cham Springer 67-81
[17]
Kotzanikolaou P, Theoharidou M, and Gritzalis D Butts J and Shenoi S Cascading effects of common-cause failures in critical infrastructures Critical Infrastructure Protection VII 2013 Berlin Heidelberg, Berlin, Heidelberg Springer 171-182
[18]
Laprie J-C, Kanoun K, and Kaâniche M Saglietti F and Oster N Modelling interdependencies between the electricity and information infrastructures Computer Safety, Reliability, and Security 2007 Heidelberg Springer 54-67
[19]
Little RG Controlling cascading failure: understanding the vulnerabilities of interconnected infrastructures J. Urban Technol. 2002 9 1 109-123
[20]
Luiijf E, Nieuwenhuijs A, Klaver M, van Eeten M, and Cruz E Setola R and Geretshuber S Empirical findings on critical infrastructure dependencies in Europe Critical Information Infrastructure Security 2009 Heidelberg Springer 302-310
[21]
McGee S, Frittman J, James Ahn S, and Murray S Implications of cascading effects for the hyogo framework Int. J. Disaster Resilience Built Environ. 2016 7 144-157
[22]
Ouyang M Review on modeling and simulation of interdependent critical infrastructure systems Reliab. Eng. Syst. Saf. 2014 121 43-60
[23]
Pagani GA and Aiello MThe power grid as a complex network: a surveyPhys. A: Stat. Mech. Appl.2013392112688-27003043171
[24]
Plummer, M., Best, N., Cowles, K., Vines, K.: Coda: Convergence diagnosis and output analysis for MCMC. R News 6(1), 7–11 (2006). https://journal.r-project.org/archive/
[25]
PTI: New malware hits JNPT operations as APM Terminals hacked globally | The Indian Express (2017). http://indianexpress.com/article/india/cyber-attack-new-malware-hits-jnpt-ops-as-apm-terminals-hacked-globally-4725102/
[26]
Qi J, Dobson I, and Mei S Towards estimating the statistics of simulated cascades of outages with branching processes IEEE Trans. Power Syst. 2013 28 3 3410-3419
[27]
Rahnamay-Naeini M and Hayat MM Cascading failures in interdependent infrastructures: an interdependent markov-chain approach IEEE Trans. Smart Grid 2016 7 4 1997-2006
[28]
Rahnamay-Naeini M, Wang Z, Ghani N, Mammoli A, and Hayat MM Stochastic analysis of cascading-failure dynamics in power grids IEEE Trans. Power Syst. 2014 29 4 1767-1779
[29]
Schauer S, Rainer B, Museux N, Faure D, Hingant J, Rodrigo FJC, Beyer S, Peris RC, and Lopez SZ Luiijf E, Zutautaite I, and Hämmerli BM Conceptual Framework for Hybrid Situational Awareness in Critical Port Infrastructures Critical Information Infrastructures Security 2019 Lecture Notes in Computer Science Springer International Publishing 191-203
[30]
Seppänen H, Luokkala P, Zhang Z, Torkki P, and Virrantaus K Critical infrastructure vulnerability—a method for identifying the infrastructure service failure interdependencies IJCIP 2018 22 25-38
[31]
Vasilevskaya M and Nadjm-Tehrani S Koornneef F and van Gulijk C Quantifying risks to data assets using formal metrics in embedded system design Computer Safety, Reliability, and Security 2015 Cham Springer 347-361
[32]
Wang, Z., Scaglione, A., Thomas, R.J.: A Markov-transition model for cascading failures in power grids. In: 2012 45th Hawaii International Conference on System Sciences, IEEE (2012)
[33]
Wu SJ and Chu MTMarkov chains with memory, tensor formulation, and the dynamics of power iterationAppl. Math. Comput.2017303C226-23936079191411.60129

Cited By

View all
  • (2024)The PRECINCT Ecosystem Platform for Critical Infrastructure Protection: Architecture, Deployment and TransferabilityProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670437(1-8)Online publication date: 30-Jul-2024
  • (2023)The DYNABIC approach to resilience of critical infrastructuresProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605055(1-8)Online publication date: 29-Aug-2023
  • (2021)A Semantic-Based Approach for Assessing the Impact of Cyber-Physical Attacks: A Healthcare Infrastructure Use CaseGraph-Based Representation and Reasoning10.1007/978-3-030-86982-3_16(208-215)Online publication date: 20-Sep-2021
  • Show More Cited By

Index Terms

  1. Estimating Cascading Effects in Cyber-Physical Critical Infrastructures
        Index terms have been assigned to the content through auto-classification.

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image Guide Proceedings
        Critical Information Infrastructures Security: 14th International Conference, CRITIS 2019, Linköping, Sweden, September 23–25, 2019, Revised Selected Papers
        Sep 2019
        213 pages
        ISBN:978-3-030-37669-7
        DOI:10.1007/978-3-030-37670-3

        Publisher

        Springer-Verlag

        Berlin, Heidelberg

        Publication History

        Published: 23 September 2019

        Author Tags

        1. Threat propagation
        2. Cascading effects
        3. Simulation framework
        4. Risk estimation

        Qualifiers

        • Article

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)0
        • Downloads (Last 6 weeks)0
        Reflects downloads up to 28 Dec 2024

        Other Metrics

        Citations

        Cited By

        View all
        • (2024)The PRECINCT Ecosystem Platform for Critical Infrastructure Protection: Architecture, Deployment and TransferabilityProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670437(1-8)Online publication date: 30-Jul-2024
        • (2023)The DYNABIC approach to resilience of critical infrastructuresProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605055(1-8)Online publication date: 29-Aug-2023
        • (2021)A Semantic-Based Approach for Assessing the Impact of Cyber-Physical Attacks: A Healthcare Infrastructure Use CaseGraph-Based Representation and Reasoning10.1007/978-3-030-86982-3_16(208-215)Online publication date: 20-Sep-2021
        • (2021)SafecareOnto: A Cyber-Physical Security Ontology for Healthcare SystemsDatabase and Expert Systems Applications10.1007/978-3-030-86475-0_3(22-34)Online publication date: 27-Sep-2021

        View Options

        View options

        Media

        Figures

        Other

        Tables

        Share

        Share

        Share this Publication link

        Share on social media