research-article

A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures

Authors:

Piroska HallerAuthors Info & Claims

International Journal of Critical Infrastructure Protection, Volume 10, Issue C

Pages 3 - 17

https://doi.org/10.1016/j.ijcip.2015.04.001

Published: 01 September 2015 Publication History

Abstract

The massive proliferation of information and communications technologies (hardware and software) into the heart of modern critical infrastructures has given birth to a unique technological ecosystem. Despite the many advantages brought about by modern information and communications technologies, the shift from isolated environments to "systems-of-systems" integrated with massive information and communications infrastructures (e.g., the Internet) exposes critical infrastructures to significant cyber threats. Therefore, it is imperative to develop approaches for identifying and ranking assets in complex, large-scale and heterogeneous critical infrastructures. To address these challenges, this paper proposes a novel methodology for assessing the impacts of cyber attacks on critical infrastructures. The methodology is inspired by research in system dynamics and sensitivity analysis. The proposed behavioral analysis methodology computes the covariances of the observed variables before and after the execution of a specific intervention involving the control variables. Metrics are proposed for quantifying the significance of control variables and measuring the impact propagation of cyber attacks.Experiments conducted on the IEEE 14-bus and IEEE 300-bus electric grid models, and on the well-known Tennessee Eastman chemical process demonstrate the efficiency, scalability and cross-sector applicability of the proposed methodology in several attack scenarios. The advantages of the methodology over graph-theoretic and electrical centrality metric approaches are demonstrated using several test cases. Finally, a novel, stealthy cyber-physical attack is demonstrated against a simulated power grid; this attack can be used to analyze the precision of anomaly detection systems.

References

[1]

E. Bilis, W. Kroger and C. Nan, Performance of electric power systems under physical malicious attacks, IEEE Systems Journal, vol. 7(4), pp. 854-865, 2013.

[2]

J. Brandt, Electric grid facing security threats from all sides, Smart Grid News (www.smartgridnews.com/story/electric-grid-facing-security-threats-all-sides/2014-09-03), September 3, 2014.

[3]

A. Cardenas, S. Amin, Z. Lin, Y. Huang, C. Huang and S. Sastry, Attacks against process control systems: Risk assessment, detection and response, Proceedings of the Sixth ACM Symposium on Information, Computer and Communications Security, pp. 355-366, 2011.

Digital Library

[4]

T. Chen and S. Abu-Nimeh, Lessons from Stuxnet, IEEE Computer, vol. 44(4), pp. 91-93, 2011.

Digital Library

[5]

G. Correa-Henao, J. Yusta and R. Lacal-Arantegui, Using interconnected risk maps to assess the threats faced by electricity infrastructures, International Journal of Critical Infrastructure Protection, vol. 6(3-4), pp. 197-216, 2013.

[6]

E. Cotilla-Sanchez, P. Hines, C. Barrows and S. Blumsack, Comparing the topological and electrical structure of the North American electric power infrastructure, IEEE Systems Journal, vol. 6(4), pp. 616-626, 2012.

[7]

J. Downs and E. Vogel, A plant-wide industrial process control problem, Computers and Chemical Engineering, vol. 17(3), pp. 245-255, 1993.

[8]

R. Filippini and A. Silva, A modeling framework for the resilience analysis of networked systems-of-systems based on functional dependencies, Reliability Engineering and Systems Safety, vol. 125, pp. 82-91, 2014.

[9]

D. Ford, A behavioral approach to feedback loop dominance analysis, System Dynamics Review, vol. 15(1), pp. 3-36, 1999.

[10]

J. Forrester, Counterintuitive behavior of social systems, Theory and Decision, vol. 2(2), pp. 109-140, 1971.

[11]

B. Galloway and G. Hancke, Introduction to industrial control networks, IEEE Communications Surveys and Tutorials, vol. 15(2), pp. 860-880, 2013.

[12]

B. Genge and C. Siaterlis, Analysis of the effects of distributed denial-of-service attacks on MPLS networks, International Journal of Critical Infrastructure Protection, vol. 6(2), pp. 87-95, 2013.

[13]

B. Genge and C. Siaterlis, Physical process resilience-aware network design for SCADA systems, Computers and Electrical Engineering, vol. 40(1), pp. 142-157, 2014.

Digital Library

[14]

A. Giani, R. Bent and F. Pan, Phasor measurement unit selection for unobservable electric power data integrity attack detection, International Journal of Critical Infrastructure Protection, vol. 7(3), pp. 155-164, 2014.

[15]

M. Hagerott, Stuxnet and the vital role of critical infrastructure operators and engineers, International Journal of Critical Infrastructure Protection, vol. 7(4), pp. 244-246, 2014.

Digital Library

[16]

P. Hines, E. Cotilla-Sanchez and S. Blumsack, Do topological models provide good information about electricity infrastructure vulnerability? Chaos, vol. 20(3), article no. 033122, 2010.

[17]

J. Huang, E. Howley and J. Duggan, The Ford method: A sensitivity analysis approach, Proceedings of the Twenty-Seventh International Conference of the System Dynamics Society, 2009.

[18]

IEEE Test Systems Task Force, 300 Bus Power Flow Test Case, Department of Electrical Engineering, University of Washington, Seattle, Washington (www.ee.washington.edu/research/pstca/pf300/pg_tca300bus.htm), 1993.

[19]

M. Krotofil, A. Cardenas, J. Larsen and D. Gollmann, Vulnerabilities of cyber-physical systems to stale data - Determining the optimal time to launch attacks, International Journal of Critical Infrastructure Protection, vol. 7(4), pp. 213-232, 2014.

Digital Library

[20]

D. Kundur, X. Feng, S. Liu, T. Zourntos and K. Butler-Purry, Towards a framework for cyber attack impact analysis of the electric smart grid, Proceedings of the First IEEE International Conference on Smart Grid Communications, pp. 244-249, 2010.

[21]

H. MacKenzie, How Dragonfly hackers and RAT malware threaten ICS security, Belden Industrial Security Blog (www.belden.com/blog/industrialsecurity/How-Dragonfly-Hackers-and-RAT-Malware-Threaten-ICS-Security.cfm), September 15, 2014.

[22]

F. Milano, An open source power system analysis toolbox, IEEE Transactions on Power Systems, vol. 20(3), pp. 1199-1206, 2005.

[23]

F. Milano and M. Anghel, Impact of time delays on power system stability, IEEE Transactions on Circuits and Systems I: Fundamental Theory and Applications, vol. 59(4), pp. 889-900, 2012.

[24]

N. Ricker, Decentralized control of the Tennessee Eastman challenge process, Journal of Process Control, vol. 6(4), pp. 205-221, 1996.

[25]

K. Sgouras, A. Birda and D. Labridis, Cyber attack impact on critical smart grid infrastructures, Proceedings of the Innovative Smart Grid Technologies Conference, 2014.

[26]

S. Sridhar and M. Govindarasu, Model-based attack detection and mitigation for automatic generation control, IEEE Transactions on Smart Grid, vol. 5(2), pp. 580-591, 2014.

[27]

K. Stouffer, S. Lightman, V. Pillitteri, M. Abrams and A. Hahn, Guide to Industrial Control Systems (ICS) Security, NIST Special Publication 800-82, Revision 2 Final Public Draft, National Institute of Standards and Technology, Gaithersburg, Maryland, 2015.

[28]

Symantec, Dragonfly: Cyberespionage Attacks Against Energy Suppliers, version 1.21, Mountain View, California, 2014.

[29]

Z. Wang, A. Scaglione and R. Thomas, Electrical centrality measures for electric power grid vulnerability analysis, Proceedings of the Forty-Ninth IEEE Conference on Decision and Control, pp. 5792-5797, 2010.

[30]

Z. Wang, A. Scaglione and R. Thomas, Generating statistically correct random topologies for testing smart grid communications and control networks, IEEE Transactions on Smart Grid, vol. 1(1), pp. 28-39, 2010.

Cited By

Dasgupta RPramanik MMitra PChowdhury D(2024)Intrusion detection for power grid: a reviewInternational Journal of Information Security10.1007/s10207-023-00789-623:2(1317-1329)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1007/s10207-023-00789-6
Kim AOh JKwon KLee K(2022)Consider the ConsequencesSecurity and Communication Networks10.1155/2022/34556472022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/3455647
Carvalho OApolinário FEscravana NRibeiro CHong JBures MPark JCerny T(2022)CIIAProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507313(124-132)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3507313
Show More Cited By

Recommendations

Critical Infrastructures: IT Security and Threats from Private Sector Ownership

The critical infrastructures of industrialized countries depend on an interconnected “system of systems” that physically spans the globe and exists virtually everywhere. Often, the governments and industries responsible for the critical infrastructures ...
Mixed Holistic Reductionistic Approach for Impact Assessment of Cyber Attacks
EISIC '12: Proceedings of the 2012 European Intelligence and Security Informatics Conference

Recently issues about cyber-war have gained relevant attention, especially because of gravity of damages that could be caused by cyber attacks to strategic targets, mining security of citizens. Examples of targets might include national civil and ...
Government regulations in cyber security: Framework, standards and recommendations
Abstract
Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights
- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...

Comments

Information & Contributors

Information

Published In

cover image International Journal of Critical Infrastructure Protection

International Journal of Critical Infrastructure Protection Volume 10, Issue C

September 2015

71 pages

ISSN:1874-5482

Issue’s Table of Contents

Copyright © Elsevier B.V.

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 01 September 2015

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Dasgupta RPramanik MMitra PChowdhury D(2024)Intrusion detection for power grid: a reviewInternational Journal of Information Security10.1007/s10207-023-00789-623:2(1317-1329)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1007/s10207-023-00789-6
Kim AOh JKwon KLee K(2022)Consider the ConsequencesSecurity and Communication Networks10.1155/2022/34556472022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/3455647
Carvalho OApolinário FEscravana NRibeiro CHong JBures MPark JCerny T(2022)CIIAProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507313(124-132)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3507313
Hau ZCastellanos JZhou JKatsikas SAlcaraz C(2020)Evaluating Cascading Impact of Attacks on Resilience of Industrial Control Systems: A Design-Centric Modeling ApproachProceedings of the 6th ACM on Cyber-Physical System Security Workshop10.1145/3384941.3409587(42-53)Online publication date: 6-Oct-2020
https://dl.acm.org/doi/10.1145/3384941.3409587
Lanotte RMerro MMunteanu AViganò L(2020)A Formal Approach to Physics-based Attacks in Cyber-physical SystemsACM Transactions on Privacy and Security10.1145/337327023:1(1-41)Online publication date: 5-Feb-2020
https://dl.acm.org/doi/10.1145/3373270
Köpke CSrivastava KKönig LMiller NFehling-Kaschek MBurke KMangini MPraça ICanito ACarvalho OApolinário FEscravana NCarstengerdes NStelkens-Kobsch T(2020)Impact Propagation in Airport SystemsCyber-Physical Security for Critical Infrastructures Protection10.1007/978-3-030-69781-5_13(191-206)Online publication date: 18-Sep-2020
https://dl.acm.org/doi/10.1007/978-3-030-69781-5_13
Ghose NLazos LRozenblit JBreiger R(2019)Multimodal graph analysis of cyber attacksProceedings of the Annual Simulation Symposium10.5555/3338027.3338044(1-12)Online publication date: 29-Apr-2019
https://dl.acm.org/doi/10.5555/3338027.3338044
Esquivel-Vargas HCaselli MTews EBucur DPeter A(2019)BACRank: Ranking Building Automation and Control System Components by Business Continuity ImpactComputer Safety, Reliability, and Security10.1007/978-3-030-26601-1_13(183-199)Online publication date: 10-Sep-2019
https://dl.acm.org/doi/10.1007/978-3-030-26601-1_13
Rao NMa CHe F(2018)Defense Strategies for Multi-Site Cloud Computing Server InfrastructuresProceedings of the 19th International Conference on Distributed Computing and Networking10.1145/3154273.3154344(1-9)Online publication date: 4-Jan-2018
https://dl.acm.org/doi/10.1145/3154273.3154344
Rubio‐Hernan JDe Cicco LGarcia‐Alfaro J(2018)Adaptive control‐theoretic detection of integrity attacks against cyber‐physical industrial systemsTransactions on Emerging Telecommunications Technologies10.1002/ett.320929:7Online publication date: 9-Jul-2018
https://dl.acm.org/doi/10.1002/ett.3209
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents