Abstract
Nowadays, critical infrastructures operate a large number of highly interdependent, cyber-physical systems. Thus, incidents can have far-reaching cascading effects throughout the entire infrastructure, which need to be identified and estimated to realize a proper risk management. In this paper, we present a formal model to describe the propagation of a threat through the various physical and cyber assets within a critical infrastructure and the cascading effects this has on the entire infrastructure. We further show, how this model can be implemented into a prototypical tool, which allows to efficiently simulate the cascading effects of a given incident on the entire network of the infrastructure’s cyber-physical assets. The functionalities of the tool are demonstrated using a small demo set-up of a maritime port infrastructure. In this set-up, four incident scenarios both from the physical and cyber domain are simulated and the results are discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Online available at https://atlas.ait.ac.at/sauron.
References
Bañuls, V.A., Turoff, M.: Scenario construction via delphi and cross-impact analysis. Technol. Forecast. Soc. Change 78(9), 1579–1602 (2011)
BBC News: NHS cyber-attack: GPs and hospitals hit by ransomware (2017). http://www.bbc.com/news/health-39899646
Bilis, E.I., Kroger, W., Nan, C.: Performance of electric power systems under physical malicious attacks. IEEE Syst. J. 7(4), 854–865 (2013)
Burnap, P., Cherdantseva, Y., Blyth, A., Eden, P., Jones, K., Soulsby, H., Stoddart, K.: Determining and sharing risk data in distributed interdependent systems. IEEE Comput. 50(2), 72–79 (2017)
Carreras, B.A., Newman, D.E., Gradney, P., Lynch, V.E., Dobson, I.: Interdependent risk in interacting infrastructure systems. In: 40th Annual Hawaii International Conference on System Sciences, 2007, HICSS 2007, pp. 112–112 (2007)
Cimpanu, C.: Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack (2018). https://www.bleepingcomputer.com/news/security/maersk-reinstalled-45-000-pcs-and-4-000-servers-to-recover-from-notpetya-attack/
Condliffe, J.: Ukraine’s power grid gets hacked again, a worrying sign for infrastructure attacks (2016). https://www.technologyreview.com/s/603262/ukraines-power-grid-gets-hacked-again-a-worrying-sign-for-infrastructure-attacks/
E-ISAC: Analysis of the Cyber Attack on the Ukrainian Power Grid. Technical report, E-ISAC, Washington, USA (2016). https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf
Gordon, T., Hayward, H.: Initial experiments with the cross impact matrix method of forecasting. Futures 1(2), 100–116 (1968)
Guo, H., Zheng, C., Iu, H.H.C., Fernando, T.: A critical review of cascading failure analysis and modeling of power system. Renew. Sustain. Energy Rev. 80, 9–22 (2017)
Hasan, S., Foliente, G.: Modeling infrastructure system interdependencies and socioeconomic impacts of failure in extreme events: emerging R&D challenges. Nat. Hazards: J. Int. Soc. Prev. Mitig. Nat. Hazards 78(3), 2143–2168 (2015)
Heinrich-Heine-Universität Düsseldorf: G*power: Statistical power analyses for windows and mac. http://www.psychologie.hhu.de/arbeitsgruppen/allgemeine-psychologie-und-arbeitspsychologie/gpower.html. Accessed 21 Aug 2019
Koc, Y., Warnier, M., Kooij, R.E., Brazier, F.M.T.: A robustness metric for cascading failures by targeted attacks in power networks. In: 2013 10th IEEE International Conference on Networking, Sensing and Control (ICNSC). IEEE (2013)
König, S., Rass, S.: Investigating stochastic dependencies between critical infrastructures. Int. J. Adv. Syst. Meas. 11(3&4), 250–258 (2018)
König, S., Rass, S., Rainer, B., Schauer, S.: Hybrid dependencies between cyber and physical systems. In: Arai, K., Bhatia, R., Kapoor, S. (eds.) CompCom 2019. AISC, vol. 998, pp. 550–565. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22868-2_40
König, S., Schauer, S., Rass, S.: A stochastic framework for prediction of malware spreading in heterogeneous networks. In: Brumley, B.B., Röning, J. (eds.) NordSec 2016. LNCS, vol. 10014, pp. 67–81. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47560-8_5
Kotzanikolaou, P., Theoharidou, M., Gritzalis, D.: Cascading effects of common-cause failures in critical infrastructures. In: Butts, J., Shenoi, S. (eds.) Critical Infrastructure Protection VII, pp. 171–182. Springer, Berlin Heidelberg, Berlin, Heidelberg (2013). https://doi.org/10.1007/978-3-642-45330-4_12
Laprie, J.-C., Kanoun, K., Kaâniche, M.: Modelling interdependencies between the electricity and information infrastructures. In: Saglietti, F., Oster, N. (eds.) SAFECOMP 2007. LNCS, vol. 4680, pp. 54–67. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75101-4_5
Little, R.G.: Controlling cascading failure: understanding the vulnerabilities of interconnected infrastructures. J. Urban Technol. 9(1), 109–123 (2002)
Luiijf, E., Nieuwenhuijs, A., Klaver, M., van Eeten, M., Cruz, E.: Empirical findings on critical infrastructure dependencies in Europe. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 302–310. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03552-4_28
McGee, S., Frittman, J., James Ahn, S., Murray, S.: Implications of cascading effects for the hyogo framework. Int. J. Disaster Resilience Built Environ. 7, 144–157 (2016)
Ouyang, M.: Review on modeling and simulation of interdependent critical infrastructure systems. Reliab. Eng. Syst. Saf. 121, 43–60 (2014)
Pagani, G.A., Aiello, M.: The power grid as a complex network: a survey. Phys. A: Stat. Mech. Appl. 392(11), 2688–2700 (2013)
Plummer, M., Best, N., Cowles, K., Vines, K.: Coda: Convergence diagnosis and output analysis for MCMC. R News 6(1), 7–11 (2006). https://journal.r-project.org/archive/
PTI: New malware hits JNPT operations as APM Terminals hacked globally | The Indian Express (2017). http://indianexpress.com/article/india/cyber-attack-new-malware-hits-jnpt-ops-as-apm-terminals-hacked-globally-4725102/
Qi, J., Dobson, I., Mei, S.: Towards estimating the statistics of simulated cascades of outages with branching processes. IEEE Trans. Power Syst. 28(3), 3410–3419 (2013)
Rahnamay-Naeini, M., Hayat, M.M.: Cascading failures in interdependent infrastructures: an interdependent markov-chain approach. IEEE Trans. Smart Grid 7(4), 1997–2006 (2016)
Rahnamay-Naeini, M., Wang, Z., Ghani, N., Mammoli, A., Hayat, M.M.: Stochastic analysis of cascading-failure dynamics in power grids. IEEE Trans. Power Syst. 29(4), 1767–1779 (2014)
Schauer, S., Rainer, B., Museux, N., Faure, D., Hingant, J., Rodrigo, F.J.C., Beyer, S., Peris, R.C., Lopez, S.Z.: Conceptual Framework for Hybrid Situational Awareness in Critical Port Infrastructures. In: Luiijf, E., Zutautaite, I., Hämmerli, B.M. (eds.) Critical Information Infrastructures Security, pp. 191–203. Springer International Publishing, Lecture Notes in Computer Science (2019). https://doi.org/10.1007/978-3-030-05849-4_15
Seppänen, H., Luokkala, P., Zhang, Z., Torkki, P., Virrantaus, K.: Critical infrastructure vulnerability—a method for identifying the infrastructure service failure interdependencies. IJCIP 22, 25–38 (2018)
Vasilevskaya, M., Nadjm-Tehrani, S.: Quantifying risks to data assets using formal metrics in embedded system design. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9337, pp. 347–361. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24255-2_25
Wang, Z., Scaglione, A., Thomas, R.J.: A Markov-transition model for cascading failures in power grids. In: 2012 45th Hawaii International Conference on System Sciences, IEEE (2012)
Wu, S.J., Chu, M.T.: Markov chains with memory, tensor formulation, and the dynamics of power iteration. Appl. Math. Comput. 303(C), 226–239 (2017)
Acknowledgement
This work was supported by the European Commission’s Project SAURON (Scalable multidimensional situation awareness solution for protecting European ports) under the HORIZON 2020 Framework (Grant No. 740477).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Schauer, S., Grafenauer, T., König, S., Warum, M., Rass, S. (2020). Estimating Cascading Effects in Cyber-Physical Critical Infrastructures. In: Nadjm-Tehrani, S. (eds) Critical Information Infrastructures Security. CRITIS 2019. Lecture Notes in Computer Science(), vol 11777. Springer, Cham. https://doi.org/10.1007/978-3-030-37670-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-37670-3_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37669-7
Online ISBN: 978-3-030-37670-3
eBook Packages: Computer ScienceComputer Science (R0)