Abstract
Considerable research has focused on securing SCADA systems and the physical processes they control, but an effective framework for the real-time impact assessment of cyber attacks on SCADA systems is not yet available. This paper attempts to address the problem by proposing an innovative framework based on the mixed holistic reductionist methodology. The framework supports real-time impact assessments that take into account the interdependencies existing between critical infrastructures that are supervised and controlled by SCADA systems. Holistic and reductionist approaches are complementary approaches that support situation assessment and evaluations of the risk and consequences arising from infrastructure interdependencies. The application of the framework to a sample scenario on a realistic testbed demonstrates the effectiveness of the framework for risk and impact assessments.
Chapter PDF
Similar content being viewed by others
References
N. Collier, RePast: An extensible framework for agent simulation, Natural Resources and Environmental Issues, vol. 8(1), article no. 4, 2001.
S. De Porcellinis, G. Oliva, S. Panzieri and R. Setola, A holistic-reductionistic approach for modeling interdependencies, in Critical Infrastructure Protection III, C. Palmer and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 215–227, 2009.
S. De Porcellinis, S. Panzieri and R. Setola, Modeling critical infrastructure via a mixed holistic reductionistic approach, International Journal of Critical Infrastructures, vol. 5(1/2), pp. 86–99, 2009.
S. De Porcellinis, S. Panzieri, R. Setola and G. Ulivi, Simulation of heterogeneous and interdependent critical infrastructures, International Journal of Critical Infrastructures, vol. 4(1/2), pp. 110–128, 2008.
G. Digioia, C. Foglietta, S. Panzieri and A. Falleni, Mixed holistic reductionistic approach for impact assessment of cyber attacks, Proceedings of the European Intelligence and Security Informatics Conference, pp. 123–130, 2012.
B. Ezell, Y. Haimes and J. Lambert, Risks of cyber attack to water utility supervisory control and data acquisition (SCADA) systems, Military Operations Research, vol. 6(2), pp. 23–33, 2001.
N. Falliere, L. O’Murchu and E. Chien, W32.Stuxnet Dossier, Symantec, Mountain View, California, 2011.
C. Foglietta, G. Oliva and S. Panzieri, Online distributed evaluation of interdependent critical infrastructures, in Nonlinear Estimation and Applications to Industrial Systems Control, G. Rigatos (Ed.), Nova Science, New York, pp. 89–120, 2012.
W. Gao, T. Morris, B. Reaves and D. Richey, On SCADA control system command and response injection and intrusion detection, Proceedings of the eCrime Researchers Summit, 2010.
B. Genge, I. Nai Fovino, C. Siaterlis and M. Masera, Analyzing cyber-physical attacks on networked industrial control systems, in Critical Infrastructure Protection V, J. Butts and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 167–183, 2011.
A. Ghorbani and E. Bagheri, The state of the art in critical infrastructure protection: A framework for convergence, International Journal of Critical Infrastructures, vol. 4(3), pp. 215–244, 2008.
D. Gianni, Bringing discrete event simulation concepts into multi-agent systems, Proceedings of the Tenth International Conference on Computer Modeling and Simulation, pp. 186–191, 2008.
Y. Haimes and D. Li, A hierarchical-multiobjective framework for risk management, Automatica, vol. 27(3), pp. 579–584, 1991.
M. McDonald, G. Conrad, T. Service and R. Cassidy, Cyber Effects Analysis Using VCSE, Promoting Control System Reliability, Sandia Report SAND2008-5954, Sandia National Laboratories, Albuquerque, New Mexico, 2008.
A. Nieuwenhuijs, E. Luiijf and M. Klaver, Modeling dependencies in critical infrastructures, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Boston, Massachusetts, pp. 205–213, 2008.
C. Queiroz, A. Mahmood, J. Hu, Z. Tari and X. Yu, Building a SCADA security testbed, Proceedings of the Third International Conference on Network and System Security, pp. 357–364, 2009.
H. Rahman, M. Armstrong, D. Mao and J. Marti, I2Sim: A matrix-partition based framework for critical infrastructure interdependencies simulation, Proceedings of the Electric Power and Energy Conference, 2008.
The CockpitCI Project, CockpitCI, Selex Systems Integration, Rome, Italy ( www.cockpitci.eu ).
The Ettercap Project, Ettercap ( ettercap.github.io/ettercap ).
The MICIE Project, MICIE, Selex Communications, Rome, Italy ( www.micie.eu ).
S. Tisue and Wilensky, Netlogo: A simple environment for modeling complexity, presented at the International Conference on Complex Systems, 2004.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Di Pietro, A., Foglietta, C., Palmieri, S., Panzieri, S. (2013). Assessing the Impact of Cyber Attacks on Interdependent Physical Systems. In: Butts, J., Shenoi, S. (eds) Critical Infrastructure Protection VII. ICCIP 2013. IFIP Advances in Information and Communication Technology, vol 417. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-45330-4_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-45330-4_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-45329-8
Online ISBN: 978-3-642-45330-4
eBook Packages: Computer ScienceComputer Science (R0)