Cyber Risk Analysis of Critical Information Infrastructure

Abstract

Cyber-Physical Security (CPS) of critical infrastructure comprises of securing interacting digital, analog, physical, and human components engineering for functioning in an integrated manner (E.g. ADMS/ SCADA, Smart Meters, Field Force Automation devices, etc.). These solutions are required to be exposed to networks or environments which have normally functioned in an isolated environment with minimal cybersecurity controls in place. This new security challenge demands for an appropriate risk assessment of Cyber-Physical Systems and development of a unified framework addressing taxonomy of threats, vulnerabilities, attacks and controls on device controllers (RTU’s, FRTU’s, PLC’s), plant-level distributed control, and system-wide SCADA components spanning wide geographic areas. Cyber-Physical Systems must often meet strict timing requirements during normal operation as well as during recovery. Cyber-Physical security is crucial to maintain stable and reliable operation during the contingency situation in-case of failure of any critical system component. Due to the cyber-attacks, Critical Information Infrastructure (CII) may face operational failures and loss of synchronization, damaging critical physical system components that may interrupt the services and make the system unstable resulting in a debilitating impact on the national economy, public health, and safety. To ensure CII operates in a safe, secure and reliable manner, cybersecurity is required to be implemented at each layer of cyber-physical systems and hence it demands in-depth analysis of data transmission and storage procedures.