Consequence-Based Resilient Architectures

  • Curtis St. MichelEmail author
  • Sarah FreemanEmail author
Part of the Advances in Information Security book series (ADIS, volume 75)


As described in Lee et al., cyber-attackers conducted a coordinated, multifaceted operation against three distribution companies on 23 December 2015, resulting in a customer outage of nearly 4 hours. The significance in this event does not originate from the infiltration of the electric sector; on the contrary, Gorman, Toppa, Perlroth, Dearden, and Borger indicate they have been compromised before and will continue to be compromised in the future. Nor was this event significant because it harkened the arrival of some previously unknown, sophisticated industrial control system (ICS) malware, as Karnouskos, Fidler and Matrosov et al. argued was the case with Stuxnet. Rather, the significance of the December 2015 event stems from the means by which the attackers interfaced with and, ultimately, used the energy system design to their advantage.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    R. Lee, M. Assante, T. Conway, Analysis of the cyber-attack on the Ukrainian power grid. Prepared for the Energy Information Sharing and Analysis Center (E-ISAC), 16 Mar 2016Google Scholar
  2. 2.
    S. Gorman, Electricity grid in U.S. penetrated by spies. (Wall Street J, 2009),
  3. 3.
    S. Toppa, The National Power Grid is under almost continuous attack, report says. (Time, 2015),
  4. 4.
    N. Perlroth, Hackers are targeting nuclear facilities, Homeland Security Dept. and F.B.I. say. (The New York Times, 2017),
  5. 5.
    L. Dearden, Russian cyber-attacks have targeted UK energy, communication, and media networks, says top security chief. (Independent, 2017),
  6. 6.
    J. Borger, US accuses Russia of cyber-attack on energy sector and imposes new sanctions. (The Guardian, 2018),
  7. 7.
    S. Karnouskos, Stuxnet worm impact on industrial cyber-physical system security, in IECON 2011-37th Annual Conference on IEEE Industrial Electronics Society, 2011Google Scholar
  8. 8.
    D.P. Fidler, Was Stuxnet an act of war? Decoding a cyberattack. IEEE Security & Privacy 9(4), 56–59 (2011)CrossRefGoogle Scholar
  9. 9.
    A. Matrosov, E. Rodionov, D. Harley, J. Malcho, Stuxnet under the microscope. ESET, Technical report, 2011, revision 1.31Google Scholar
  10. 10.
    M. Braglia, MAFMA: multi-attribute failure mode analysis. Int. J. Qual. Reliab. Manag. 17(9), 1017–1033 (2000)CrossRefGoogle Scholar
  11. 11.
    A. Bolshev, J. Larsen, M. Krotofil, R. Wightman, A rising tide: design exploits in industrial control systems. Prepared for 10th USENIX workshop on offensive technologies, WOOT 16, USENIX Association, Austin, TX, 2016Google Scholar
  12. 12.
    Sandia National Laboratories, Guide to CIP cyber-vulnerability assessment,
  13. 13.
    C. Ten, C. Liu, G. Manimaran, Vulnerability assessment of cybersecurity for SCADA systems. IEEE Trans. Power Syst. 23(4), 1836–1846 (2008)CrossRefGoogle Scholar
  14. 14.
    P.A.S. Ralston, J.H. Graham, J.L. Hieb, Cybersecurity risk assessment for SCADA and DCS networks. ISA Trans. 46, 583–594 (2007)CrossRefGoogle Scholar
  15. 15.
  16. 16.
    M. Dacier, L. Yumer, T. Dumitras, Lessons learned from a rigorous analysis of two years of zero-day attacks. Prepared for RSA conference Asia Pacific, 2013,
  17. 17.
    L. Ablon, A. Bogart, Zero days, thousands of nights: the life and times of zero-day vulnerabilities and their exploits. (Rand, 2017),
  18. 18.
    S. Tom, D. Christiansen, D. Berrett, Recommended Practice for Patch Management of Control Systems (Department of Homeland Security, Washington, D.C., 2008). Scholar
  19. 19.
    C. St Michel, S. Freeman, R. Smith, M. Assante, Consequence-driven. (Cyber-Informed Engineering. 2016),
  20. 20.
    R. Pal, L. Golubchik, K. Psounis, P. Hui, Security pricing as enabler of cyber-insurance A First Look at Differentiated Pricing Markets. IEEE Trans. Dependable Secure Comput. (2016)Google Scholar
  21. 21.
    N.S. Malik, R. Collins, M. Vamburkar, Cyberattack pings data systems of at least four gas networks. (Bloomberg, 2018),
  22. 22.
    S. Romanosky, L. Ablon, A. Kuehn, T. Jones, Content analysis of cyber-insurance policies: how do carriers write policies and price cyber-risk? (Rand Corporation, 2017),
  23. 23.
    M. Thompson, Why cyber-insurance will be the next big thing. (CNBC, 2014),
  24. 24.
    R. Colbaugh, K. Glass, Proactive defense for evolving cyber-threats, in IEEE International Conference on Intelligence and Security Informatics, Beijing, China, 2011,
  25. 25.
    M. Bozorgi, L. Saul, S. Savage, G. Voelker, Beyond heuristics: learning to classify vulnerabilities and predict exploits, in Proceedings of the 16th International Conference on Knowledge Discovery and Data Mining, 2010, pp. 105–114Google Scholar
  26. 26.
    Y.-F. Han, D. Kumar, C. Sivadinarayana, D.W. Goodman, Kinetics of ethylene combustion in the synthesis of vinyl acetate over a PD/SiO2 catalyst. J. Catal. 224, 60–68 (2004)CrossRefGoogle Scholar
  27. 27.
    D. Gollmann, P. Gurikov, A. Isakov, M. Krotofil, J. Larsen, A. Winnicki, Cyber-physical systems security – experimental analysis of a vinyl acetate monomer plant. ACM Cyber-Physical System Security Workshop (CPSS), Singapore, 2015Google Scholar
  28. 28.
    A. Cherepanov, Win32/Industroyer: a new threat for industrial control systems. (ESET, 2017),
  29. 29.
    E. Kovacs, Electrical substations exposed to attacks by flaws in Siemens devices. (2018),
  30. 30.
    Havex hunts for ICS/SCADA systems. (F-Secure Labs, 2014),
  31. 31.
    R. Heuer Jr., R. Pherson, Structured Analytic Techniques for Intelligence Analysis (Sage/CQPress, Washington, D.C., 2015)Google Scholar
  32. 32.
    B. Wood, R. Duggan, Red teaming of advanced information assurance concepts, in DISCEX 2000, Hilton Head, South Carolina, January 2000,
  33. 33.
    J. Larsen, Physical damage 101: bread and butter attacks. (Blackhat, 2015),
  34. 34.
    R. Wightman, The easy button for cyber/physical ICS attacks, in S4 Security Conference, 2016Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Control Systems Cybersecurity Analyst, Idaho National LaboratoryIdaho FallsUSA

Personalised recommendations