Quantification of the Impact of Cyber Attack in Critical Infrastructures

  • Oleksandr Netkachov
  • Peter Popov
  • Kizito Salako
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8696)

Abstract

In this paper we report on a recent study of the impact of cyber-attacks on the resilience of complex industrial systems. We describe our approach to building a hybrid model consisting of both the system under study and an Adversary, and we demonstrate its use on a complex case study - a reference power transmission network (NORDIC 32), enhanced with a detailed model of the computer and communication system used for monitoring, protection and control. We studied the resilience of the modelled system under different scenarios: i) a base-line scenario in which the modelled system operates in the presence of accidental failures without cyber-attacks; ii) scenarios in which cyber-attacks can occur. We discuss the usefulness of our findings and outline directions for further work.

Keywords

Critical Infrastructures Power Transmission Network IEC 61850 stochastic modelling 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Stouffer, K., Falco, J., Kent, K.: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security, p. 164. National Institute of Standards and Technology (NIST) (2006)Google Scholar
  2. 2.
    Bloomfield, R.E., et al.: Preliminary Interdependency Analysis (PIA): Method and tool support, p. 56. Adelard LLP (2010)Google Scholar
  3. 3.
    Bloomfield, R., Buzna, L., Popov, P., Salako, K., Wright, D.: Stochastic Modelling of the Effects of Interdependencies between Critical Infrastructure. In: Rome, E., Bloomfield, R. (eds.) CRITIS 2009. LNCS, vol. 6027, pp. 201–212. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Ford, M.D., et al.: Implementing the ADVISE security modeling formalism in Möbius. In: The 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, Budapest (2013)Google Scholar
  5. 5.
    Sanders, W.H.: Mobius, http://www.mobius.illinois.edu/ [cited]
  6. 6.
    IRRIIS. Integrated Risk Reduction of Information-based Infrastructure Systems (IRRIIS) (2006–2009), http://www.irriis.org/ [cited]
  7. 7.
    Hearing Before The Subcommittee On National Security, Cybersecurity: Assessing The Immediate Threat To The United States 2011, House of Representatives One Hundred Twelfth Congress First Session (2011)Google Scholar
  8. 8.
    US-CERT, Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies, US-CERT, p. 44 (2009)Google Scholar
  9. 9.
    Ten, C.-W., Liu, C.-C., Manimaran, G.: Vulnerability Assessment of Cybersecurity for SCADA Systems. IEEE Transactions on Power Systems 23(4), 1836–1846 (2008)CrossRefGoogle Scholar
  10. 10.
    Krautsevich, L., Martinelli, F., Yautsiukhin, A.: Towards Modelling Adaptive Attacker’s Behaviour. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds.) FPS 2012. LNCS, vol. 7743, pp. 357–364. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  11. 11.
    Johnson, B., Grossklags, J., Christin, N., Chuang, J.: Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 588–606. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Cavalieri, S., et al.: Quantitative Assessment of Distributed Networks through Hybrid Stochastic Modelling. In: Bruneo, D., Distefano, S. (eds.) Quantitative Assessments of Distributed Systems, pp. 1–39. Scrivener Publishing LLC, USA (to appear)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Oleksandr Netkachov
    • 1
  • Peter Popov
    • 1
  • Kizito Salako
    • 1
  1. 1.Centre for Software ReliabilityCity University LondonUK

Personalised recommendations