Advertisement

Algorithms and Tools for Risk/Impact Evaluation in Critical Infrastructures

  • Chiara Foglietta
  • Stefano PanzieriEmail author
  • Federica Pascucci
Chapter
Part of the Studies in Computational Intelligence book series (SCI, volume 565)

Abstract

Critical Infrastructures (CIs) are complex system of systems due to the existence of interdependencies that are not readily visible but very often play a central role. Hence, modelling and simulating networks of critical infrastructures is a crucial point to support operators and service providers in mitigating risks. In this chapter we describe how a general approach, called Mixed Holistic Reductionist, is able to join a holistic impact evaluation with a reductionist modelling of cascade effects in order to integrate situation assessment and interdependency evaluation. This approach can be realized using two different symbiotic techniques: a vertical simulation of a specific behaviour of an infrastructure and an interdependency agent-based simulator able to take into account cascading effects along several interdependency links.

Keywords

Risk assessment Critical infrastructures modelling Interdependencies analysis 

References

  1. 1.
    Chabukswar, R., Sinopoli, B., Karsai, G., Giani, A., Neema, H., Davis, A.: Simulation of network attacks on SCADA systems, In: First Workshop on Secure Control Systems, 2010Google Scholar
  2. 2.
    Chappell, L., Combs, G.: Wireshark network analysis: the official Wireshark certified network analyst study guide, Chappell University 2010Google Scholar
  3. 3.
    Chunlei, W., Lan, F., Yiqi, D.: A simulation environment for SCADA security analysis and assessment. In: Proceedings of the International Conference on Measuring Technology and Mechatronics Automation, vol. 1, pp. 342–347 (2010)Google Scholar
  4. 4.
    Ciancamerla, E., Minichino, M., Rosato, V., Vicoli, G., SCADA systems within CI interdependency analysis: cyber attacks, resilience and quality of service. In: Workshop on Experimental Platforms for Interoperable Public Safety Communications—Joint Research Centre (JRC), Ispra, Italy. 10, 11 October 2011Google Scholar
  5. 5.
    Ciancamerla, E., Foglietta, C., Lefevre, D., Minichino, M., Lev, L., Shneck, Y.: Discrete event simulation of QoS of a SCADA system interconnecting a Power grid and a Telco network. In: 1st IFIP TC11 International Conference on Critical Information Infrastructure Protection 2010 World Computer Congress 2010 Proceedings, Springer, Brisbane (2010) ISSN 1868-4238Google Scholar
  6. 6.
    Davis, C.M., Tate, J.E., Okhravi, H., Grier, C., Overbye, T.J. Nicol, D.: SCADA cyber security testbed development. In: Proceedings of the 38th North American Power Symposium, pp. 483–488 (2006)Google Scholar
  7. 7.
    De Porcellinis, S., Panzieri, S., Setola, R.: Modelling critical infrastructure via a mixed holistic reductionistic approach. Int. J. Crit. Infrastruct. 5(1/2), 86–99 (2009)Google Scholar
  8. 8.
    De Porcellinis, S., Panzieri, S., Setola, R., Ulivi, G.: Simulation of heterogeneous and interdependent critical infrastructures. Int. J. Crit. Infrastruct. 4(1/2), 110–128 (2008)Google Scholar
  9. 9.
    European Commission: Achievements and next steps: towards global cyber-security’, communication from the commission to the European Parliament, the council, the European economic and social committee and the committee of the regions on critical information infrastructure protection (2011)Google Scholar
  10. 10.
    Falliere, N., O’Murchu, L., Chien, E.: W32.Stuxnet Dossier, Symantec, Mountain View, California. www.symantec.com/content/en/us/enterprise/media/securityresponse/whitepapers/w32stuxnetdossier.pdf (2011)
  11. 11.
    Foglietta, C., Gasparri, A., Panzieri, S.: Networked evidence theory framework for critical infrastructure modelling. In: Proceedings of Sixth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection (2012)Google Scholar
  12. 12.
    FP7 MICIE project. http://www.micie.eu
  13. 13.
    Genge, B., Nai Fovino, I., Siaterlis, C., Masera, M.: Analyzing Cyber-Physical Attacks on Networked Industrial Control Systems. Crit. Infrastruct. Protect. 367, 167–183 (2011)Google Scholar
  14. 14.
    Haimes, Y., Jiang, P.: Leontief-based model of risk in complex interconnected infrastructures. J. Infrastruct. Syst. 1, 1–12 (2001)CrossRefGoogle Scholar
  15. 15.
    Hemingway, G., Neema, H., Nine, H., Sztipanovits, J., Karsai, G.: Rapid synthesis of high-level architecture-based heterogeneous simulation: a model-based integration approach In: Proceedings of simulation, p 0037549711401950, March 17, 2011Google Scholar
  16. 16.
    Huitsing, P., Chandia, R., Papa, M., Shenoi, S.: Attack taxonomies for the Modbus protocols. Int. J. Crit. Infrastruct. Prot. 1, 37–44 (2008)CrossRefGoogle Scholar
  17. 17.
    Modicon, I.: Modicon modbus protocol reference guide. http://modbus.org/docs/PI_MBUS_300.pdf (1996)
  18. 18.
    Nai Fovino, I., Carcano, A., Masera, M., Trombetta, A.: An experimental investigation of malware attacks on SCADA systems. Int. J. Crit. Infrastruct. Protect. 2(4) 139–145 (2009)Google Scholar
  19. 19.
    Oliva, G., Panzieri, S., Setola, R.: Fuzzy dynamic input-output inoperability model. Int. J. Crit. Infrastruct. Protect. 4(3–4), pp. 165–175 (2011)Google Scholar
  20. 20.
    Oliva, G., Panzieri, S., Setola, R.: Online distributed interdependency estimation for critical infrastructures. In: 50th IEEE Conference on Decision and Control, 2011Google Scholar
  21. 21.
    OPNET: OPNET network simulation tools. http://www.opnet.com (2012)
  22. 22.
    PowerWorld: PowerWorld simulator. http://www.powerworld.com (2012)
  23. 23.
    Queiroz, C., Mahmood, A., Hu, J., Tari, Z., Yu, X.: Building a SCADA security testbed. In: Proceedings of the Third International Conference on Network and System Security, pp. 357–364 (2009)Google Scholar
  24. 24.
    Rinaldi, S.M.: Modeling and simulating critical infrastructures and their interdependencies. In: Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS’04)—Track 2, vol. 2 (HICSS ‘04), Vol. 2. IEEE Computer Society, Washington, DC, USA, 20054.1 (2004)Google Scholar
  25. 25.
    Rios, B., McCorkle, T.: 100 Bugs in 100 days: an analysis of ICS (SCADA) Software. DerbyCon 2011, Session (2011)Google Scholar
  26. 26.
    Setola, R., De Porcellinis, S., Sforna, M.: Critical infrastructure dependency assessment using input-output inoperability model, Int. J. Crit. Infrastruct. 2, 170–178 2009Google Scholar
  27. 27.
    Varga, A.: The OMNeT++ discrete event simulation system. In: Proceedings of the European simulation multiconference (ESM’2001) (2001)Google Scholar
  28. 28.
    W32.Duqu; The precursor to the next Stuxnet, Symantec. White Paper, (2011)Google Scholar
  29. 29.
    White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad, S., Newbold, M., Hibler, M., Barb, V., Joglekar, A.: An integrated experimental environment for distributed systems and networks. In: Proceedings of the Fifth Symposium on Operating Systems Design and Implementation, pp. 255–270 (2002)Google Scholar
  30. 30.
    Zhu, B., Joseph, A., Sastry, S. (2011) Taxonomy of Cyber Attacks on SCADA Systems. In: Proceedings of CPSCom 2011: The 4th IEEE International Conference on Cyber, Physical and Social Computing, Dalian, China, October 19-22, 2011Google Scholar
  31. 31.
  32. 32.
    Zou, C.C., Gong, W., Towsley, D.: Code red worm propagation modeling and analysis. In: Vijay, A., (ed.) Proceedings of the 9th ACM Conference on Computer and communications Security (CCS ‘02), 138-147. ACM, New York, NY, USA, (2002)Google Scholar
  33. 33.
    FP7 CockpitCI project, Deliverable D5.1, “system requirements”Google Scholar
  34. 34.
    FP7 MICIE project, Deliverable 4.1.1 “MICIE ICT system requirements”Google Scholar
  35. 35.
    Rahman, M., Armstrong, D.M., Marti, J.: I2Sim: A matrix-partition based framework for critical infrastructure interdependencies simulation. In: Electric Power Conference (EPEC), Vancouver (2008)Google Scholar
  36. 36.
    Leontief, W.: Input-Output Economics. Oxford University Press, New York (1966)Google Scholar
  37. 37.
    Ettercap suite for man-in-the-middle attacks on LANs. http://ettercap.sourceforge.net/
  38. 38.
    Kaplan, S., Garrisck, B.J.: On the quantitative definition of risk. Risk Analysis 1(1), 11–27 (1981)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Chiara Foglietta
    • 1
  • Stefano Panzieri
    • 1
    Email author
  • Federica Pascucci
    • 1
  1. 1.Dipartimento Di IngegneriaUniversità Degli Studi “Roma Tre”RomeItaly

Personalised recommendations