scholarly journals Bayesian network model to distinguish between intentional attacks and accidental technical failures: a case study of floodgates

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Sabarathinam Chockalingam ◽  
Wolter Pieters ◽  
André Teixeira ◽  
Pieter van Gelder
Keyword(s):  
Water Management ◽  
Bayesian Network ◽  
Cyber Attacks ◽  
Abnormal Behaviour ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Corporate Networks ◽  
Response Strategies ◽  
Technical Failures

AbstractWater management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attacks. Abnormal behaviour in floodgates operated by ICS could be caused by both (intentional) attacks and (accidental) technical failures. When operators notice abnormal behaviour, they should be able to distinguish between those two causes to take appropriate measures, because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector. In the previous work, we developed the attack-failure distinguisher framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two causes, including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models. As a full case study of the attack-failure distinguisher framework, this paper presents a BN model constructed to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates, addressing the problem of floodgate operators. We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model. The constructed BN model is usable in water management infrastructures to distinguish between intentional attacks and accidental technical failures in case of incorrect sensor measurements. This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements.

Building a Cybersecurity Culture in the Industrial Control System Environment

2019 ◽  
Vol 8 (1) ◽  
pp. 39-44
Author(s):  
Claudia ARAUJO MACEDO ◽  
Jos MENTING
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Industrial Control System ◽  
Security Measures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
System A ◽  
Educational Processes

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

scholarly journals A review: towards practical attack taxonomy for industrial control systems

2018 ◽  
Vol 7 (2.14) ◽  
pp. 145 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Razali Jidin ◽  
Mohd Ezanee Rusli ◽  
Md Nabil Ahmad Zawawi ◽  
...  
Keyword(s):  
Control Systems ◽  
Supervisory Control ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
Cyber Attack ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Scada System ◽  
Water Transportation ◽  
Different Types

Supervisory Control and Data Acquisition (SCADA) system is the underlying control system of most national critical infrastructures such as power, energy, water, transportation and telecommunication. In order to understand the potential threats to these infrastructures and the mechanisms to protect them, different types of cyber-attacks applicable to these infrastructures need to be identified. Therefore, there is a significant need to have a comprehensive understanding of various types of cyber-attacks and its classification associated with both Opera-tion Technology (OT) and Information Technology (IT). This paper presents a comprehensive review of existing cyber-attack taxonomies available in the literature and evaluates these taxonomies based on defined criteria.  

scholarly journals Autoencoder Based Anomaly Detection for SCADA Networks

2021 ◽  
Vol 11 (2) ◽  
pp. 83-99
Author(s):  
Sajid Nazir ◽  
Shushma Patel ◽  
Dilip Patel
Keyword(s):  
Cyber Attacks ◽  
Traffic Patterns ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Physical Systems ◽  
Anomalous Data ◽  
National Importance ◽  
Attack Patterns ◽  
Attack Surface ◽  
Scada Networks

Supervisory control and data acquisition (SCADA) systems are industrial control systems that are used to monitor critical infrastructures such as airports, transport, health, and public services of national importance. These are cyber physical systems, which are increasingly integrated with networks and internet of things devices. However, this results in a larger attack surface for cyber threats, making it important to identify and thwart cyber-attacks by detecting anomalous network traffic patterns. Compared to other techniques, as well as detecting known attack patterns, machine learning can also detect new and evolving threats. Autoencoders are a type of neural network that generates a compressed representation of its input data and through reconstruction loss of inputs can help identify anomalous data. This paper proposes the use of autoencoders for unsupervised anomaly-based intrusion detection using an appropriate differentiating threshold from the loss distribution and demonstrate improvements in results compared to other techniques for SCADA gas pipeline dataset.

Cybersecurity Leadership: Competencies, Governance, and Technologies for Industrial Control Systems

2017 ◽  
Vol 17 (01) ◽  
pp. 1740001 ◽  
Author(s):  
JEAN-PIERRE AUFFRET ◽  
JANE L. SNOWDON ◽  
ANGELOS STAVROU ◽  
JEFFREY S. KATZ ◽  
DIANA KELLEY ◽  
...  
Keyword(s):  
Smart Grid ◽  
Control Systems ◽  
Leadership Competencies ◽  
Cyber Attacks ◽  
Industrial Control ◽  
Public And Private ◽  
Industrial Control Systems ◽  
Grid Systems ◽  
Private Organizations ◽  
Emerging Risk

The extensive integration of interconnected devices and the inadvertent information obtained from untrusted sources has exposed the Industrial Control Systems (ICS) ecosystem to remote attacks by the exploitation of new and old vulnerabilities. Unfortunately, although recognized as an emerging risk based on the recent rise of cyber attacks, cybersecurity for ICS has not been addressed adequately both in terms of technology but, most importantly, in terms of organizational leadership and policy. In this paper, we will present our findings regarding the cybersecurity challenges for Smart Grid and ICS and the need for changes in the way that organizations perceive cybersecurity risk and leverage resources to balance the needs for information security and operational security. Moreover, we present empirical data that point to cybersecurity governance and technology principles that can help public and private organizations to navigate successfully the technical cybersecurity challenges for ICS and Smart Grid systems. We believe that by identifying and mitigating the inherent risks in their systems, operations, and processes, enterprises will be in a better position to shield themselves and protect against current and future cyber threats.

scholarly journals Digital Forensic Analysis of Industrial Control Systems Using Sandboxing: A Case of WAMPAC Applications in the Power Systems

Energies ◽  
2019 ◽  
Vol 12 (13) ◽  
pp. 2598
Author(s):  
Asif Iqbal ◽  
Farhan Mahmood ◽  
Mathias Ekstedt
Keyword(s):  
Power Systems ◽  
Control Systems ◽  
Forensic Analysis ◽  
Cyber Attacks ◽  
Power Grids ◽  
Cyber Attack ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Daubert Standard ◽  
And Control

In today’s connected world, there is a tendency of connectivity even in the sectors which conventionally have been not so connected in the past, such as power systems substations. Substations have seen considerable digitalization of the grid hence, providing much more available insights than before. This has all been possible due to connectivity, digitalization and automation of the power grids. Interestingly, this also means that anybody can access such critical infrastructures from a remote location and gone are the days of physical barriers. The power of connectivity and control makes it a much more challenging task to protect critical industrial control systems. This capability comes at a price, in this case, increasing the risk of potential cyber threats to substations. With all such potential risks, it is important that they can be traced back and attributed to any potential threats to their roots. It is extremely important for a forensic investigation to get credible evidence of any cyber-attack as required by the Daubert standard. Hence, to be able to identify and capture digital artifacts as a result of different attacks, in this paper, the authors have implemented and improvised a forensic testbed by implementing a sandboxing technique in the context of real time-hardware-in-the-loop setup. Newer experiments have been added by emulating the cyber-attacks on WAMPAC applications, and collecting and analyzing captured artifacts. Further, using sandboxing for the first time in such a setup has proven helpful.

Enhancing Safety in Manufacturing Systems by Integrating Diagnostic Information

2008 ◽  
Author(s):  
Kyle Schroeder ◽  
Aftab A. Khan ◽  
James Moyne ◽  
Dawn Tilbury
Keyword(s):  
Manufacturing Systems ◽  
Diagnostic System ◽  
Process Variable ◽  
Safety System ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
System A ◽  
The Individual ◽  
Diagnostics System

Integrating traditionally separate industrial control systems can derive factory-wide benefits by leveraging more information about the ongoing process. This paper shows that connecting a networked safety system and a process control system leads to an extension of the individual benefits provided by each system. A safety system gains the ability to protect not only the machines and workers but also the product that is being built. A diagnostic system can also raise safety alarms when a process variable is outside the expected range of safe operation. This connection is explored to determine the practical impact of different methods of integration on machining and system processes. Three integration methods are possible depending on which portions of the system can be classified as “safe”. A case study integrating a diagnostics system as a non-safe sensor proves that this connection, when it is implemented on an industrial testbed, provides all of the benefits described and does not require significant changes to control software.

Sign in / Sign up

Export Citation Format

Share Document