Topical issues of the problem of assessment of threats of cyber attacks on information resources of significant facilities of critical information infrastructure

Sergey V. Skryl'; Victor V. Gaifulin; Dmitry V. Domrachev; Vladimir M. Sychev; Yulia V. Gracheva

doi:10.26583/bit.2021.1.07

Using Hybrid Attack Graphs to Model and Analyze Attacks against the Critical Information Infrastructure

Critical Information Infrastructure Protection and Resilience in the ICT Sector ◽

10.4018/978-1-4666-2964-6.ch009 ◽

2013 ◽

pp. 173-197

Author(s):

Peter J. Hawrylak ◽

Chris Hartney ◽

Mauricio Papa ◽

John Hale

Keyword(s):

Smart Grid ◽

Information Infrastructure ◽

Cyber Attacks ◽

Computer Networking ◽

Attack Graphs ◽

Critical Information ◽

Best Practice Guidelines ◽

Modeling Methodology ◽

Physical Attack ◽

Networking Technologies

The Smart Grid will incorporate computer networking technologies into the electrical generation, transmission, and distribution sectors. Thus, there will be an underlying Critical Information Infrastructure (CII) based on these network connections. This CII is vulnerable to traditional cyber or computer based attacks typically geared toward disabling devices or networks. However, the Smart Grid is also vulnerable to physical attacks where sensors are tricked into reporting false conditions that cause the control system to react in an inappropriate manner. Cyber-physical attacks blending both cyber and physical attack components are also a possibility. Techniques to model cyber-attacks exist, and this chapter presents a modeling methodology, termed hybrid attack graphs, to model cyber-physical attacks. The hybrid attack graph formalism can be applied to develop best practice guidelines and security patches for the Smart Grid. This formalism can also be applied to other cyber-physical domains as well to help bridge the gap between the physical, logical, and network domains.

Download Full-text

Some issues of improving state planning in the sphere of cyber security in conditions of hybrid threats

INFORMATION AND LAW ◽

10.37750/2616-6798.2021.1(36).238191 ◽

2021 ◽

pp. 114-122

Author(s):

S. GRIBOIEDOV

Keyword(s):

Strategic Planning ◽

Public Administration ◽

Cyber Security ◽

Information Infrastructure ◽

Information Resources ◽

Security Strategy ◽

State Planning ◽

State Information ◽

Critical Information ◽

Hybrid Threats

The main principles of state strategic planning in the sphere of cybersecurity are considered. The directions of improvement of public administration in the field of cyber protection of a critical information infrastructure and state information resources are identified. The shortcomings of the Cyber Security Strategy of Ukraine in 2016 are analyzed and summarized. The draft of Cyber Security Strategy of Ukraine for 2021 – 2025 is considered and directions for its improvement are proposed. The prospects of strategic state planning in the sphere of cybersecurity in the context of the spread of hybrid threats are outlined.

Download Full-text

Selection Method of Test Cyber Attacks that Ensure the Rational Completeness of the Penetration Testing of a Critical Information Infrastructure Object

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2021-6-12-25 ◽

2021 ◽

pp. 12-25

Author(s):

Sergey Makarenko ◽

◽

Gleb Smirnov ◽

Keyword(s):

Critical Infrastructure ◽

Selection Process ◽

Information Infrastructure ◽

Selection Method ◽

Cyber Attacks ◽

Cyber Attack ◽

Security Audit ◽

Penetration Testing ◽

Critical Information ◽

Efficiency Cost

Relevance. Security issues of information systems in critical infrastructure objects become important now. However, current tasks of information security audit of critical infrastructure objects are mainly limited to checking them for compliance with requirements of standards and documents. With this approach to the audit, security of these objects from real attacks by hackers remains unclear. Therefore, objects are subjected to a testing procedure, namely, penetration testing, in order to objectively verify their security. An analysis of publications in this area shows that there is not mathematical approaches to selection of test cyber attacks for penetration testing set. The goals of the paper is to form the selection method of test cyber attacks that ensure the rational completeness of the security audit of a critical information infrastructure object. Research methods. Methods of probability theory and mathematical statistics, methods of graph theory and set theory are used in the paper to achieve the research goals. Results. The Select Method of test cyber attacks for security audit of a critical information infrastructure object with rational completeness is presented in the paper. This method formalizes the selection process in the form of a two-stage procedure. At the first stage, based on the topological model of the object testing, a set of testing paths is formed, and these paths are ordered by the degree of weight increase. The path weight is the efficiency/cost indicator that takes in account the test resource for realized of a test cyber attack, the vulnerability of an object element, and the level of damage caused to the element by this test cyber attack. At the second stage of the method, from an ordered set of test paths are selected of such, which would ensure the maximization of the whole absolute cost of the detected damage, within the limits on the resource making of test cyber attacks. It is using of this method in audit practice will allow us to justify the most effective test cyber attacks according to the “efficiency/cost” criterion, as well as to form test sets that will ensure the rational completeness of the audit of the critical infrastructure object.

Download Full-text

Algorithm and Method for Recognizing Critical Situations Using Semantic Networks on Critical Information Infrastructure Facilities as a Result of Cyber Attacks

2020 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus) ◽

10.1109/eiconrus49466.2020.9039255 ◽

2020 ◽

Cited By ~ 2

Author(s):

Sergey S. Kochedykov ◽

Viktor I Novoseltsev ◽

Sergey Y. Kobzistyy ◽

Alexander V. Dushkin ◽

Sophia D. Smolyakova

Keyword(s):

Semantic Networks ◽

Information Infrastructure ◽

Cyber Attacks ◽

Critical Information ◽

Critical Situations

Download Full-text

Legal and organizational provision of protection of the critical information infrastructure from cyberattacks

INFORMATION AND LAW ◽

10.37750/2616-6798.2021.4(39).248832 ◽

2021 ◽

pp. 121-128

Author(s):

S. CIAPA

Keyword(s):

United States ◽

Organizational Support ◽

Cyber Security ◽

Critical Infrastructure ◽

Information Infrastructure ◽

The United States ◽

Cyber Attacks ◽

Positive Experience ◽

Security Strategy ◽

Critical Information

The article considers the legal and organizational aspects of ensuring the protection of the critical information infrastructure from cyberattacks. Attention is drawn to the positive experience of the United States in ensuring the resilience of the objects of critical infrastructure. The provisions of the new Cyber Security Strategy of Ukraine are analyzed, one of the priorities of which is to improve the regulatory framework for cyber security of critical information infrastructure. The shortcomings of the previous Cyber Security Strategy of Ukraine (2016) are noted. Contains a detailed analysis of legislation and initiatives on providing cybersecurity. General requirements for cyber protection of critical infrastructure objects are considered. Based on the analysis of the current legislation on cyber security of Ukraine, ways to improve the legal and organizational support for the protection of the critical information infrastructure from cyber attacks are proposed.

Download Full-text

Using Hybrid Attack Graphs to Model and Analyze Attacks against the Critical Information Infrastructure

Cyber Behavior ◽

10.4018/978-1-4666-5942-1.ch110 ◽

2014 ◽

pp. 2098-2124

Author(s):

Peter J. Hawrylak ◽

Chris Hartney ◽

Mauricio Papa ◽

John Hale

Keyword(s):

Smart Grid ◽

Information Infrastructure ◽

Cyber Attacks ◽

Computer Networking ◽

Attack Graphs ◽

Critical Information ◽

Best Practice Guidelines ◽

Modeling Methodology ◽

Physical Attack ◽

Networking Technologies

The Smart Grid will incorporate computer networking technologies into the electrical generation, transmission, and distribution sectors. Thus, there will be an underlying Critical Information Infrastructure (CII) based on these network connections. This CII is vulnerable to traditional cyber or computer based attacks typically geared toward disabling devices or networks. However, the Smart Grid is also vulnerable to physical attacks where sensors are tricked into reporting false conditions that cause the control system to react in an inappropriate manner. Cyber-physical attacks blending both cyber and physical attack components are also a possibility. Techniques to model cyber-attacks exist, and this chapter presents a modeling methodology, termed hybrid attack graphs, to model cyber-physical attacks. The hybrid attack graph formalism can be applied to develop best practice guidelines and security patches for the Smart Grid. This formalism can also be applied to other cyber-physical domains as well to help bridge the gap between the physical, logical, and network domains.

Download Full-text

Designing a Security Audit Plan for a Critical Information Infrastructure (CII)

Securing Critical Infrastructures and Critical Control Systems ◽

10.4018/978-1-4666-2659-1.ch011 ◽

2013 ◽

pp. 262-285 ◽

Cited By ~ 1

Author(s):

Eduardo E. Gelbstein

Keyword(s):

Information Systems ◽

Critical Infrastructure ◽

Information Infrastructure ◽

September 11 ◽

Cyber Attacks ◽

Coordination Mechanisms ◽

Security Audit ◽

Good Practices ◽

Critical Information ◽

The Impact

Critical Information Infrastructure Infrastructures (CII) have been recognized as potential targets for cyber-attacks since the late 1990s and many have already been successfully attacked since then. The attacks that took place on September 11, 2001 have increased the concerns of the impact such attacks could have and many governments, professional bodies, and vendors have put in place advisory and coordination mechanisms to share and encourage such good practices. Critical infrastructures are monitored and controlled by information systems, and this makes it increasingly difficult to distinguish a Critical Infrastructure from a Critical Information Infrastructure. It is also acknowledged that such information systems are complex, interdependent, and convergent as they share components that use a small number of products and standards. All of these systems and the products with which they are built are known to have known and unknown vulnerabilities that could be exploited by attackers.

Download Full-text

Predicting of cyber attacks on critical information infrastructure

Journal of Physics Conference Series ◽

10.1088/1742-6596/2091/1/012062 ◽

2021 ◽

Vol 2091 (1) ◽

pp. 012062

Author(s):

I M Kosmacheva ◽

N V Davidyuk ◽

SV Belov ◽

Yu Kuchin ◽

I Yu Kvyatkovskaya ◽

...

Keyword(s):

Critical Infrastructure ◽

Information Infrastructure ◽

Cyber Attacks ◽

Incident Detection ◽

User Characteristics ◽

Critical Information ◽

Secure Storage ◽

Computer Attacks ◽

Software Updates ◽

Forecasting System

Abstract According to modern statistics and analytical reviews, targeted computer attacks (cyber attacks) are becoming more and more numerous. Attackers began to use non-standard schemes for implementing attacks, using employees of organizations as intermediaries, which reduces the efficiency of detecting violations. At the same time, the targets of attackers are increasingly critical information infrastructure (CII) objects. The number of cyberattacks on the critical infrastructure of the Russian Federation increased by 150%. Successful attacks on CII are associated with a lack of software updates for industrial equipment, personnel errors, incorrect configuration of protection tools and can potentially lead to disasters. Prediction of computer attacks on CII based on a comprehensive analysis of the characteristics of incidents and system users can significantly increase the efficiency of incident detection, since it is obvious that technical and anthropogenic characteristics in this case should be taken into account together. It is difficult to classify computer incidents due to the volume and heterogeneity of the data about them. The paper proposes approaches that provide for the initial systematization of system log data and user characteristics, an assessment of their informativeness. This will reduce the complexity of further data processing and increase the performance of the computer attack forecasting system by excluding some uninformative data from a single secure storage. The second important task is to create test systems based on available platforms for analyzing and detecting computer incidents in order to train future information security specialists in big data analysis technologies.

Download Full-text

Model of Security Audit of a Critical Information Infrastructure Object with Use the Test Cyber Attacks

Proceedings of Telecommunication Universities ◽

10.31854/1813-324x-2021-7-1-94-104 ◽

2021 ◽

Vol 7 (1) ◽

pp. 94-104

Author(s):

S. Makarenko ◽

G. Smirnov

Keyword(s):

Critical Infrastructure ◽

Information Infrastructure ◽

Cyber Attacks ◽

Audit Process ◽

Critical Information ◽

Test Information ◽

Cost Criterion ◽

Efficiency Cost ◽

The Individual ◽

Test Suites

The article presents a model for auditing the security of a critical information infrastructure object by test information and technical influences. This model formalizes an object in the form audit process of a multilevel topological model, the individual levels of which correspond to: resource costs for impacts, test information and technical impacts, vulnerabilities, object elements and damage levels. The use of this model in audit practice will make it possible to substantiate the most effective impacts on the basis of the “efficiency / cost” criterion, as well as form test suites that will ensure the rational completeness of the audit of a critical infrastructure facility.

Download Full-text

Ensuring the security of critical information infrastructure: the powers of the federal government bodies of the Russian Federation

Relevant issues of management, economics and economic security ◽

10.31483/r-32617 ◽

2019 ◽

Author(s):

Ilia Pavlovich Mikhnev ◽

Svetlana Vladimirovna Mikhneva

Keyword(s):

Information Security ◽

Federal Government ◽

Russian Federation ◽

Legal Status ◽

Information Infrastructure ◽

Critical Information ◽

Security Service ◽

Presidential Decree ◽

Computer Attacks ◽

The Russian Federation

The article discusses the competences and powers of the state authorities of the Russian Federation within their legal status in the field of ensuring the security of critical information infrastructure. Some functions and authorities in the field of information security have changed in a number of federal executive bodies. In particular, the Federal Security Service, on the basis of a presidential decree, is authorized to create a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation. However, not all rights and obligations are enshrined; a number of powers cause the duality of the legal status of certain federal bodies of state power. The clarity and unambiguity of securing the rights and obligations of state bodies authorized in the field of information security are guarantees for effectively ensuring the security of important information infrastructure facilities.

Download Full-text