Skip to main content

Über dieses Buch

This book constitutes the revised selected papers of the 14th International Conference on Critical Information Infrastructures Security, CRITIS 2019, held in Linköping, Sweden, in September 2019.

The 10 full papers and 5 short papers presented were carefully reviewed and selected from 30 submissions. They are grouped in the following topical sections: Invited Papers, Risk Management, Vulnerability Assessment, Resilience and Mitigation Short Papers, and Industry and Practical Experience Reports.



Correction to: A Comparison Between SWIFT and Blockchain from a Cyber Resiliency Perspective

Luisa Franchina, Guido Carlomagno

Invited Papers


Everything Is Awesome! or Is It? Cyber Security Risks in Critical Infrastructure

Industrial Control Systems (ICS) play an important role in the monitoring, control and automation of critical infrastructure such as water, gas, oil and electricity. Recent years have seen a number of high profile cyber attacks on such infrastructure exemplified by Stuxnet and the Ukrainian Power Grid attacks. This naturally begs the question: how should we manage cyber security risks in such infrastructure on which the day-to-day functioning of societies rely? What are the complexities of managing security in a landscape shaped by the often competing demands of a variety of stakeholders, e.g., managers, control engineers, enterprise IT personnel and field site operators? What are the challenges posed by the convergence of Internet of Things (IoT) and critical infrastructure through the so-called Industrial Internet of Things (IIoT)? In this paper, we discuss insights from a multi-year programme of research investigating these issues and the challenges to addressing them.
Awais Rashid, Joseph Gardiner, Benjamin Green, Barnaby Craggs

Challenges in Quantifying an Adversary’s Cyber Access to Critical Infrastructures

We consider the problem of quantifying the potential for an adversary to move through the computer/communication network controlling a critical infrastructure. Quantification is needed to describe the risk to the critical infrastructure of cyber penetration in terms understandable to the owners/operators of the critical infrastructure. We identify several specific challenges, and conclude without having solved the problem, but having pointed the way towards some possible solutions.
David M. Nicol

Risk Management


Exploring How Component Factors and Their Uncertainty Affect Judgements of Risk in Cyber-Security

Subjective judgements from experts provide essential information when assessing and modelling threats in respect to cyber-physical systems. For example, the vulnerability of individual system components can be described using multiple factors, such as complexity, technological maturity, and the availability of tools to aid an attack. Such information is useful for determining attack risk, but much of it is challenging to acquire automatically and instead must be collected through expert assessments. However, most experts inherently carry some degree of uncertainty in their assessments. For example, it is impossible to be certain precisely how many tools are available to aid an attack. Traditional methods of capturing subjective judgements through choices such as high, medium or low do not enable experts to quantify their uncertainty. However, it is important to measure the range of uncertainty surrounding responses in order to appropriately inform system vulnerability analysis. We use a recently introduced interval-valued response-format to capture uncertainty in experts’ judgements and employ inferential statistical approaches to analyse the data. We identify key attributes that contribute to hop vulnerability in cyber-systems and demonstrate the value of capturing the uncertainty around these attributes. We find that this uncertainty is not only predictive of uncertainty in the overall vulnerability of a given system component, but also significantly informs ratings of overall component vulnerability itself. We propose that these methods and associated insights can be employed in real world situations, including vulnerability assessments of cyber-physical systems, which are becoming increasingly complex and integrated into society, making them particularly susceptible to uncertainty in assessment.
Zack Ellerby, Josie McCulloch, Melanie Wilson, Christian Wagner

Estimating Cascading Effects in Cyber-Physical Critical Infrastructures

Nowadays, critical infrastructures operate a large number of highly interdependent, cyber-physical systems. Thus, incidents can have far-reaching cascading effects throughout the entire infrastructure, which need to be identified and estimated to realize a proper risk management. In this paper, we present a formal model to describe the propagation of a threat through the various physical and cyber assets within a critical infrastructure and the cascading effects this has on the entire infrastructure. We further show, how this model can be implemented into a prototypical tool, which allows to efficiently simulate the cascading effects of a given incident on the entire network of the infrastructure’s cyber-physical assets. The functionalities of the tool are demonstrated using a small demo set-up of a maritime port infrastructure. In this set-up, four incident scenarios both from the physical and cyber domain are simulated and the results are discussed.
Stefan Schauer, Thomas Grafenauer, Sandra König, Manuel Warum, Stefan Rass

Aggregating Centrality Rankings: A Novel Approach to Detect Critical Infrastructure Vulnerabilities

Assessing critical infrastructure vulnerabilities is paramount to arrange efficient plans for their protection. Critical infrastructures are network-based systems hence, they are composed of nodes and edges. The literature shows that node criticality, which is the focus of this paper, can be addressed from different metric-based perspectives (e.g., degree, maximal flow, shortest path). However, each metric provides a specific insight while neglecting others. This paper attempts to overcome this pitfall through a methodology based on ranking aggregation. Specifically, we consider several numerical topological descriptors of the nodes’ importance (e.g., degree, betweenness, closeness, etc.) and we convert such descriptors into ratio matrices; then, we extend the Analytic Hierarchy Process problem to the case of multiple ratio matrices and we resort to a Logarithmic Least Squares formulation to identify an aggregated metric that represents a good tradeoff among the different topological descriptors. The procedure is validated considering the Central London Tube network as a case study.
Gabriele Oliva, Annunziata Esposito Amideo, Stefano Starita, Roberto Setola, Maria Paola Scaparra

Vulnerability Assessment


Cyber-Physical Systems Security Based on a Cross-Linked and Correlated Vulnerability Database

Recent advances in data analytics prompt dynamic data-driven vulnerability assessments whereby data contained from vulnerability-alert repositories as well as from Cyber-physical System (CPS) layer networks and standardised enumerations. Yet, current vulnerability assessment processes are mostly conducted manually. However, the huge volume of scanned data requires substantial information processing and analytical reasoning, which could not be satisfied considering the imprecision of manual vulnerability analysis. In this paper, we propose to employ a cross-linked and correlated database to collect, extract, filter and visualise vulnerability data across multiple existing repositories, whereby CPS vulnerability information is inferred. Based on our locally-updated database, we provide an in-depth case study on gathered CPS vulnerability data, to explore the trends of CPS vulnerability. In doing so, we aim to support a higher level of automation in vulnerability awareness and back risk-analysis exercises in critical infrastructures (CIs) protection.
Yuning Jiang, Yacine Atif, Jianguo Ding

Climate Change Impact and Vulnerability Analysis in the City of Bratislava: Application and Lessons Learned

Consequences of climate change, like more frequent extreme weather events, are major challenges for urban areas. With diverse approaches for adaptation strategy development available to cities, comparability with respect to risks, vulnerabilities, and adaptation options is limited. The lack of standardized methods and approaches to prioritize and select appropriate adaptation options restricts the exchange of best practices between cities.
This paper presents the application of a vulnerability analysis for the city of Bratislava, Slovakia. It describes how the approach was employed to analyze the effects extreme precipitation has on the road network and reports on how different stakeholders were involved in the process, how relevant data was employed for the assessment, and which results were produced. Based on this process description, typical problems, resulting method adaptations, and lessons learned are described.
Daniel Lückerath, Eva Streberová, Manfred Bogen, Erich Rome, Oliver Ullrich, Eva Pauditsová

Resilience and Mitigation


Intrusion Resilience for PV Inverters in a Distribution Grid Use-Case Featuring Dynamic Voltage Control

ICT-enabled smart grid devices, potentially introduce new cyber vulnerabilities that weaken the resilience of the electric grid. Using real and simulated PV inverters, this work demonstrates how cyber-attacks on IEC 61850 communications to field devices can force an unstable state, causing voltage oscillations or overvoltage situations in a distribution grid. An automated resilience mechanism is therefore presented, combining intrusion detection and decentralised resilient controllers, which is demonstrated to assure stable operation of an energy system by counteracting cyber-attacks targeting embedded PV inverters.
BooJoong Kang, David Umsonst, Mario Faschang, Christian Seitl, Ivo Friedberg, Friederich Kupzog, Henrik Sandberg, Kieran McLaughlin

Mitigating Escalation of Cascading Effects of a Payment Disruption Across Other Critical Infrastructures: Lessons Learned in 15 Simulation-Games

A disruption in one critical infrastructure can quickly lead to cascading effects in several other ones. Much research has been done to analyze dependencies between different critical infrastructures, but little is known about how to mitigate escalation and cascading effects across several critical infrastructures, i.e. how to develop collective critical infrastructure resilience. This research presents the results of 15 simulation-games where groups of 6 to 8 field experts from different sectors were challenged to collaboratively manage a disruption in the payment system that quickly affected food distribution, fuel distribution, transport, health care et cetera. Teams discussed possible strategies, which next were implemented in a computer simulation. Teams could influence the sequence of events on 4 decision points during a 10 day scenario, and play the same scenario several times to test alternative solutions. Each simulation-game session lasted a full day. Data analysis involved the recorded team discussions as well as computer simulation logs of the implemented decisions and their impacts. The results show how escalation and the severity of cascading effects largely depends on the quality of the early crisis response and not so much on the initial disruption. Also, it is shown how cross sectorial collaboration is required. Responses where groups focus too much on cascading effects in one area lead too poor overall performance for society at large. Groups tend to overbalance their mitigating strategies initially, until they arrive at a more balanced strategy that covers challenges in several different critical infrastructures from an integral perspective.
Joeri van Laere, Björn J. E. Johansson, Leif Olsson, Peter Määttä

Using Datasets from Industrial Control Systems for Cyber Security Research and Education

The availability of high-quality benchmark datasets is an important prerequisite for research and education in the cyber security domain. Datasets from realistic systems offer a platform for researchers to develop and test novel models and algorithms. Such datasets also offer students opportunities for active and project-centric learning. In this paper, we describe six publicly available datasets from the domain of Industrial Control Systems (ICS). Five of these datasets are obtained through experiments conducted in the context of operational ICS while the sixth is obtained from a widely used simulation tool, namely EPANET, for large scale water distribution networks. This paper presents two studies on the use of the datasets. The first study uses the dataset from a live water treatment plant. This study leads to a novel and explainable anomaly detection method based upon Timed Automata and Bayesian Networks. The study conducted in the context of education made use of the water distribution network dataset in a graduate course on cyber data analytics. Through an assignment, students explored the effectiveness of various methods for anomaly detection. Research outcomes and the success of the course indicate an appreciation in the research community and positive learning experience in education.
Qin Lin, Sicco Verwer, Robert Kooij, Aditya Mathur

Transport and Finance


Securing Software Updates for Trains

We propose the secure procedure for the automated railway update and maintenance. The proposed procedure is derived from the Uptane update framework. Testing and validation phase, additional manual approval procedure and update progress control are integrated into the Uptane framework in order to conform to the railway safety requirements and norms. The possible metadata and repository customization is proposed and specific railway update attacks are discussed.
Tatiana Galibus

A Comparison Between SWIFT and Blockchain from a Cyber Resiliency Perspective

Payments critical infrastructure is subject to rapid technological change. Increasingly sophisticated threats must be addressed to ensure the banking and financial system security and integrity. Several high-profile cyber-incidents have recently shaken the global financial community and stimulated renewed efforts to reinforce and bolster its security framework. Two different cross border payments management approaches have emerged over the years: the SWIFT financial messaging standard and the innovative peer-to-peer transaction model based on the blockchain technology. Debates about which one will prevail as the best practice are currently a very popular topic. Security, and more specifically resiliency to evolving cyber threats, will likely be the main point of concern. Both the SWIFT and the blockchain models present potential exposure to such vulnerabilities. Ultimately, the discussion boils down to an assessment of whether a decentralized, distributed system like the blockchain better meets the integrity requirements of a modern payments infrastructure and is more suitable to mitigate the root cause of cyber incidents, which is human error.
Luisa Franchina, Guido Carlomagno

Short Papers


On the Importance of Agility, Transparency, and Positive Reinforcement in Cyber Incident Crisis Communication

Cyber incident crisis management protocols often overlook the importance of crisis communication. This paper reviews the crisis communication literature to define explicit communication strategies for each stage of a cyber incident. We applied the proposed model to analyze the Norsk Hydro case: a Norwegian aluminum and renewable energy company halted operations due to a ransomware attack. By combining traditional communication outlets and social media, the company kept high transparency of their recovery operation, with frequent (i.e., agile) updates about the cyber incident. The positive presence of Norsk Hydro on social media allowed them to manage reputation throughout the process. Employees’ creativity and loyalty were crucial in the recovery process, and it was promptly publicized globally. This empowered other employees at other branches to act creatively and inspired the community. We conclude the study by suggesting the agility, transparency, and positive reinforcement were the success factor of this crisis communication operation.
Tomomi Aoyama, Atsushi Sato, Giuseppe Lisi, Kenji Watanabe

SealedGRID: A Secure Interconnection of Technologies for Smart Grid Applications

In recent years, the Smart Grid has increasingly integrated cutting-edge technologies that generate several benefits for all the stakeholders involved, such as a more accurate billing system and enhanced Demand Response procedures. However, this modernization also brings with it diverse cyber security and privacy issues, which sets the necessity for developing a security platform specifically tailored to this scenario. In this paper, we present SealedGRID, which proposes a flexible architecture that provides security services at all levels by implementing Trusted Execution Environments on their devices, together with advanced authentication and authorization mechanisms, as well as privacy preserving techniques. These technologies are presented in depth and a final security analysis is conducted, which highlights the contributions of this project.
Aristeidis Farao, Juan Enrique Rubio, Cristina Alcaraz, Christoforos Ntantogian, Christos Xenakis, Javier Lopez

A Dynamic Risk Assessment (DRA) Methodology for High Impact Low Probability (HILP) Security Risks

Short Paper
This paper proposes a Dynamic Risk Assessment (DRA) methodology applicable to the so-called High Impact Low Probability (HILP) security risks which, by their very nature, are difficult to identify or occur only infrequently. DRA is based on the processing of Weak Signals (WSs) to protect critical infrastructures and soft targets against HILP security risks before they materialise. DRA allows to rank WSs according to the reliability and credibility of the sources and to correlate them to obtain threat precursors. Experimental results have shown that DRA is effective and helps suppressing irrelevant alerts.
Carlo Dambra, Chanan Graf, Jordi Arias, Alex Gralewski

On Actuator Security Indices

Actuator security indices are developed for risk assessment purposes. Particularly, these indices can tell a system operator which of the actuators in a critical infrastructure network are the most vulnerable to cyber-attacks. Once the operator has this information, he/she can focus the security budget to protect these actuators. In this short paper, we first revisit one existing definition of an actuator security index, and then discuss possible directions for future research.
Jezdimir Milošević, Sebin Gracy, Henrik Sandberg

Testbed Evaluation of DoS Attacks on PID-Controllers

(Short Paper)
We present ongoing work in evaluating the performance of PID-controllers under DoS attacks. The experiments are conducted in a recently developed virtual testbed, which is openly available. An important observation is that also benign physical processes may exhibit potentially dangerous oscillations under DoS attacks unless care is taken in the control implementation. An event-based PID-controller with adaptive gain shows promising performance under DoS attack.
Viktor Tuul, Henrik Sandberg

Industry and Practical Experience Reports


White Paper on Industry Experiences in Critical Information Infrastructure Security: A Special Session at CRITIS 2019

The security of critical infrastructures is of paramount importance nowadays due to the growing complexity of components and applications. This paper collects the contributions to the industry dissemination session within the 14th International Conference on Critical Information Infrastructures Security (CRITIS 2019). As such, it provides an overview of recent practical experience reports in the field of critical infrastructure protection (CIP), involving major industry players. The set of cases reported in this paper includes the usage of serious gaming for training infrastructure operators, integrated safety and security management in the chemical/process industry, risks related to the cyber-economy for energy suppliers, smart troubleshooting in the Internet of Things (IoT), as well as intrusion detection in power distribution Supervisory Control And Data Acquisition (SCADA). The session has been organized to stimulate an open scientific discussion about industry challenges, open issues and future opportunities in CIP research.
Giacomo Assenza, Valerio Cozzani, Francesco Flammini, Nadezhda Gotcheva, Tommy Gustafsson, Anders Hansson, Jouko Heikkila, Matteo Iaiani, Sokratis Katsikas, Minna Nissilä, Gabriele Oliva, Eleni Richter, Maaike Roelofs, Mehdi Saman Azari, Roberto Setola, Wouter Stejin, Alessandro Tugnoli, Dolf Vanderbeek, Lars Westerdahl, Marja Ylönen, Heather Young


Weitere Informationen

Premium Partner