Skip to main content

Über dieses Buch

The information infrastructure - comprising computers, embedded devices, networks and software systems - is vital to day-to-day operations in every sector: information and telecommunications, banking and finance, energy, chemicals and hazardous materials, agriculture, food, water, public health, emergency services, transportation, postal and shipping, government and defense. Global business and industry, governments, indeed society itself, cannot function effectively if major components of the critical information infrastructure are degraded, disabled or destroyed.

Critical Infrastructure Protection describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: themes and issues; control systems security; infrastructure modeling and simulation; risk and impact assessment.

This book is the tenth volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of fourteen edited papers from the Tenth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, held at SRI International, Arlington, Virginia, USA in the spring of 2016.

Critical Infrastructure Protection is an important resource for researchers, faculty members and graduate students, as well as for policy makers, practitioners and other individuals with interests in homeland security.





Cyberspace and Organizational Structure: An Analysis of the Critical Infrastructure Environment

Now, more than ever, organizations are being created to protect the cyberspace environment. The ability of cyber organizations tasked to defend critical infrastructure assets has been called into question by numerous cyber security experts. Organizational theory states that organizations should be constructed to fit their operating environments properly. Little research in this area links organizational theory to cyber organizational structure. Because of the cyberspace connection to critical infrastructure assets, the factors that influence the structure of cyber organizations designed to protect these assets warrant analyses to identify opportunities for improvement.
This chapter examines the cyber-connected critical infrastructure environment using organizational structure theories. A multiple case study and content analysis involving 2,856 sampling units were employed to ascertain the level of perceived uncertainty in the environment (measured using the dimensions of complexity, dynamism and munificence). The results indicate that the general external environment of cyber organizations tasked to protect the critical infrastructure is highly uncertain and merits the implementation of organic structuring principles.
Michael Quigg, Juan Lopez, Mason Rice, Michael Grimaila, Benjamin Ramsey

Critical Infrastructure Asset Identification: Policy, Methodology and Gap Analysis

Critical infrastructure asset identification is a core component of the risk management process. Amidst growing concerns of terrorist and natural disaster threats to the critical infrastructure, it is imperative that public and private sector stakeholders understand exactly which assets are critical to national security in order to prioritize risk management efforts. Challenges to accomplishing this task are the difficulty in identifying exactly which assets are critical and comparing the risks to assets across the many critical infrastructure sectors. A proven method for critical infrastructure asset identification that meets these needs does not exist today. This chapter explores the critical infrastructure protection policy frameworks and requirements of the United States, European Union and other countries, and summarizes the key requirements and methodologies. The methodologies are analyzed against the outlined requirements. Based on this analysis, a new approach is presented for critical infrastructure asset identification and additional research using multi-criteria decision theory is proposed to resolve the challenges that have limited progress in this area.
Christine Izuakor, Richard White

Mitigating Emergent Vulnerabilities in Oil and Gas Assets via Resilience

This chapter discusses digital vulnerabilities and resilience in the Norwegian oil and gas infrastructure. The Norwegian oil and gas sector is a part of the European Union’s critical infrastructure because Norway supplies approximately 10% of the European Union’s oil and 30% of its gas. Hidden, dynamic and emergent risks are considered and resilience engineering is suggested as a framework for handling, recovering from and adapting to unexpected incidents.
Stig Johnsen

Legal Aspects of Protecting Intellectual Property in Additive Manufacturing

Additive manufacturing has emerged as a transformative technology that will play a significant role in the future. Also broadly known as 3D printing, additive manufacturing creates 3D objects by incrementally adding successive layers of materials. Whereas traditional manufacturing requires materials and customized components, molds and machinery, additive manufacturing merely requires materials and a 3D printer. Without the need for expensive customization, the entrance barriers for additive manufacturing are drastically lower than those for conventional manufacturing; overhead and maintenance costs are reduced, allowing for smaller, flexible and competitive business models. The decentralized market for production is also a decentralized market for piracy. In traditional manufacturing, the copying of a design can be readily traced to a source because an infringer would require an infrastructure for fabrication and a marketing platform for sales. However, in the decentralized additive manufacturing environment, there is neither a need for a specific infrastructure nor a marketing platform. This chapter focuses on legal solutions available to intellectual property owners in the United States for blueprints, objects and processes used in additive manufacturing. Also, it establishes a baseline for the current federal protection environment and outlines the principal issues encountered in protecting intellectual property.
Adam Brown, Mark Yampolskiy, Jacob Gatlin, Todd Andel



Practical Application Layer Emulation in Industrial Control System Honeypots

Attacks on industrial control systems and critical infrastructure assets are on the rise. These systems are at risk due to outdated technology and ad hoc security measures. As a result, honeypots are often deployed to collect information about malicious intrusions and exploitation techniques. While virtual honeypots mitigate the excessive cost of hardware-replicated honeypots, they often suffer from a lack of authenticity. In addition, honeypots utilizing a proxy to a live programmable logic controller suffer from performance bottlenecks and limited scalability. This chapter describes an enhanced, application layer emulator that addresses both limitations. The emulator combines protocol-agnostic replay with dynamic updating via a proxy to produce a device that is easily integrated into existing honeypot frameworks.
Kyle Girtz, Barry Mullins, Mason Rice, Juan Lopez

Lightweight Journaling for Scada Systems via Event Correlation

Industrial control systems are not immune to cyber incidents. However, the support for incident responders and forensic investigators is low. In particular, there are limited journaling capabilities for operator actions. Barring the preservation of full packet captures and operator workstation security logs, which can generate unmanageable amounts of data on production networks, it is generally not possible to attribute control events (e.g., opening a valve or operating a breaker) to individual operators. This information can be necessary to perform security investigations, especially in cases involving malicious insider activities. This chapter presents a lightweight journaling system for SCADA networks based on event correlation. By correlating network events and operating system logs, a journal is generated of all Modbus protocol write events along with the usernames of the operators who performed the actions. The journal is much more compact than a full packet capture, achieving compression ratios of around 570 to 1 in conservative conditions and more than 2,000 to 1 in typical operating conditions, allowing for the preservation of valuable information for security investigations.
Antoine Lemay, Alireza Sadighian, Jose Fernandez

Forensic Analysis of a Siemens Programmable Logic Controller

Programmable logic controllers are widely used in industrial control systems and supervisory control and data acquisition (SCADA) systems. As the potential of cyber attacks on programmable logic controllers increase, it is important to develop robust digital forensic techniques for investigating potential security incidents involving programmable logic controllers. This chapter focuses on the logging mechanism of a Siemens programmable logic controller, specifically the Siemens Total Integrated Automation Portal V13 program (Siemens TIA Portal, also called Siemens Step-7).
Raymond Chan, Kam-Pui Chow

Division of Cyber Safety and Security Responsibilities Between Control System Owners and Suppliers

The chapter discusses the important issue of responsibility for information and communications technology (ICT) – or cyber – safety and security for industrial control systems and the challenges involved in dividing the responsibility between industrial control system owners and suppliers in the Norwegian electric power supply industry. Industrial control system owners are increasingly adopting information and communications technologies to enhance business system connectivity and remote access. This integration offers new capabilities, but it reduces the isolation of industrial control systems from the outside world, creating greater security needs. The results of observation studies indicate that Norwegian power network companies and industrial control system suppliers have contributed to the creation of a culture that does not focus on information and communications systems safety and security. The increased use of standards and guidelines can help improve cooperation between industrial control system owners and suppliers. Norwegian industrial control system owners should also implement a culture change in their organizations and should attempt to influence the safety and security culture of their suppliers. Power network companies need to place information and communications systems safety and security on par with operational priorities and they need to become more vocal in demanding secure products from their suppliers.
Ruth Skotnes



Multigraph Critical Infrastructure Model

Interdependencies between critical infrastructures have been studied widely, but largely at the abstract and structural levels with an emphasis on large infrastructure networks and frequently their stochastic properties. However, an in-depth understanding of infrastructure interdependencies and the likely impact of degradation of selected elements are important for an adversary intent on maximizing attack efficiency. This chapter describes a simple multigraph model for several classes of interdependent critical infrastructure elements and an attack tree model with attribute domains extended by acyclic phase-type distributions to capture temporal dependencies. The efficacy of this modeling approach is demonstrated via a case study involving regional interdependent infrastructures that include the electric power, water and telecommunications sectors in a bounded region. The case study uses extensive simulations to demonstrate that an adversary with access only to publicly-available information and the ability to analyze a multigraph model can cause severe harm.
Bernhard Schneidhofer, Stephen Wolthusen

Enhancing Decision Support with Interdependency Modeling

Economic well-being and the social fabric are tightly linked to the critical infrastructure, which includes electric power grids, gas pipelines and telecommunications, transportation, water supply and waste disposal systems. During a disaster, these lifeline systems must, at the very least, quickly recover to provide acceptable levels of service. However, critical infrastructure assets incorporate physical and electronic networks that are interdependent within and across multiple domains, causing unpredictable consequences during adverse events and restoration processes. Therefore, it is mandatory to understand the overall risks that disasters pose to the critical infrastructure in order to recover from these situations.
This chapter demonstrates how decision support for critical infrastructure assets during emergencies can be enhanced using interdependency modeling. A complex, realistic scenario involving four interconnected infrastructures is used as a case study. The results are validated with the assistance of key stakeholders such as Italian emergency personnel and electric utility operators.
Dario Masucci, Cosimo Palazzo, Chiara Foglietta, Stefano Panzieri

Integrating Simulated Physics and Device Virtualization in Control System Testbeds

Malware and forensic analyses of embedded cyber-physical systems are tedious, manual processes that testbeds are commonly not designed to support. Additionally, attesting the physics impact of embedded cyber-physical system malware has no formal methodologies and is currently an art. This chapter describes a novel testbed design methodology that integrates virtualized embedded industrial control systems and physics simulators, thereby supporting malware and forensic analyses of embedded cyber-physical systems without risks. Unlike existing hardware-based testbeds, the resulting soft industrial control system testbeds are portable, distributable and expandable by design. However, embedded system virtualization is non-trivial, especially at the firmware level, and solutions vary widely depending on the embedded system architectures and operating systems. This chapter discusses how the proposed methodology overcomes the challenges to virtualizing embedded systems and explores the benefits via a proof-of-concept implementation involving a Siemens MJ-XL variable step voltage regulator control panel.
Owen Redwood, Jason Reynolds, Mike Burmester

A Multidisciplinary Predictive Model for Managing Critical Infrastructure Disruptions

When communities are subjected to disruptive events, their response structure is composed of two interconnected systems: (i) a formal professional system that includes emergency services and auxiliary services professionals; and (ii) an ad hoc system formed by community members when the professional response is delayed or is inadequate. The community system typically persists until the professional system is able to take over completely. As the role of the community as responder is not well understood, community systems are often underutilized or even discouraged; this reduces the overall response efficacy. Improved understanding of the interplay between these systems could help ensure an effective overall response to disruptions.
This chapter describes an integrated, multidisciplinary model of the interactions between the two systems during disruptive events and their influence on capacity and recovery. The model studies how the systems influence and enable community resilience in the context of three Department of Homeland Security defined sectors: emergency services, information technology and communications. The methodology combines agent-based modeling with cellular automata and illustrates the interplay between and among the people and systems that make up a community, the role of the community as responder and the impact of varying community resources and response capabilities. The model is designed to be transferable to a variety of disaster types and a hierarchy of jurisdictions (local, regional, state, national and international).
Carol Romanowski, Rajendra Raj, Jennifer Schneider, Sumita Mishra, Bernard Brooks, Jessica Pardee, Bharat Bhole, Nikolaus Robalino



Towards a Comparable Cross-Sector Risk Analysis: RAMCAP Revisited

The search for a uniform risk analysis approach for critical infrastructures has prompted a reexamination of the Risk Analysis and Management for Critical Asset Protection (RAMCAP) methodology to see if it can accommodate emerging threats from climate change, aging infrastructure and cyber attacks. This chapter examines the challenges involved in taking a site-specific formulation and turning it into a general model capable of analyzing performance under a full range of simulated conditions. The AWWA J100-10 standard provides the blueprint for a basic RAMCAP model that calculates risk as an attenuation of consequences via probability estimates of vulnerability, threat, resilience and countermeasures. The RAMCAP model was subjected to varying scenario loads in deterministic simulations that examined all hypothetical conditions and probabilistic simulations that examined likely conditions. RAMCAP performance was measured by the average net benefit and represented by the distribution of component values. Contrary to expectations, RAMCAP performance did not improve as the number of scenarios increased in the simulations. The methods and results of this study may hold implications for other critical infrastructure risk methodologies that are based on consequence, threat and vulnerability.
Richard White, Aaron Burkhart, Terrance Boult, Edward Chow

Classification and Comparison of Critical Infrastructure Protection Tools

Modeling and analysis of critical infrastructure interdependencies is a research area that has attracted considerable interest. Interdependency and risk analyses can be computationally intensive, but can also yield useful results that enhance risk assessments and offer risk mitigation alternatives. Unfortunately, many tools and methodologies are left unsupported and are forgotten soon after the projects that developed them terminate.
This chapter attempts to identify and classify many existing tools and frameworks to create a common baseline for threat identification and risk assessment. It also compares their attributes and technologies in creating a taxonomy. Conceptual and qualitative studies about infrastructure interdependencies along with modeling and simulation approaches are examined. The comparison is based on two aspects: the purpose that each tool serves and its technical modeling approach. This work attempts to aid the industrial control system security community by acting as a single point of reference and drawing attention to possible modeling combinations to enable researchers to identify and construct complex combined solutions that yield better results. The analysis suggests that future research should address risk mitigation through qualitative rather than quantitative analyses. The contributions can be maximized by developing holistic meta-tools or focusing entirely on specific problems.
George Stergiopoulos, Efstratios Vasilellis, Georgia Lykou, Panayiotis Kotzanikolaou, Dimitris Gritzalis
Weitere Informationen

Premium Partner