Skip to main content

2024 | Buch

Critical Infrastructure Protection XVII

17th IFIP WG 11.10 International Conference, ICCIP 2023, Arlington, VA, USA, March 13–14, 2023, Revised Selected Papers

insite
SUCHEN

Über dieses Buch

The information infrastructure – comprising computers, embedded devices, networks and software systems – is vital to operations in every sector: chemicals, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, financial services, food and agriculture, government facilities, healthcare and public health, information technology, nuclear reactors, materials and waste, transportation systems, and water and wastewater systems. Global business and industry, governments, indeed society itself, cannot function if major components of the critical information infrastructure are degraded, disabled or destroyed.

Critical Infrastructure Protection XVII describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include:

Themes and IssuesSmart Grid Risks and ImpactsNetwork and Telecommunications Systems SecurityInfrastructure SecurityAutomobile Security

This book is the seventeenth volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of eleven edited papers from the Seventeenth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, which was held at SRI International, Arlington, Virginia, USA in the spring of 2023.

Critical Infrastructure Protection XVII is an important resource for researchers, faculty members and graduate students, as well as for as well as for policy makers, practitioners and other individuals with interests in homeland security.

Inhaltsverzeichnis

Frontmatter

Themes and Issues

Redefining Homeland Security
Abstract
Definitions are important, especially in the U.S. federal government. They are the basis of laws that justify budgets, fund programs and determine capabilities. However, definitions are notoriously difficult to cast because they must contend with exceptions and changing circumstances. This is the case with the U.S. definition of homeland security.
Despite its importance, the definition of homeland security has languished for years. The definition posted on the U.S. Department of Homeland Security website is a throwback to the original 2002 definition and apparently ignores the lessons of history that demonstrate it is deficient. In 2007, the U.S. Congress passed a law mandating a Quadrennial Homeland Security Review to prevent future lapses in homeland security. However, the definition that emerged from the first review in 2010 persists. Although it improves on the original 2002 definition, it does not adequately consider new and resurgent threats that face the nation.
This chapter examines various definitions of homeland security, discusses why they are inadequate and proposes a new definition that is accurate and concise. A good definition is important to help shape the U.S. Department of Homeland Security mission, set priorities, justify budgets and ensure that programs are successful.
Richard White

Smart Grid Risks and Impacts

Frontmatter
Smart-Grid-Enabled Business Cases and the Consequences of Cyber Attacks
Abstract
The introduction of smart metering systems is a paradigm shift for the power grid. New business cases such as virtual power plants and local flexibility markets are evolving. Security risks and the potential consequences of smart-grid-enabled business cases have been assessed by researchers. However, the research efforts have not ranked the business cases according to their potential disruptive consequences, which makes it difficult to prioritize risk reduction measures.
This chapter describes the results of a survey of market players that sought to rank smart-grid-enabled business cases based on their perceptions of cyber attack consequences. As expected, the consequence perceptions of the market players vary considerably between the business cases. Consequence scenarios suggested by the market players are employed to explain the highest-ranked business cases, which include digital twins, remote access to smart meter circuit breakers, and grid flexibility and balance management. The survey results can support governments and market players in assessing power grid risk and prioritizing risk reduction measures.
Øyvind Toftegaard, Doney Abraham, Sujeet Shenoi, Bernhard Hämmerli
Consequence Verification During Risk Assessments of Smart Grids
Abstract
The transformation of conventional power grids to smart grids over the past decade has led to increased exposure to cyber attacks. Understanding the impacts of cyber attacks is essential to selecting appropriate mitigation strategies.
This research examines the evolution in the understanding of the consequences of cyber attacks on smart grids. It has explored the literature on consequence verification during risk assessments of smart grids from 2009 to 2023. A total of 839 articles were collected. After filtering duplicate and irrelevant articles, deep content analysis yielded 125 articles that assessed cyber risks to smart grids, with 67 of them also focusing on real consequence verification. Further study identified 23 smart-grid-enabled business areas impacted by cyber risks and six methods for verifying the real consequences of cyber attacks on smart grids. Real consequence verification is important because it helps identify the most critical smart grid vulnerabilities and prioritizes efforts for mitigating cyber attacks and their negative impacts.
Doney Abraham, Øyvind Toftegaard, Alemayehu Gebremedhin, Sule Yayilgan
Measuring the Impacts of Power Outages on Internet Hosts in the United States
Abstract
Power outages are a well-known threat to Internet communications systems. While Internet service providers address this threat via backup power systems in datacenters and points-of-presence, office buildings and private homes may not have similar capabilities.
This chapter describes an empirical study that assesses how power outages in the United States impact end-host access to the Internet. To conduct this study, the PowerPing system was created to monitor a power outage reporting website and measure end-host responsiveness in the impacted areas. PowerPing collected power outage and end-host responsiveness data over 14 months from June 2020 through July 2021.
The results reveal that power outages affecting 10% or more customers in U.S. counties occur at a rate of about 50 events/day. The outages typically impact about 3,000 customers and services are restored in just under two hours. The end-host responsiveness characteristics for typical power outage events are also reported. Surprisingly, only a weak correlation exists between power outage impacts and service restoration periods versus end-host responsiveness. This suggests that improving backup power for network devices in office buildings and private homes may enable end-hosts to maintain access to Internet service during typical power outages.
Scott Anderson, Tucker Bell, Patrick Egan, Nathan Weinshenker, Paul Barford

Network and Telecommunications Systems Security

Frontmatter
Analyzing Discrepancies in Whole-Network Provenance
Abstract
Data provenance describes the origins of a digital object. This information is particularly useful when analyzing distributed workflows because extant tools, such as debuggers and application profilers, do not support tracing through heterogeneous executions that span multiple hosts. In a decentralized system, each host maintains the authoritative record of its own activity in the form of a dependency graph. Reconstructing the provenance of an object may involve the assembly of subgraphs from multiple, independently-administered hosts. The collection of host-specific dependencies coupled with cross-host flows comprise the whole-network provenance, which can grow to terabytes for a small network.
Critical infrastructure assets face constant attacks and despite best efforts, some attacks, such as those leveraging zero-day exploits, succeed. Whole-network provenance has become a common basis for post-attack forensic analyses with the creation of DARPA’s Transparent Computing Program. This chapter describes and analyzes aspects of distributed querying, caching and response discrepancy detection used in forensic analyses that are specific to provenance.
Raza Ahmad, Aniket Modi, Eunjin Jung, Carolina de Senne Garcia, Hassaan Irshad, Ashish Gehani
A Contextual Integrity Property to Impede Privacy Violations in 5G Networks
Abstract
The privacy of information transmitted between user equipment and radio nodes in 5G networks is preserved using encrypted channels. However, this single point of failure would expose the identities and, potentially, locations of network users if a vulnerability were to be discovered and exploited.
This chapter presents a consensus algorithm that adds an additional layer of defense in the 5G standard. The algorithm leverages access to the 5G control network by multiple radio nodes in an administrative area to control the mobility of agents that can connect with user equipment. The algorithm is designed to decrease the likelihood of privacy violations by an international mobile subscriber identity catcher should a vulnerability be found in the 5G-AKA protocol. The algorithm is formalized using the \(\pi \)-calculus to create a contextual integrity property, and is verified using \(\pi \)-calculus equivalence relations.
James Wright, Stephen Wolthusen

Infrastructure Security

Frontmatter
Modeling and Assessing the Impacts of Cyber Threats on Interdependent Critical Infrastructures
Abstract
Critical infrastructures are complex networks with physical, geographical, logical and cyber interdependencies whose disruption can cause serious impacts to citizenry and society. Meanwhile, the use of information and communications technology to manage physical processes in critical infrastructure assets has significantly increased their cyber attack surfaces. The increased threats have led to the creation of national and international cyber security agencies to promote awareness of cyber threats and coordinate responses to cyber attacks.
In 2019, Italy set up the National Security Perimeter for Cyber, a regulatory construct that stipulates measures for guaranteeing the safety and security of public and private entities that provide essential functions and services. The law associated with the regulatory construct requires the covered entities to accurately describe their networks, information and communications technology systems and related services. The 2021 Italian legislation that established the National Cybersecurity Agency requires all National Security Perimeter for Cyber entities to inform the national agency about their assets. The National Cybersecurity Agency also collects detailed infrastructure information as well as reports about cyber attacks from the entities.
This chapter describes an ongoing research effort that supports Italian legislative requirements. In particular, it demonstrates how the consequences of cyber threats can be assessed in complex scenarios using an agent-based simulator that evaluates the National Cybersecurity Agency model under ransomware and distributed-denial-of-service attacks on interconnected Italian infrastructures.
Valeria Bonagura, Chiara Foglietta, Stefano Panzieri, Massimiliano Rossi, Riccardo Santini, Monica Scannapieco, Luisa Franchina
Security-Enhanced Orchestration Platform for Building Management Systems
Abstract
A building management system is an infrastructure asset that operates critical building components such as water supply management, electric power monitoring and heating, ventilation and air conditioning systems. Internet of Things devices are increasingly employed in building management systems for efficient operations. The Message Queuing Telemetry Transport protocol is commonly used for communications when integrating these devices. However, each device is typically isolated and has its own platform and management dashboard. The isolation and heterogeneity hinder device visibility and render it challenging to monitor and respond to abnormal conditions, including those induced by cyber attacks.
This chapter describes a security-enhanced orchestration platform for building management systems. The orchestration platform receives a variety of data from building systems and Internet of Things devices to provide situation awareness and support efficient operation. The integration of novel device auto-recovery and auto-isolation functionality in the orchestration platform enables the monitoring and mitigation of cyber attacks.
Raymond Chan, Wye Kaye Yan, Jung Man Ma, Kai Mun Loh, Tan Yu, Malcolm Low, Habib Rehman, Thong Chee Phua
Practical Deep Neural Network Protection for Unmodified Applications in Intel Software Guard Extension Environments
Abstract
Trusted computing, often referred to as confidential computing, is an attempt to enhance the trust of modern computer systems through a combination of software and hardware mechanisms. The area increased in popularity after the release of the Intel Software Guard Extensions software development kit, enabling industry actors to create applications compatible with the interfaces required to leverage secure enclaves. However, the prime choices of users are still libraries and solutions that facilitate code portability to Software Guard Extension environments without any modifications to native applications. While these have proved effective at eliminating additional development costs, they inherit all the security concerns for which Software Guard Extensions has been criticized.
This chapter proposes a split computing method to enhance the privacy of deep neural network models outsourced to trusted execution environments. The key metric that guides the approach is split computing performance that does not involve architectural modifications to deep neural network models. The model partitioning method enables stricter security guarantees while producing negligible levels of overhead. This chapter also discusses the challenges involved in developing a pragmatic solution against established Intel Software Guard Extensions attacks. The results demonstrate that the method introduces negligible performance overhead and reliably secures the outsourcing of deep neural network models.
Dee Meng Kang, Haadee Faahym, Souhail Meftah, Sye Loong Keoh, Mi Mi Aung Khin

Automobile Security

Frontmatter
A Cyber Security Analysis Methodology for Evaluating Automobile Risk Exposures
Abstract
Modern automobiles incorporate numerous sensors, actuators and electronic control units that work in concert to provide safe, efficient and comfortable driving experiences. Automobile convenience features introduce network connectivity via short-range wireless communications protocols and the Internet, potentially exposing the automobile electronics to remote attacks in addition to physical attacks. New attacks on modern automobiles are constantly being developed; their potential impacts range from inconvenience to severe injury and death.
This chapter describes a security analysis methodology for rapidly evaluating the risk exposures of modern automobiles. The methodology considers the automobile attack surfaces comprising the attack vectors that provide access to automobile targets and the potential impacts resulting from successful attacks on the accessed targets. Key features of the security analysis methodology are that it is holistic and rapid, and can be applied by individuals with limited expertise in automobile technologies and cyber security.
Kameron Tillman, Jason Staggs, Sujeet Shenoi
Real-Time Attack Detection in Modern Automobile Controller Area Networks
Abstract
Modern automobiles have numerous sensors, actuators and electronic systems interconnected via internal sub-networks that are not designed with security in mind. This chapter describes a novel real-time system that employs long short-term memory networks to monitor automobile controller area networks, detect attacks and raise alerts. A repeatable design framework is employed to construct and train multiple long short-term memory networks to recognize normal controller area network message timing patterns. The framework lays out the computational resources as well as the data collection and preprocessing and long short-term memory network model development and training steps. Also, it enables new long short-term memory network models to be trained and updated for automobiles of different makes, models and years.
The attack detection system leverages a server-client configuration to monitor an automobile controller area network bus. The server is an inexpensive Raspberry Pi device connected directly to the automobile controller area network bus that captures, logs and transmits controller area network message traffic to a client via a Wi-Fi network. The client, a workstation located outside the automobile, provides the computational resources for real-time attack detection. Trained long short-term memory models executing on the client workstation analyze the received controller area network messages, identify attacks and send alerts via the Wi-Fi network. Experimental results using a 2010 Toyota Prius testbed and a fully-operational 2014 Toyota Prius automobile demonstrate the effectiveness of the real-time attack detection system.
Edward Martin, Sujeet Shenoi
Backmatter
Metadaten
Titel
Critical Infrastructure Protection XVII
herausgegeben von
Jason Staggs
Sujeet Shenoi
Copyright-Jahr
2024
Electronic ISBN
978-3-031-49585-4
Print ISBN
978-3-031-49584-7
DOI
https://doi.org/10.1007/978-3-031-49585-4