Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top

2022 | Book

NATIONAL CYBER RESILIENCE AND ROLES FOR PUBLIC AND PRIVATE SECTOR STAKEHOLDERS Read chapter Read first chapter

Critical Infrastructure Protection XVI

16th IFIP WG 11.10 International Conference, ICCIP 2022, Virtual Event, March 14–15, 2022, Revised Selected Papers

Editors: Jason Staggs, Sujeet Shenoi

Publisher: Springer Nature Switzerland

Book Series : IFIP Advances in Information and Communication Technology

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access
insite
SEARCH

About this book

The information infrastructure – comprising computers, embedded devices, networks and software systems – is vital to operations in every sector: chemicals, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, financial services, food and agriculture, government facilities, healthcare and public health, information technology, nuclear reactors, materials and waste, transportation systems, and water and wastewater systems. Global business and industry, governments, indeed society itself, cannot function if major components of the critical information infrastructure are degraded, disabled or destroyed.

Critical Infrastructure Protection XVI describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: Industrial Control Systems Security; Telecommunications Systems Security; Infrastructure Security.

This book is the 16th volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection.

The book contains a selection of 11 edited papers from the Fifteenth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, held as a virtual event during March, 2022.

Critical Infrastructure Protection XVI is an important resource for researchers, faculty members and graduate students, as well as for policy makers, practitioners and other individuals with interests in homeland security.

Table of Contents

Frontmatter

Themes and Issues

Frontmatter
NATIONAL CYBER RESILIENCE AND ROLES FOR PUBLIC AND PRIVATE SECTOR STAKEHOLDERS
Abstract
Modern nations are dependent on cyberspace, specifically, on information technology, data communications, smart mobile devices and other globally-connected and computing-enabled services. The dependence includes government operations, national defense, critical infrastructure and economic prosperity. However, cyberspace is subject to accidental disruptions and malicious attacks from a wide variety of sources. Therefore, to ensure resilient functioning, every nation must possess a resilient cyberspace. This chapter describes a model for large-scale (regional to national) resilience of cyberspace, describes mechanisms for applying the model to improve overall national resilience and identifies key stakeholders for implementing the mechanisms in the United States.
Neal Ziring
ARE EUROPEAN SECURITY POLICIES READY FOR ADVANCED METERING SYSTEMS WITH CLOUD BACK-ENDS?
Abstract
Advanced metering systems deployed in Europe are enablers of distributed power production where prosumers can feed surplus energy into the grid. Successfully managing complex energy systems requires real-time data access, flexible production and rapid demand response. The accompanying need for data storage capacity and processing power has rendered cloud services an attractive option. However, at this time, European cyber security legislation related to advanced metering systems does not reflect the broad usage of cloud technology.
This chapter describes an advanced metering system reference model based on the cloud profiles of five distribution grid operators. It identifies cloud-related gaps in current European Union cyber security legislation applicable to advanced metering systems. The gaps are identified via a holistic mapping of security principles from prominent cloud security frameworks to existing European Union legislation. A novel, advanced metering system security policy framework that covers all the identified cloud security gaps is specified. The security policy framework is an important first step towards cloud-ready security legislation for advanced metering systems. Authorities overseeing cyber security and energy resources can employ the policy framework as a starting point for a broad debate among the various stakeholders to institute cloud-ready security policies for advanced metering systems.
Oyvind Toftegaard, Janne Hagen, Bernhard Hämmerli

Industrial Control Systems Security

Frontmatter
IMPORTANCE OF CYBER SECURITY ANALYSIS IN THE OPERATIONAL TECHNOLOGY SYSTEM LIFECYCLE
Abstract
This research focuses on the importance of cyber security analysis in the operational technology system lifecycle. Specifically, cyber security issues are analyzed when using information technology workstations to manage modern safety instruments that are critical components of safety instrumented systems. Attack paths and security controls in real-world industrial control safety system architectures typically used in the oil and gas sector are examined to determine whether a safety-instrumented-system-mediated architecture could provide better protection against unauthorized and malicious safety instrument configuration changes than a multiplexer-mediated architecture. The determination leveraged crafted assessment questions that were answered using standard cyber security assessment methods.
The research reveals that recurring vulnerabilities exist in all safety systems due to design issues in safety instruments, the Highway Addressable Remote Transducer protocol, third-party device management software and safety instrument management solutions. Additionally, device-native hardware write protection provides the best defense followed by safety instrumented system write protection. When using safety instrumented system security controls, a safety-instrumented-system-mediated architecture can protect against unauthorized device reconfigurations better than a multiplexer-mediated architecture. The key insight is that cyber security analyses commonly used in information technology systems must be adapted and used in the lifecycles of operational technology systems such as industrial control systems and safety instrumented systems to manage the safety risks induced by cyber attacks.
Laura Tinnel, Ulf Lindqvist
TRUSTED VIRTUALIZATION-BASED PROGRAMMABLE LOGIC CONTROLLER RESILIENCE USING A BACKFIT APPROACH
Abstract
Industrial control systems perform vital cyber-physical functions in critical infrastructure assets. Programmable logic controllers, which are prominently found in industrial control environments, execute the operational control logic of cyber-physical systems. Due to the continued escalation of cyber attacks targeting industrial control systems and programmable logic controllers, strengthening the trust and resilience of these systems is paramount.
This chapter proposes an approach that leverages virtualization, cryptographic attestation, software-defined networking, security orchestration and a proprietary programmable logic controller runtime application to advance programmable logic controller trust and resilience while facilitating integration in deployed systems. A proof-of-concept capability demonstrated on a physical industrial control system testbed validates the approach. The experimental results confirm that the approach is viable for industrial control applications.
James Cervini, Daniel Muller, Alexander Beall, Joseph Maurio, Aviel Rubin, Lanier Watkins

Additive Manufacturing Systems

Frontmatter
ATTACK-DEFENSE MODELING OF MATERIAL EXTRUSION ADDITIVE MANUFACTURING SYSTEMS
Abstract
The use of additive manufacturing in the critical infrastructure makes it an attractive target for cyber attacks. However, research on additive manufacturing threats has tended to focus on specific vulnerabilities and specific attacks against specific systems. The narrow scope hinders the understanding of the attack vectors that constitute the attack surfaces as well as the various targets and impacts of attacks. This results in vulnerabilities, potential attacks and countermeasures being overlooked during security analyses.
This research addresses the limitations by focusing on material extrusion, the most common additive manufacturing process. A material extrusion workflow (process chain) that comprehensively covers the design, slicing and printing phases is specified. Analysis of the workflow in conjunction with attack and defense frameworks yields attack-defense models for the three material extrusion phases. The attack-defense models, which specify the attack vectors, attack vector vulnerabilities and countermeasures, attack surfaces, system targets, target vulnerabilities and vulnerability countermeasures, and attacks and attack impacts, directly support risk identification, risk assessment and analysis, and risk mitigation and planning.
Three material extrusion printers ranging from hobbyist to industrial systems are used as case studies. Four attacks on the printers during the design, slicing and printing phases are described, including vulnerability identification, exploit development and countermeasures. The case studies demonstrate the effectiveness of attack-defense modeling and its ability to clarify and bolster the cyber security and risk management postures of material extrusion additive manufacturing environments.
Alyxandra Van Stockum, Elizabeth Kurkowski, Tiffany Potok, Curtis Taylor, Joel Dawson, Mason Rice, Sujeet Shenoi
MANIPULATION OF G-CODE TOOLPATH FILES IN 3D PRINTERS: ATTACKS AND MITIGATIONS
Abstract
Additive manufacturing or 3D printing is commonly used to create mission-critical parts in the critical infrastructure. This research focuses on threats that target the key slicing step of additive manufacturing, when design files that model part geometry are converted to G-code toolpath files that convey instructions for printing parts layer by layer. The research leverages a hitherto unknown slicing software vulnerability where G-code corresponding to part slices is stored as plaintext ASCII characters in heap memory during execution. The vulnerability was discovered in two open-source, full-featured slicing software suites that support many 3D printers.
Experiments with a toolkit developed to target slicing software in real time demonstrate that the attacks are surreptitious and fine-grained. Two attacks, temperature modification and infill exclusion, performed against G-code generated for fused filament fabrication printers demonstrate the ability to sabotage printed parts as well as print environments. Although the vulnerability can be mitigated using strong authentication and access controls along with G-code obfuscation, the ability to automate surreptitious, fine-grained attacks that degrade printed parts in ways that are imperceptible to the human eye and undetectible by nondestructive testing methods is a serious concern.
Elizabeth Kurkowski, Alyxandra Van Stockum, Joel Dawson, Curtis Taylor, Tricia Schulz, Sujeet Shenoi
DETECTING PART ANOMALIES INDUCED BY CYBER ATTACKS ON A POWDER BED FUSION ADDITIVE MANUFACTURING SYSTEM
Abstract
Additive manufacturing systems are highly vulnerable to cyber attacks that sabotage parts and print environments during the designing, slicing and printing steps of the process chains. Due to the complex cyber-physical nature of additive manufacturing systems, cyber attacks are difficult to detect and mitigate, and impossible to eliminate entirely. Therefore, it is imperative to develop rapid and reliable non-destructive testing methods for detecting anomalies in printed parts.
This chapter describes a novel anomaly detection method developed for a selective laser sintering type of powder bed fusion system. The method does not engage computing-intensive machine learning to detect anomalies, relying instead on three side channels, print bed movement, laser firing time and print chamber temperature, that underlie the physics of selective laser sintering. The side channels provide adequate detection coverage while reducing the sensor requirements; they are also robust to noise, which enhances the detection of printed part anomalies. Experimental results demonstrate the efficacy of the anomaly detection method under attacks that target the mechanical properties of printed parts. The cost of the sensors and peripheral devices is minimal and anomaly detection for each test part requires less than three seconds.
Elizabeth Kurkowski, Mason Rice, Sujeet Shenoi
LOW-MAGNITUDE INFILL STRUCTURE MANIPULATION ATTACKS ON FUSED FILAMENT FABRICATION 3D PRINTERS
Abstract
As 3D printing applications in industry verticals increase, researchers have been developing new attacks on additive manufacturing processes and appropriate defense techniques. A major attack category on additive manufacturing processes is printed object sabotage. If an attack causes obvious deformations, the part will be rejected before it is used. However, the inherent layer-by-layer printing process enables malicious actors to induce hidden defects in the internal layers of finished parts. The stealthiness of an attack increases its chances of evading detection and the printed part being used in an operational environment where it can cause harm. Several detection schemes have been proposed for identifying attacks on external and internal features of printed objects, but all these schemes have detection thresholds that are well above printer accuracy. Reducing the attack magnitude to the order of printer accuracy can evade detection.
This chapter describes two infill structure manipulation attacks that are easy to launch at the cyber-physical boundary and evade conventional cyber security tools by employing subtle printed part variations below the detection horizon. Specifically, the magnitudes of the variations fall within the printer resolution and trueness values, rendering it challenging for detection schemes to differentiate printed part modifications from benign printing errors. Destructive testing demonstrates that the infill structure manipulation attacks consistently reduce the strength of printed parts. This chapter also highlights the need to incorporate the physical characteristics of printed parts in attack detection.
Muhammad Haris Rais, Muhammad Ahsan, Vaibhav Sharma, Radhika Barua, Rob Prins, Irfan Ahmed

Infrastructure Device Security

Frontmatter
LEVERAGING CONFIDENTIAL COMPUTING TO ENABLE SECURE INFORMATION SHARING
Abstract
The emergence of the RISC-V Instruction Set Architecture incentivizes the critical infrastructure protection community to consider the use of emerging open-source security mechanisms to facilitate secure information sharing. An exemplar is Keystone, a Confidential Computing Consortium project, that offers an accessible open-source framework for building trustworthy secure hardware enclaves based on the RISC-V Instruction Set Architecture.
This chapter describes an attempt at extending Keystone to the HiFive Unmatched development platform and proposes enclave application development to effectively and affordably supplement deployed supervisory control and data acquisition devices with secure information sharing capabilities. Since the implementation of confidential computing principles axiomatically degrades real-time performance, the performance of supervisory control and data acquisition devices must be characterized to ensure that the devices enhanced with trusted execution environments meet operational requirements while supporting critical infrastructure operations with secure information sharing capabilities.
Samuel Chadwick, Scott Graham, James Dean, Matthew Dallmeyer
EVALUATING THE USE OF BOOT IMAGE ENCRYPTION ON THE TALOS II ARCHITECTURE
Abstract
Critical infrastructure devices operating in unprotected end-node environments are vulnerable to malicious actors who conduct hardware attacks such as reverse engineering and side-channel analysis. Boot data is rarely encrypted and typically travels across an accessible bus, enabling the data to be easily intercepted during system start-up. Encrypting the firmware would make reverse engineering extremely difficult for malicious actors and competitors. It would improve the effectiveness of tamper detection methods and deter zero-day vulnerability discovery. Increasing boot security could be a fundamental part of decreasing attack surfaces across the critical infrastructure sectors.
This chapter describes a Talos II architecture implementation that encrypts a section of the boot image and decrypts it during initial program load. During power-on, the encrypted image travels across the Low Pin Count bus into a POWER9 module Level 3 cache and is decrypted in the processor. Boot image encryption is implemented using ciphers of different strengths. An analysis of their efficiency is conducted to determine the optimal algorithm.
Calvin Muramoto, Scott Graham, Stephen Dunlap

Telecommunications Systems Security

Frontmatter
SECURING INFINIBAND TRAFFIC WITH BLUEFIELD-2 DATA PROCESSING UNITS
Abstract
InfiniBand is employed in applications outside of high performance computing, including in critical infrastructure assets. This requires efforts at securing InfiniBand networks with encryption and packet inspection. Unfortunately, the performance benefits realized via the use of remote direct memory access by InfiniBand are at odds with many kernel-stack-based IP datagram encryption and network monitoring technologies. As a result, it is necessary to offload these tasks to other hardware. A promising candidate is the NVIDIA Mellanox Bluefield-2 data processing unit, which combines high-performance processors, network interfaces and flexible hardware accelerators, and runs a tailored version of Linux that provides several network management applications.
This chapter characterizes the ability of Bluefield-2 data processing units to encrypt and monitor remote direct memory access traffic. The results demonstrate that the hardware accelerators of Bluefield-2 data processing units can support throughputs of nearly 86 Gbps when encrypting remote direct memory access over Converged Ethernet Version 2 traffic with Internet Protocol security (IPsec) encryption. Offloading IPsec encryption to the hardware accelerators on Bluefield-2 data processing units is a promising method for achieving confidentiality, integrity and authentication in InfiniBand networks with minimal interaction from host processors.
Noah Diamond, Scott Graham, Gilbert Clark
Metadata
Title
Critical Infrastructure Protection XVI
Editors
Jason Staggs
Sujeet Shenoi
Copyright Year
2022
Electronic ISBN
978-3-031-20137-0
Print ISBN
978-3-031-20136-3
DOI
https://doi.org/10.1007/978-3-031-20137-0

Premium Partner

    Image Credits