Mikaëla Ngamboé , Xiao Niu , Benoit Joly , Steven P. Biegler , Paul Berthier , Rémi Benito , Greg Rice , José M. Fernandez , Gabriela Nicolescu
{"title":"CABBA: Compatible Authenticated Bandwidth-efficient Broadcast protocol for ADS-B","authors":"Mikaëla Ngamboé , Xiao Niu , Benoit Joly , Steven P. Biegler , Paul Berthier , Rémi Benito , Greg Rice , José M. Fernandez , Gabriela Nicolescu","doi":"10.1016/j.ijcip.2024.100728","DOIUrl":"10.1016/j.ijcip.2024.100728","url":null,"abstract":"<div><div>The Automatic Dependent Surveillance-Broadcast (ADS-B) is a surveillance technology mandated in many airspaces. It improves safety, increases efficiency and reduces air traffic congestion by broadcasting aircraft navigation data. Yet, ADS-B is vulnerable to spoofing attacks as it lacks mechanisms to ensure the integrity and authenticity of the data being supplied. None of the existing cryptographic solutions fully meet the backward compatibility and bandwidth preservation requirements of the standard. Hence, we propose the Compatible Authenticated Bandwidth-efficient Broadcast protocol for ADS-B (CABBA), an improved approach that integrates TESLA, phase-overlay modulation techniques and certificate-based PKI. As a result, entity authentication, data origin authentication, and data integrity are the security services that CABBA offers. To assess compliance with the standard, we designed an SDR-based implementation of CABBA and performed backward compatibility tests on commercial and general aviation (GA) ADS-B in receivers. Besides, we calculated the 1090ES band’s activity factor and analyzed the channel occupancy rate according to ITU-R SM.2256-1 recommendation. Also, we performed a bit error rate analysis of CABBA messages. The results suggest that CABBA is backward compatible, does not incur significant communication overhead, and has an error rate that is acceptable for Eb/No values above 14 dB.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"48 ","pages":"Article 100728"},"PeriodicalIF":4.1,"publicationDate":"2024-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143167953","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Seyed Ali Alavi, Hamed Pourvali Moghadam, Amir Hossein Jahangir
{"title":"Beyond botnets: Autonomous Firmware Zombie Attack in industrial control systems","authors":"Seyed Ali Alavi, Hamed Pourvali Moghadam, Amir Hossein Jahangir","doi":"10.1016/j.ijcip.2024.100729","DOIUrl":"10.1016/j.ijcip.2024.100729","url":null,"abstract":"<div><div>This paper introduces a novel cyberattack vector called the ”Autonomous Firmware Zombie Attack.” Unlike traditional zombie attacks that rely on botnets and direct network control, this method enables attackers to covertly modify the firmware of substation Intelligent Electronic Devices (IEDs) and other firmware-based appliances, including critical industrial equipment, without requiring an active network connection, leaving minimal trace and making an offensive attack with only one infected device instead of a set of multiple devices in botnets. Unlike conventional cyber threats, this method allows attackers to manipulate devices to cause substantial damage while leaving minimal trace, thus evading traditional detection techniques. This study demonstrates the potential of the Autonomous Firmware Zombie Attack (AFZA), which causes substantial damage while evading conventional detection techniques. We first run such an attack on a series of IEDs as proof of concept for this issue. Then, we compare this approach to traditional remote control attacks, highlighting its unique advantages and implications for industrial control system security. This research underscores the critical need for a robust cybersecurity framework tailored to industrial control systems and advances our understanding of the complex risk landscape threatening critical infrastructures.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"48 ","pages":"Article 100729"},"PeriodicalIF":4.1,"publicationDate":"2024-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143167813","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ömer Sen , Bozhidar Ivanov , Christian Kloos , Christoph Zöll , Philipp Lutat , Martin Henze , Andreas Ulbig , Michael Andres
{"title":"Simulation of multi-stage attack and defense mechanisms in smart grids","authors":"Ömer Sen , Bozhidar Ivanov , Christian Kloos , Christoph Zöll , Philipp Lutat , Martin Henze , Andreas Ulbig , Michael Andres","doi":"10.1016/j.ijcip.2024.100727","DOIUrl":"10.1016/j.ijcip.2024.100727","url":null,"abstract":"<div><div>The power grid is a vital infrastructure in modern society, essential for ensuring public safety and welfare. As it increasingly relies on digital technologies for its operation, it becomes more vulnerable to sophisticated cyber threats. These threats, if successful, could disrupt the grid’s functionality, leading to severe consequences. To mitigate these risks, it is crucial to develop effective protective measures, such as intrusion detection systems and decision support systems, that can detect and respond to cyber attacks. Machine learning methods have shown great promise in this area, but their effectiveness is often limited by the scarcity of high-quality data, primarily due to confidentiality and access issues.</div><div>In response to this challenge, our work introduces an advanced simulation environment that replicates the power grid’s infrastructure and communication behavior. This environment enables the simulation of complex, multi-stage cyber attacks and defensive mechanisms, using attack trees to map the attacker’s steps and a game-theoretic approach to model the defender’s response strategies. The primary goal of this simulation framework is to generate a diverse range of realistic attack data that can be used to train machine learning algorithms for detecting and mitigating cyber attacks. Additionally, the environment supports the evaluation of new security technologies, including advanced decision support systems, by providing a controlled and flexible testing platform.</div><div>Our simulation environment is designed to be modular and scalable, supporting the integration of new use cases and attack scenarios without relying heavily on external components. It enables the entire process of scenario generation, data modeling, data point mapping, and power flow simulation, along with the depiction of communication traffic, in a coherent process chain. This ensures that all relevant data needed for cyber security investigations, including the interactions between attacker and defender, are captured under consistent conditions and constraints.</div><div>The simulation environment also includes a detailed modeling of communication protocols and grid operation management, providing insights into how attacks propagate through the network. The generated data are validated through laboratory tests, ensuring that the simulation reflects real-world conditions. These datasets are used to train machine learning models for intrusion detection and evaluate their performance, specifically focusing on how well they can detect complex attack patterns in power grid operations.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"48 ","pages":"Article 100727"},"PeriodicalIF":4.1,"publicationDate":"2024-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143168301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Optimized unmanned aerial vehicle pathway system in disaster resilience network","authors":"Yi-Wei Ma, Desti Syuhada","doi":"10.1016/j.ijcip.2024.100726","DOIUrl":"10.1016/j.ijcip.2024.100726","url":null,"abstract":"<div><div>After a disaster, the interruption of networks in affected areas is a significant challenge, exacerbated by the malfunction of base stations and the complete absence of network infrastructure. Hence, the objective of this study is to achieve a systematic and well-supported path in the post-disaster system through the optimization of coverage area and the provision of high-quality service. Therefore, this study aims to enhance the extent of coverage and transmission efficiency by considering the specific needs of users to establish a logical and systematic flight path of Unmanned Aerial Vehicles (UAVs) in a post-disaster scenario. This study demonstrates a 12.7 % availability advantage over random methods that do not consider users and only generalize cluster length. This study optimizes the performance of the UAV by adjusting its altitude position best to meet the requirements of its coverage and transmission quality.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100726"},"PeriodicalIF":4.1,"publicationDate":"2024-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142748486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Filipe Apolinário , Nelson Escravana , Éric Hervé , Miguel L. Pardal , Miguel Correia
{"title":"FingerCI: Writing industrial process specifications from network traffic","authors":"Filipe Apolinário , Nelson Escravana , Éric Hervé , Miguel L. Pardal , Miguel Correia","doi":"10.1016/j.ijcip.2024.100725","DOIUrl":"10.1016/j.ijcip.2024.100725","url":null,"abstract":"<div><div>Critical infrastructures (CIs) are often targets of cyber-attacks, requiring accurate process specifications to identify and defend against incidents. However, discrepancies between these specifications and real-world CI conditions arise due to the costly process of manual specification by experts.</div><div>This paper introduces <span>FingerCI</span>, a method for automatically generating CI process specifications through network traffic analysis and physical behavior modeling. By defining a Specification Language that integrates with existing systems, <span>FingerCI</span> extracts industrial process specifications without infrastructure changes or downtime. The specifications include a behavior model that validates physical correctness.</div><div>We evaluated <span>FingerCI</span> on a digital twin of an airport baggage handling system, achieving 99.98% fitness to observed behavior. Our method improves cybersecurity and fault detection with high accuracy.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100725"},"PeriodicalIF":4.1,"publicationDate":"2024-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142703044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shah Khalid Khan , Nirajan Shiwakoti , Abebe Diro , Alemayehu Molla , Iqbal Gondal , Matthew Warren
{"title":"Space cybersecurity challenges, mitigation techniques, anticipated readiness, and future directions","authors":"Shah Khalid Khan , Nirajan Shiwakoti , Abebe Diro , Alemayehu Molla , Iqbal Gondal , Matthew Warren","doi":"10.1016/j.ijcip.2024.100724","DOIUrl":"10.1016/j.ijcip.2024.100724","url":null,"abstract":"<div><div>Space Cybersecurity (SC) is becoming critical due to the essential role of space in global critical infrastructure – enabling communication, safe air travel, maritime trade, weather monitoring, environmental surveillance, financial services, and defence systems. Simultaneously, involving diverse stakeholders in space operations further amplifies this criticality. Similarly, previous research has identified isolated vulnerabilities in SC and proposed individual solutions to mitigate them. While such studies have provided useful insights, they do not offer a comprehensive analysis of space cyber-attack vectors and a critical evaluation of the effectiveness of mitigation strategies. This study addresses this problem by holistically examining the scope of potential space cyber-attack vectors, encompassing the ground, space, user, cloud, communication channels, and supply chain segments. Furthermore, the study evaluates the effectiveness of legacy security controls and frameworks and outlines SC-vector-aligned counterstrategies and mitigation techniques to tackle the unique SC threats. Based on the analysis, the study proposes future research directions to develop and test advanced technological solutions and regulatory and operational frameworks to establish international standards policies and foster stakeholder collaboration. The study contributes a multi-disciplinary foundation and roadmap that researchers, technology developers, and decision-makers can draw on in shaping a robust and sustainable SC framework.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100724"},"PeriodicalIF":4.1,"publicationDate":"2024-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142703046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Matthew R. Oster , Ilya Amburg , Samrat Chatterjee , Daniel A. Eisenberg , Dennis G. Thomas , Feng Pan , Auroop R. Ganguly
{"title":"A tri-level optimization model for interdependent infrastructure network resilience against compound hazard events","authors":"Matthew R. Oster , Ilya Amburg , Samrat Chatterjee , Daniel A. Eisenberg , Dennis G. Thomas , Feng Pan , Auroop R. Ganguly","doi":"10.1016/j.ijcip.2024.100723","DOIUrl":"10.1016/j.ijcip.2024.100723","url":null,"abstract":"<div><div>Resilient operation of interdependent infrastructures against compound hazard events is essential for maintaining societal well-being. To address consequence assessment challenges in this problem space, we propose a novel tri-level optimization model applied to a proof-of-concept case study with fuel distribution and transportation networks – encompassing one realistic network; one fictitious, yet realistic network; as well as networks drawn from three synthetic distributions. Mathematically, our approach takes the form of a defender-attacker-defender (DAD) model—a multi-agent tri-level optimization, comprised of a defender, attacker, and an operator acting in sequence. Here, our notional operator may choose proxy actions to operate an interdependent system comprised of fuel terminals and gas stations (functioning as supplies) and a transportation network with traffic flow (functioning as demand) to minimize unmet demand at gas stations. A notional attacker aims to hypothetically disrupt normal operations by reducing supply at the supply terminals, and the notional defender aims to identify best proxy defense policy options which include hardening supply terminals or allowing alternative distribution methods such as trucking reserve supplies. We solve our DAD formulation at a metropolitan scale and present practical defense policy insights against hypothetical compound hazards. We demonstrate the generalizability of our framework by presenting results for a realistic network; a fictitious, yet realistic network; as well as for three networks drawn from synthetic distributions. We also analyze the sensitivity of outputs on budget constraints through a detailed case study. Additionally, we demonstrate the scalability of the framework by investigating runtime performance as a function of the network size. Steps for future research are also discussed.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100723"},"PeriodicalIF":4.1,"publicationDate":"2024-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142593026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Digital Twin-assisted anomaly detection for industrial scenarios","authors":"Cristina Alcaraz, Javier Lopez","doi":"10.1016/j.ijcip.2024.100721","DOIUrl":"10.1016/j.ijcip.2024.100721","url":null,"abstract":"<div><div>Industry 5.0 is the current industrial paradigm that inherits the technological diversity of its predecessor, Industry 4.0, but includes three priority goals: (i) <em>resilience</em>, (ii) <em>sustainability</em> and (iii) <em>human-centeredness</em>. Through these three goals, Industry 5.0 pursues a more far-reaching digital transformation in industrial ecosystems with high protection guarantees. However, the deployment of innovative information technologies for this new digital transformation also requires considering their implicit vulnerabilities and threats in order to avoid any negative impacts on the three Industry 5.0 goals, and to prioritize cybersecurity aspects so as to ensure acceptable protection levels. This paper, therefore, proposes a detection framework composed of a Digital Twin (DT) and machine learning algorithms for online protection, supporting the resilience that Industry 5.0 seeks. To validate the approach, this work includes several practical studies on a real industrial control testbed to demonstrate the feasibility and accuracy of the framework, taking into account a set of malicious perturbations in several critical sections of the system. The results highlight the effectiveness of the DT in complementing the anomaly detection processes, especially for advanced and stealthy threats.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100721"},"PeriodicalIF":4.1,"publicationDate":"2024-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142551975","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Impact of Internet and mobile communication on cyber resilience: A multivariate adaptive regression spline modeling approach","authors":"Serhiy Lyeonov , Wadim Strielkowski , Vitaliia Koibichuk , Serhii Drozd","doi":"10.1016/j.ijcip.2024.100722","DOIUrl":"10.1016/j.ijcip.2024.100722","url":null,"abstract":"<div><div>The spread of broadband Internet and the availability of mobile communication services expand access to digital services for businesses and the public alike. However, at the same time, it aggravates the problem of ensuring digital space security, protection against cyber threats, and the fight against cybercrime. This research aims to calculate the index of a country's resilience to cyber-hacking for 143 countries, to divide these countries into groups based on this resilience (high, above-average, average, below-average, and low), compare these results with those obtained on the basis of National Cyber Security Index (NCSI), and to identify the impact of the Internet and mobile communication prevalence in a country on this level. The selection of the countries is based on the availability of statistical data for 2022 in the databases of the Surfshark VPN service, and the International Telecommunication Union. The integral index of a country's resilience to cyber-hacking is calculated through the multiplicative convolution (with weighted geometric mean) of the number of breached accounts, the Internet penetration probability (penetration into users’ data through the Internet), and the breach density per thousand users. The influence of active mobile broadband subscriptions (per 100 inhabitants), mobile broadband basket (% of Gross National Income Per Capita), mobile cellular subscriptions (per 100 inhabitants), and total fixed broadband subscriptions on the integral index of a country's resilience to cyber-hacking is investigated using multivariate adaptive regression spline. According to the calculations, France, Iceland, Montenegro, the United States, and the United Arab Emirates were the least resistant to cyber hacking in 2022. For countries with high, above-average, and below-average levels of resilience to cyber-hacking, the most relevant factor is the number of active mobile broadband subscriptions (per 100 inhabitants). For countries with an average level, it is total fixed broadband subscriptions.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100722"},"PeriodicalIF":4.1,"publicationDate":"2024-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142572557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}