International Journal of Critical Infrastructure Protection最新文献

{"title":"SIRT: A distinctive and smart invasion recognition tool (SIRT) for defending IoT integrated ICS from cyber-attacks","authors":"M.S. Kavitha ,&nbsp;G. Sumathy ,&nbsp;B. Sarala ,&nbsp;J. Jasmine Hephzipah ,&nbsp;R. Dhanalakshmi ,&nbsp;T.D. Subha","doi":"10.1016/j.ijcip.2024.100720","DOIUrl":"10.1016/j.ijcip.2024.100720","url":null,"abstract":"<div><div>With the rise of smart industries, Industrial Control Systems (ICS) has to move from isolated settings to networked environments to meet the objectives of Industry 4.0. Because of the inherent interconnection of these services, systems of this type are more vulnerable to cybersecurity breaches. To protect ICSs from cyberattacks, intrusion detection systems equipped with Artificial Intelligence characteristics have been used to spot unusual system behavior. The main research problem focused on this work is to guarantee ICS security, a variety of security strategies and automated technologies have been established in past literary works. However, the main problems they face include a high proportion of incorrect predictions, longer execution times, more complex system designs, and decreased efficiency. Thus, developing and putting in place a Smart Invasion Recognition Tool (SIRT) to defend critical infrastructure systems against new cyberattacks is the main goal of this project. This system cleans and normalizes the supplied ICS data using a unique preprocessing technique called Variational Data Normalization (VDN). Furthermore, a novel hybrid technique called Frog Leap-based Ant Movement Optimization (FLAMO) is applied to choose the most important and necessary features from normalized industrial data. Furthermore, the methodology of Weighted Bi-directional Gated Recurrent Network (WeBi-GRN) is utilized to precisely distinguish between genuine and malicious samples from information collected by ICS. This work validates and evaluates the performance findings using many assessment indicators and a range of open-source ICS data. According to the study's findings, the proposed SIRT model accurately classifies the different types of assaults from the industrial data with 99 % accuracy.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100720"},"PeriodicalIF":4.1,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142526135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Process-aware security monitoring in industrial control systems: A systematic review and future directions","authors":"Muaan ur Rehman ,&nbsp;Hayretdin Bahşi","doi":"10.1016/j.ijcip.2024.100719","DOIUrl":"10.1016/j.ijcip.2024.100719","url":null,"abstract":"<div><div>Due to the tight coupling between the cyber and physical components, control systems are subjected to emerging cyberattacks. In addition to attacks based on networking and communication, control systems are also susceptible to process-aware attacks that target the business logic behind a physical process. Due to the increasing frequency of such attacks, the process-aware defence mechanisms that incorporate knowledge of the underlying physical model, has gained increased attention in current cyber–physical system security-related research. However, the rapid expansion of literature complicates the ability to thoroughly review and ascertain the state-of-the-art, as well as to identify existing research challenges and gaps. This paper investigates research on process-aware-based security monitoring for control systems and aims to establish a common understanding of currently used methods in this domain. A systematic literature review is performed to outline and classify the existing work and present the authors’ cybersecurity vision. From an extensive review of publications between February 1, 2009 and October 30, 2023, we analysed and categorized the existing research on process-aware security monitoring techniques for control systems. Furthermore, we identified process-aware attack categories posing threats to the physical process in critical infrastructures. We have further mapped these attacks to the MITRE ATT&amp;CK matrix for Industrial Control Systems (ICS), detailing their tactics, techniques, and impacts.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100719"},"PeriodicalIF":4.1,"publicationDate":"2024-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142421445","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An AutoML-based security defender for industrial control systems","authors":"Danish Vasan ,&nbsp;Ebtesam Jubran S. Alqahtani ,&nbsp;Mohammad Hammoudeh ,&nbsp;Adel F. Ahmed","doi":"10.1016/j.ijcip.2024.100718","DOIUrl":"10.1016/j.ijcip.2024.100718","url":null,"abstract":"<div><p>Securing Industrial Control Systems (ICS) against cyber threats is crucial for maintaining operational reliability and safety in critical infrastructure. Traditional Machine Learning (ML) approaches in ICS development require substantial domain expertise, posing challenges for non-experts. To address this gap, we propose and evaluate ICS-defender, a defense mechanism to enhance ICS security through Automated Machine Learning (AutoML) techniques. Our approach leverages sophisticated feature engineering and AutoML to automate model selection, training, aggregation, and optimization, thereby reducing the dependency on specialized knowledge. We evaluate ICS-defender against state-of-the-art AutoML frameworks using diverse datasets from power systems and electric vehicle chargers. Experimental results consistently demonstrate that ICS-defender outperforms existing frameworks in terms of accuracy and robustness, achieving average accuracies of 93.75%, 94.34%, and 87.12% for power systems attacks datasets and 94.23% for the electric vehicle charging station attacks dataset, surpassing baseline algorithms. This research contributes to advancing secure and resilient ICS, offering significant implications for broader applications and future enhancements in industrial cybersecurity.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100718"},"PeriodicalIF":4.1,"publicationDate":"2024-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142164704","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Obfuscation strategies for industrial control systems","authors":"Vittoria Cozza ,&nbsp;Mila Dalla Preda ,&nbsp;Ruggero Lanotte ,&nbsp;Marco Lucchese ,&nbsp;Massimo Merro ,&nbsp;Nicola Zannone","doi":"10.1016/j.ijcip.2024.100717","DOIUrl":"10.1016/j.ijcip.2024.100717","url":null,"abstract":"<div><p>Recently released scan data on Shodan reveals that thousands of <em>Industrial Control Systems</em> (ICSs) worldwide are directly accessible via the Internet and, thus, exposed to cyber-attacks aiming at financial gain, espionage, or disruption and/or sabotage. Executing sophisticated cyber–physical attacks aiming to manipulate industrial functionalities requires a deep understanding of the underlying physical process at the core of the target ICS, for instance, through unauthorized access to memory registers of <em>Programmable Logic Controllers</em> (PLCs). However, to date, countermeasures aiming at hindering the comprehension of physical processes remain largely unexplored.</p><p>In this work, we investigate the use of <em>obfuscation strategies</em> to complicate <em>process comprehension</em> of ICSs while preserving their runtime evolution. To this end, we propose a framework to design and evaluate obfuscation strategies for PLCs, involving PLC memory registers, PLC code (user program), and the introduction of extra (spurious) physical processes. Our framework categorizes obfuscation strategies based on two dimensions: the <em>type of (spurious) registers</em> employed in the obfuscation strategy and the <em>dependence on the (genuine) physical process</em>. To evaluate the efficacy of proposed obfuscation strategies, we introduce <em>evaluation metrics</em> to assess their <em>potency</em> and <em>resilience</em>, in terms of <em>system invariants</em> the attacker can derive, and their <em>cost</em> in terms of computational overhead due to runtime modifications of spurious PLC registers. We developed a prototype tool to automatize the devised obfuscation strategies and applied them to a non-trivial use case in the field of water tank systems. Our results show that code obfuscation can be effectively used to counter malicious process comprehension of ICSs achieved via scanning of PLC memory registers. To our knowledge, this is the first work using obfuscation as a technique to protect ICSs from such threats. The efficacy of the proposed obfuscation strategies predominantly depends on the intrinsic complexity of the interplay introduced between genuine and spurious registers.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100717"},"PeriodicalIF":4.1,"publicationDate":"2024-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1874548224000581/pdfft?md5=34c2c309641d7172bea1f3fdf4abfc70&pid=1-s2.0-S1874548224000581-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142136032","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"It is the time, are you sufficiently resilient?","authors":"Roberto Setola","doi":"10.1016/S1874-5482(24)00051-9","DOIUrl":"10.1016/S1874-5482(24)00051-9","url":null,"abstract":"","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"46 ","pages":"Article 100710"},"PeriodicalIF":4.1,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1874548224000519/pdfft?md5=54538213fe2797447c3bade1b9566663&pid=1-s2.0-S1874548224000519-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142095883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Evaluation of SDN security measures in the context of IEC 62443-3-3","authors":"Georgios Michail Makrakis ,&nbsp;Dakota Roberson ,&nbsp;Constantinos Kolias ,&nbsp;Dallin Cook","doi":"10.1016/j.ijcip.2024.100716","DOIUrl":"10.1016/j.ijcip.2024.100716","url":null,"abstract":"<div><p>The security of assets within electrical substations is paramount to ensuring the reliable and resilient operation of the energy sector. However, implementing existing industry cybersecurity standards in these environments presents numerous technical challenges. In this work, we provide systematic guidance that emphasizes best practices and prioritizes requirement implementation. We examine the application of Software-Defined Networking (SDN) as a means to enhance security within the IEC 62443 family of standards. Specifically, we offer insights into how the security measures required for compliance with the IEC 62443 security standards can impact the stringent timing constraints of contemporary communication protocols, enabling advanced distribution system operations in the future. Utilizing a testbed modeled after a real-world electrical substation, we demonstrate that while SDN-based security features naturally introduce some additional latency, their operational impact on the network’s strict constraints is minimal.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100716"},"PeriodicalIF":4.1,"publicationDate":"2024-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142169565","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Comprehensive vulnerability assessment for environmental facility depending on spatial characteristics in South Korea","authors":"Young Hwan Choi ,&nbsp;Do Guen Yoo ,&nbsp;Pill Jae Kwak ,&nbsp;Hyung Do Kim ,&nbsp;Jungsu Park ,&nbsp;Jaehyeoung Park ,&nbsp;Younghan Yoon","doi":"10.1016/j.ijcip.2024.100715","DOIUrl":"10.1016/j.ijcip.2024.100715","url":null,"abstract":"<div><p>Among environmental facilities, wastewater treatment facilities have a crucial role in sustaining human life, and any occurrence of an earthquake or flood within these facilities can result in various social, economic, and environmental issues, either directly or indirectly. Therefore, a quantitative vulnerability assessment of wastewater treatment facilities is necessary to minimize and prevent damage from earthquakes and flood disasters. For this reason, this study introduces a novel indicator to assess the susceptibility of disasters, considering aspects of exposure, sensitivity, and adaptive capacity. The newly proposed indicator encompasses numerous evaluation criteria, topography, natural surroundings, hydraulic systems, structural composition, and non-structural features. Also, Weights derived using the combined weight calculation (CWC) method, which combined the analytic hierarchy process (AHP) and entropy weight method were applied to the indicator. It was tested across 23 cities to validate its efficacy, revealing a substantial correlation between the vulnerability index and the specific attributes of the city's wastewater treatment facilities. Therefore, this study analyzed wastewater treatment facilities by comparing the attributes of the urban areas under investigation, such as topological characteristics, urbanization levels, population density, infrastructure quality, and disaster preparedness resources available. The suggested methodology can facilitate the development of strategies aimed at averting damage caused by earthquakes or floods and reducing the adverse impact on wastewater treatment facilities while considering the unique characteristics of the urban setting in question.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100715"},"PeriodicalIF":4.1,"publicationDate":"2024-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142164705","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Securing industrial control systems: Developing a SCADA/IoT test bench and evaluating lightweight cipher performance on hardware simulator","authors":"Darshana Upadhyay ,&nbsp;Sagarika Ghosh ,&nbsp;Hiroyuki Ohno ,&nbsp;Marzia Zaman ,&nbsp;Srinivas Sampalli","doi":"10.1016/j.ijcip.2024.100705","DOIUrl":"10.1016/j.ijcip.2024.100705","url":null,"abstract":"<div><p>This paper addresses the critical need for enhancing security in Supervisory Control and Data Acquisition (SCADA) networks within Industrial Control Systems (ICSs) to protect the industrial processes from cyber-attacks. The purpose of our work is to propose and evaluate lightweight security measures to safeguard critical infrastructure resources. The scope of our effort involves simulating a secure SCADA/IoT-based hardware test bench for ICSs, utilizing Modbus and MQTT communication protocols. Through case studies in remote servo motor control, water distribution systems, and power system voltage level indicators, vulnerabilities such as Denial of Service (DoS) and Man-in-The-Middle (MiTM) attacks are identified, and security recommendations are provided. To execute our work, we deploy lightweight ciphers such as Prime Counter &amp; Hash Chaining (PCHC) and Ascon algorithm with Compression Rate (ACR) for secure information exchange between the plant floor and the control center. Evaluation of these ciphers on Raspberry Pi focuses on execution speed and memory utilization. Additionally, a comparison with the AGA-12 protocol standard for SCADA networks is conducted to underscore the efficacy of the proposed security measures. Our findings include the identification of SCADA network vulnerabilities and the proposal of lightweight security measures to mitigate risks. Performance evaluation of the proposed ciphers on Raspberry Pi demonstrates their effectiveness, emphasizing the importance of deploying such measures to ensure resilience against cyber threats in SCADA environments.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100705"},"PeriodicalIF":4.1,"publicationDate":"2024-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1874548224000465/pdfft?md5=aab404315863014667e25aa2e54961de&pid=1-s2.0-S1874548224000465-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142088708","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Resilience quantification and recovery strategy simulation for urban underground logistics systems under node and link attacks: A case study of Nanjing city","authors":"Ying Lu,&nbsp;Qingling Wang,&nbsp;Shiyu Huang,&nbsp;Wenhui Yu,&nbsp;Shuyue Yao","doi":"10.1016/j.ijcip.2024.100704","DOIUrl":"10.1016/j.ijcip.2024.100704","url":null,"abstract":"<div><p>Urban Underground Logistics Systems (UULS) have become an emerging solution to mitigate urban surface traffic congestion, environmental pollution, and surface transport safety risks. However, during the operation of UULS, the use of advanced technologies such as the Internet of Things (IoT) introduces cybersecurity risks to the system. Moreover, severe natural disasters can also cause damage to underground transportation network links. Existing research and planning primarily concentrate on the system design and benefits of UULS, neglecting the system's service level under attack scenarios. This study outlines three representative UULS network prototypes and proposes a resilience quantification method centered on logistics efficiency. It also focuses on comparing the effectiveness of three recovery strategies. These strategies give priority to maximum flow, betweenness centrality, and regional importance, as well as the priority of node and link repairs. The resilience quantification method and recovery strategies are applied in a case study set in Nanjing City. The case study results reveal that the Two-echelon network shows exceptional resilience. Regarding the effectiveness of recovery strategies, the strategy based on maximum flow proves to be the most effective, and focusing on node repair can lead to higher system resilience. Based on these findings, this study offers recommendations to transportation and logistics management decision-makers, focusing on UULS resilience and recovery strategy selection. These recommendations are intended to provide valuable guidance for the planning and design of future UULS, ensuring their resilience and reliability.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100704"},"PeriodicalIF":4.1,"publicationDate":"2024-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142149321","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Assessment of cross-border electricity interconnection projects using a MCDA method","authors":"Natalia Naval,&nbsp;Jose M. Yusta","doi":"10.1016/j.ijcip.2024.100703","DOIUrl":"10.1016/j.ijcip.2024.100703","url":null,"abstract":"<div><p>The European Union is promoting cross-border electricity interconnection projects to achieve energy objectives, reduce the current fragmented European market, and eradicate the isolation of the most disadvantaged areas. However, selecting these projects is a complex task because there are multiple objectives, criteria, participants and alternatives involved. This paper aims to develop a multi-criteria decision analysis (MCDA) method for appropriately assessing and prioritizing cross-border electricity interconnection projects considering technical, economic, environmental and social criteria. Additionally, this work analyzes interconnection effects on the resilience of interconnected power systems. To verify its validity, this method is applied to prioritize new Spain-France interconnection infrastructure projects. From the results obtained, the technical and environmental criteria have proven to be the most important, since cross-border electricity interconnection projects are aimed at better market-coupling, less congestion and higher reliability while minimizing environmental impacts. In short, the proposed methodology provides a comprehensive view of the impact of these projects.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"46 ","pages":"Article 100703"},"PeriodicalIF":4.1,"publicationDate":"2024-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1874548224000441/pdfft?md5=8b19846c0ed1e9f07e6bf1f0af07250e&pid=1-s2.0-S1874548224000441-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141939998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}