{"title":"Advancing coordination in critical maritime infrastructure protection: Lessons from maritime piracy and cybersecurity","authors":"Tobias Liebetrau , Christian Bueger","doi":"10.1016/j.ijcip.2024.100683","DOIUrl":"https://doi.org/10.1016/j.ijcip.2024.100683","url":null,"abstract":"<div><p>Critical maritime infrastructure protection has become a priority in ocean governance, particularly in Europe. Increased geopolitical tensions, regional conflicts, and the Nord Stream pipeline attacks in the Baltic Sea of September 2022 have been the main catalysts for this development. Calls for enhancing critical maritime infrastructure protection have multiplied, yet, what this implies in practice is less clear. This is partially a question of engineering and risk analysis. It also concerns how the multitude of actors involved can act concertedly. Dialogue, information sharing, and coordination are required, but there is a lack of discussion about which institutional set ups would lend themselves. In this article, we argue that the maritime counter-piracy operations off Somalia, as well as maritime cybersecurity governance hold valuable lessons to provide new answers for the institutional question in the critical maritime infrastructure protection agenda. We start by clarifying what is at stake in the CMIP agenda and why it is a major contemporary governance challenge. We then examine and assess the instruments found in maritime counter-piracy and maritime cybersecurity governance, including why and how they provide effective solutions for enhancing critical maritime infrastructure protection. Finally, we assess the ongoing institution building for CMIP in Europe. While we focus on the European experience, our discussion on designing institutions carries forward lessons for CMIP in other regions, too.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"46 ","pages":"Article 100683"},"PeriodicalIF":3.6,"publicationDate":"2024-05-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1874548224000246/pdfft?md5=e5572e124732d1fcb1c40f392934a1e7&pid=1-s2.0-S1874548224000246-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141423305","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Performing risk assessment for critical infrastructure protection: A study of human decision-making and practitioners' transnationalism considerations","authors":"Michalis Papamichael , Christos Dimopoulos , Georgios Boustras , Marios Vryonides","doi":"10.1016/j.ijcip.2024.100682","DOIUrl":"https://doi.org/10.1016/j.ijcip.2024.100682","url":null,"abstract":"<div><p>This paper investigates the views of practitioners on the decision-making influences and the transnational considerations affecting risk assessment (RA) for critical infrastructure (CI) and its protection (CIP).</p><p>The investigation is based on a thematic analysis of the interviews of twelve RA practitioners. The analysis identified an overarching theme supporting the view that the team approach is the one true remedy to RA process shortcomings as well as five other themes: (1) the value of the human influence in RA; (2) transnationalism - an unfathomable notion; (3) consistency is no panacea to performance; (4) CI organizational RA-influencing forces; and (5) CI RA-enablers and impediments.</p><p>The investigation suggests that the team approach to effective RA for CIP is considered as the absolute panacea in the eyes of practitioners although both insights from the current industry RA practice through the interviews themselves, and an investigation of relevant literature suggests that although this is warmheartedly recommended (a) there are no set rules and guidelines in its application, (b) it is not coordinated nor applied consistently, and (c) it is not an integral part of RA processes. Notwithstanding the reality that a team approach to RA for CIP is being contemplated by practitioners, albeit with lagging consistency and coordination, it is evident that additional research is necessary to broaden the understanding of its value.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100682"},"PeriodicalIF":3.6,"publicationDate":"2024-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140918877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Andrew D. Syrmakesis , Cristina Alcaraz , Nikos D. Hatziargyriou
{"title":"DAR-LFC: A data-driven attack recovery mechanism for Load Frequency Control","authors":"Andrew D. Syrmakesis , Cristina Alcaraz , Nikos D. Hatziargyriou","doi":"10.1016/j.ijcip.2024.100678","DOIUrl":"https://doi.org/10.1016/j.ijcip.2024.100678","url":null,"abstract":"<div><p>In power systems, generation must be maintained in constant equilibrium with consumption. A key indicator for this balance is the frequency of the power grid. The load frequency control (LFC) system is responsible for maintaining the frequency close to its nominal value and the power deviation of tie-lines at their scheduled levels. However, the remote communication system of LFC exposes it to several cyber threats. A successful cyberattack against LFC attempts to affect the field measurements that are transferred though its remote control loop. In this work, a data-driven, attack recovery method is proposed against denial of service and false data injection attacks, called DAR-LFC. For this purpose, a deep neural network is developed that generates estimations of the area control error (ACE) signal. When a cyberattack against the LFC occurs, the proposed estimator can temporarily compute and replace the affected ACE, mitigating the effects of the cyberattacks. The effectiveness and the scalability of the DAR-LFC is verified on a single and a two area LFC simulations in MATLAB/Simulink.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100678"},"PeriodicalIF":3.6,"publicationDate":"2024-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141083694","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A real-time network based anomaly detection in industrial control systems","authors":"Faeze Zare , Payam Mahmoudi-Nasr , Rohollah Yousefpour","doi":"10.1016/j.ijcip.2024.100676","DOIUrl":"https://doi.org/10.1016/j.ijcip.2024.100676","url":null,"abstract":"<div><p>Data manipulation attacks targeting network traffic of SCADA systems may compromise the reliability of an Industrial Control system (ICS). This can mislead the control center about the real-time operating conditions of the ICS and can alter commands sent to the field equipment. Deep Learning techniques appear as a suitable solution for detecting such complicated attacks. This paper proposes a Network based Anomaly Detection System (NADS) to detect data manipulation attacks with a focus on Modbus/TCP-based SCADA systems. The proposed NADS is a sequence to sequence auto encoder which uses the long short term memory units with embedding layer, teacher forcing technique and attention mechanism. The model has been trained and tested using the SWaT dataset, which corresponds to a scaled-down water treatment plant. The model detected 23 of 36 attacks and outperformed two other existing NADS with an improvement of 0.22 for simple attacks and obtained a recall value of 0.86 on attack 36 compared to the other NADS which obtained 0.74.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100676"},"PeriodicalIF":3.6,"publicationDate":"2024-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140880127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Impact of space systems capabilities and their role as critical infrastructure","authors":"Mr. Antonio Carlo , Dr. Paola Breda","doi":"10.1016/j.ijcip.2024.100680","DOIUrl":"https://doi.org/10.1016/j.ijcip.2024.100680","url":null,"abstract":"<div><p>The cyber domain has led to growth in current satellite capabilities, which have become essential due to the increased use of both civil and military critical infrastructure (CI) management systems. In recent decades, outer space has proven to be an increasingly critical sector for the international management of commercial CI, with private operators acting on both multi- and transnational levels. However, the space domain is characterised by not only opportunities but also risks and threats. As the security implications of space were not sufficiently considered at the beginning of the space era, some of the predominant risks currently extend into the commercial sphere. These risks must be considered to ensure the resilience of connected CIs in outer space. Security is a vital issue in the cyber and space domains and should be considered in every phase of a space system's life cycle, from the development and manufacturing of space assets to their deployment and end of life. This involves CI in several sectors, each of which exhibits different but interrelated risks. For example, telecommunications and location systems increasingly require the use of CI, which creates a fragile interdependence that is extremely vulnerable to threats. This paper underlines the importance of recognising space systems as CI and emphasises the need for a better integration of these assets in a system-of-systems analysis. The consequences of global satellite disruption on terrestrial CI are used to support this view. In such a disruptive scenario, mitigation measures based on in-orbit servicing or responsive space capabilities, for example, would allow CI to be restored to first ensure national security followed by commercial activities. Moreover, this paper provides an overview of the legal and policy aspects of using space systems’ capabilities in CI to better understand their implications and encourage the development of recommendations.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100680"},"PeriodicalIF":3.6,"publicationDate":"2024-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140880128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Cybersecurity and cyber-terrorism challenges to energy-related infrastructures – Cybersecurity frameworks and economics – Comprehensive review","authors":"Sampath Kumar Venkatachary , Jagdish Prasad , Annamalai Alagappan , Leo John Baptist Andrews , Raymon Antony Raj , Sarathkumar Duraisamy","doi":"10.1016/j.ijcip.2024.100677","DOIUrl":"10.1016/j.ijcip.2024.100677","url":null,"abstract":"<div><p>This paper comprehensively reviews the challenges posed by cybersecurity and cyber-terrorism to energy-related infrastructures. The article highlights the difficulty in monitoring, managing, and measuring cybersecurity threats and discuss the critical need for analysis in this area, particularly in the energy sector, where control and command operations are conducted in an internetworked environment. Despite the energy industry's effective risk management practices, it remains vulnerable to cyber-terrorism, as evidenced by the Stuxnet attack. This hardware-software co-designed mechanism targeted Iranian nuclear facilities. The authors explore the technical aspects of Stuxnet and its impact on the energy sector, emphasising the need for proactive measures to mitigate the risks posed by cyber-terrorism. The economic implications of cyberattacks on energy infrastructures are also discussed, including the potential for significant financial losses and reputational damage. The authors provide practical guidance on preventive measures and defence mechanisms, such as network segmentation, access control, and encryption, to help prevent cyberattacks. In a nutshell, this paper serves as a timely and insightful reminder of the ongoing challenges faced by energy-related infrastructures in cybersecurity and cyber-terrorism. It underscores the need to continue developing effective risk management strategies and implementing appropriate measures to protect against cyber threats.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100677"},"PeriodicalIF":3.6,"publicationDate":"2024-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140796282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A comparison of onshore oil and gas transmission pipeline incident statistics in Canada and the United States","authors":"Y. Shen, W. Zhou","doi":"10.1016/j.ijcip.2024.100679","DOIUrl":"10.1016/j.ijcip.2024.100679","url":null,"abstract":"<div><p>This study analyzes the mileage and incident data between 1995 and 2016 corresponding to the onshore oil and natural gas transmission pipelines regulated by the Canada Energy Regulator (CER) and Pipeline and Hazardous Materials Safety Administration (PHMSA) of the United States. The analysis indicates that the material/weld/equipment failure is the leading failure cause for both CER and PHMSA pipeline incidents. The annual average incident rates of the CER and PHMSA pipelines are in the order of 10<sup>−3</sup> per km except for the PHMSA gas pipelines, the annual incident rate of which is in the order of 10<sup>−4</sup> per km. The annual average rupture rates of the CER and PHMSA pipelines vary from 3.5 × 10<sup>−5</sup> to 4.5 × 10<sup>−5</sup> per km. The F-N curves for the PHMSA pipelines are developed based on the mileage and incident data to quantify the societal risks posed by the pipeline in general.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100679"},"PeriodicalIF":3.6,"publicationDate":"2024-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1874548224000209/pdfft?md5=eddf33d8e539f2a2af96e60537f15885&pid=1-s2.0-S1874548224000209-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140770030","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Hardware-in-Loop (HIL) Testbed Design of Thermal Power Plant for Threat Modeling and Attack Vector Analysis","authors":"Midhya Mathew , Faruk Kazi","doi":"10.1016/j.ijcip.2024.100675","DOIUrl":"10.1016/j.ijcip.2024.100675","url":null,"abstract":"<div><p>Industrial control systems (ICSs) are extensively utilized worldwide to control and regulate various processes in energy utilities. It consists of various field devices, control and monitoring devices and communication devices. This paper focuses on the testing and analysis of various attack vectors that could potentially occur in a hardware-in-loop (HIL) Industrial Control System (ICS) testbed designed for a 500 MW thermal power plant. In this testbed, four typical process scenarios have been identified that can be manipulated through cyber-attacks, leading to severe issues such as plant shutdown or even explosions. The four significant plant scenarios recognized include minimal coal mill levels and increased temperatures in the classifier, heightened primary airflow to the coal mill, the tripping of an ID fan, and adjustment of the Super-heater temperature to its lowest setting. Also, we utilize the STRIDE threat modeling methodology to accurately represents the elements of Cyber-Physical Systems (CPS), their inter-dependencies, and the potential attack entry points and system vulnerabilities.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100675"},"PeriodicalIF":3.6,"publicationDate":"2024-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140773883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"ResNet50-1D-CNN: A new lightweight resNet50-One-dimensional convolution neural network transfer learning-based approach for improved intrusion detection in cyber-physical systems","authors":"Yakub Kayode Saheed , Oluwadamilare Harazeem Abdulganiyu , Kaloma Usman Majikumna , Musa Mustapha , Abebaw Degu Workneh","doi":"10.1016/j.ijcip.2024.100674","DOIUrl":"https://doi.org/10.1016/j.ijcip.2024.100674","url":null,"abstract":"<div><p>The cyber-physical system (CPS) plays a crucial role in supporting critical infrastructure like water treatment facilities, gas stations, air conditioning components, and smart grids, which are essential to society. However, these systems are facing a growing susceptibility to a wide range of emerging attacks. Cyber-attacks against CPS have the potential to cause disruptions in the accurate sensing and actuation processes, resulting in significant harm to physical entities and posing concerns for the overall safety of society. Unlike common security measures like firewalls and encryption, which often aren't enough to deal with the unique problems that CPS architectures present, deploying machine learning-based intrusion detection systems (IDS) that are specifically made for CPS has become an important way to make them safer. The application of machine learning algorithms has been suggested as a means of mitigating cyber-attacks on CPS. However, the limited availability of labelled data pertaining to emerging attack techniques poses a significant challenge to the accurate detection of such attacks. In the given scenario, transfer learning emerges as a promising methodology for the detection of cyber-attacks, as it involves the implicit modelling of the system. In this research, we propose a new lightweight transfer learning method via ResNet50-CNN1D for intrusion detection in CPS. The Adaptive Gradient (Adagrad) optimizer was applied in the proposed model to minimize the loss function through the adjustment of network weight. We tested how well the suggested ResNet50-1D-CNN model worked using the UNSW-NB15 dataset and a control system dataset called HAI. The HAI dataset was taken from the testbed and based on a planned physical attack scenario. By calculating the coefficient scores for the top ten (10) features in the HAI and UNSW-NB15 data, it was possible to determine the relevance of a feature. The rationale behind employing transfer learning was to mitigate the complexity associated with the classification of cyber-attacks and runtime. The utilization of transfer learning resulted in notable reductions in both the training and testing times required for the detection of attacks. On the HAI data, the results showed an accuracy of 97.32 %, recall of 98.41 %, F1-score of 96.32 %, and precision of 97.09 %. On the UNSW-NB15 data, the results showed an accuracy of 99.89 %, recall of 99.09 %, F1-score of 98.01 %, and precision of 98.70 %.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"45 ","pages":"Article 100674"},"PeriodicalIF":3.6,"publicationDate":"2024-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140640963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}