Critical Infrastructures

Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


This chapter refines the introduction of security in critical infrastructures by going into deeper details about how threats and countermeasures differ and are specific for the physical domain, the cyber domain and intermediate areas. Gaining an understanding of these differences is crucial for the design of effective countermeasures against the diverse nature of today’s advanced persistent threats (APTs). As even local incidents may have far-reaching consequences beyond the logical or physical boundaries of a critical infrastructure, we devote parts of the chapter to a discussion and overview of simulation methods that help to model and estimate possible effects of security incidents across interwoven infrastructures. Such simulation models form an invaluable source of information and data for the subsequent construction of game-theoretic security models discussed in the rest of the book.


  1. 1.
    Akyol E, Rose K, Basar T (2015) Optimal zero-delay jamming over an additive noise channel. IEEE Trans Inf Theory 61(8):4331–4344. MathSciNetzbMATHGoogle Scholar
  2. 2.
    BABS (2019) Katalog der gefährdungen. Katalog der Gefhrdungen, Katastrophen und Notlagen Schweiz. Technical report, Bundesamt für Bevölkerungsschutz (BABS)Google Scholar
  3. 3.
    Barrett C, Beckman R, Channakeshava K, Huang F, Kumar VA, Marathe A, Marathe MV, Pei G (2010) Cascading failures in multiple infrastructures: from transportation to communication network. In: 2010 5th international conference on critical infrastructure (CRIS). IEEE, pp 1–8.
  4. 4.
    Barton DC, Eidson ED, Schoenwald DA, Stamber KL, Reinert R (2000) Aspen-EE: an agent-based model of infrastructure interdependency. Technical report. SAND2000-2925, 774027, Sandia National Labs.
  5. 5.
    Basu N, Pryor R, Quint T (1998) ASPEN: a microsimulation model of the economy. Comput Econ 12(3):223–241. zbMATHGoogle Scholar
  6. 6.
    Bateman T (2013) Police warning after drug traffickers’ cyber-attack. BBC News, retrieved 25 Feb 2020
  7. 7.
    Bompard E, Napoli R, Xue F (2009) Assessment of information impacts in power system security against malicious attacks in a general framework. Reliab Eng Syst Saf 94(6):1087–1094. Google Scholar
  8. 8.
    Borshchev A, Filippov A (2004) From system dynamics and discrete event to practical agent based modeling: reasons, techniques, tools. In: The 22nd international conference of the system dynamics societyGoogle Scholar
  9. 9.
    Brown T, Beyeler W, Barton D (2004) Assessing infrastructure interdependencies: the challenge of risk analysis for complex adaptive systems. Int J Crit Infrastruct 1(1):108. Google Scholar
  10. 10.
    Buldyrev SV, Parshani R, Paul G, Stanley HE, Havlin S (2010) Catastrophic cascade of failures in interdependent networks. Nature 464:1025. Google Scholar
  11. 11.
    Busby J, Gouglidis A, Rass S, Konig S (2016) Modelling security risk in critical utilities: the system at risk as a three player game and agent society. In: 2016 IEEE international conference on systems, man, and cybernetics (SMC). IEEE, Budapest, pp 001758–001763. http://10.1109/SMC.2016.7844492.
  12. 12.
    Busby JS, Onggo B, Liu Y (2016) Agent-based computational modelling of social risk responses. Eur J Oper Res 251(3):1029–1042. zbMATHGoogle Scholar
  13. 13.
    Cardellini V, Casalicchio E, Tucci S (2006) Agent-based modeling of web systems in critical information infrastructures. In: International workshop on complex networks and infrastructure protection (CNIP 2006)Google Scholar
  14. 14.
    Carreras BA, Lynch VE, Dobson I, Newman DE (2002) Critical points and transitions in an electric power transmission model for cascading failure blackouts. Chaos Interdiscip J Nonlinear Sci 12(4):985–994. MathSciNetzbMATHGoogle Scholar
  15. 15.
    Casalicchio E, Galli E, Tucci S (2010) Agent-based modelling of interdependent critical infrastructures. Int J Syst Syst Eng 2(1):60. Google Scholar
  16. 16.
    Chen J, Thorp JS, Dobson I (2005) Cascading dynamics and mitigation assessment in power system disturbances via a hidden failure model. Int J Electr Power Energy Syst 27(4):318–326. Google Scholar
  17. 17.
    Chen P, Scown C, Matthews HS, Garrett JH, Hendrickson C (2009) Managing critical infrastructure interdependence through economic input-output methods. J Infrastruct Syst 15(3):200–210. Google Scholar
  18. 18.
    Chen PY, Cheng SM, Chen KC (2012) Smart attacks in smart grid communication networks. IEEE Commun Mag 50(8):24–29. Google Scholar
  19. 19.
    Cimpanu C (2017) WannaCry ransomware infects actual medical devices, not just computers. Bleeping Computer. Retrieved 25 Feb 2020
  20. 20.
    Condliffe J (2016) Ukraine’s power grid gets hacked again, a worrying sign for infrastructure attacks, 22 Dec 2016. Retrieved 26 July 2017
  21. 21.
    Crowther KG, Haimes YY, Taub G (2007) Systemic valuation of strategic preparedness through application of the inoperability input-output model with lessons learned from hurricane katrina. Risk Anal 27(5):1345–1364. Google Scholar
  22. 22.
    Dey P, Mehra R, Kazi F, Wagh S, Singh NM (2016) Impact of topology on the propagation of cascading failure in power grid. IEEE Trans Smart Grid 7(4):1970–1978. Google Scholar
  23. 23.
    Dobson I (2012) Estimating the propagation and extent of cascading line outages from utility data with a branching process. IEEE Trans Power Syst 27(4):2146–2155. Google Scholar
  24. 24.
    Dobson I, Carreras B, Newman D (2004) A branching process approximation to cascading load-dependent system failure. In: Proceedings of the 37th annual Hawaii international conference on system sciences, 2004. IEEE, 10pp.
  25. 25.
    Dobson I, Carreras BA, Lynch VE, Newman DE (2007) Complex systems analysis of series of blackouts: cascading failure, critical points, and self-organization. Chaos Interdiscip J Nonlinear Sci 17(2):026103. zbMATHGoogle Scholar
  26. 26.
    Dobson I, Carreras BA, Newman DE (2005) A loading-dependent model of probabilistic cascading failure. Probab Eng Inf Sci 19(1).
  27. 27.
    Dobson I, Kim J, Wierzbicki KR (2010) Testing branching process estimators of cascading failure with data from a simulation of transmission line outages. Risk Anal 30(4):650–662. Google Scholar
  28. 28.
    Dobson I, Newman DE (2017) Cascading blackout overall structure and some implications for sampling and mitigation. Int J Electr Power Energy Syst 86:29–32. Google Scholar
  29. 29.
    Dong H, Cui L (2016) System reliability under cascading failure models. IEEE Trans Reliab 65(2):929–940. Google Scholar
  30. 30.
    Dong P, Han Y, Guo X, Xie F (2015) A systematic review of studies on cyber physical system security. Int J Secur Appl 9(1):155–164. Google Scholar
  31. 31.
    Etesami SR, Başar T (2019) Dynamic games in cyber-physical security: an overview. Dyn Games Appl.
  32. 32.
    European Commission (2008) COUNCIL DIRECTIVE 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. Off J Eur Union (L345):75–82. Google Scholar
  33. 33.
    Fan W, Huang S, Mei S (2016) Invulnerability of power grids based on maximum flow theory. Phys A Stat Mech Appl 462:977–985. MathSciNetzbMATHGoogle Scholar
  34. 34.
    Fang J, Su C, Chen Z, Sun H, Lund P (2016) Power system structural vulnerability assessment based on an improved maximum flow approach. IEEE Trans Smart Grid 9(2):777–785. Google Scholar
  35. 35.
    Gouglidis A, König S, Green B, Rossegger K, Hutchison D (2018) Protecting water utility networks from advanced persistent threats: a case study. Springer International Publishing, Cham, pp 313–333. Google Scholar
  36. 36.
    Greenberg A (2018) WIRED: the untold story of NotPetya, the most devastating cyberattck in history.
  37. 37.
    Guo H, Zheng C, Iu HHC, Fernando T (2017) A critical review of cascading failure analysis and modeling of power system. Renew Sustain Energy Rev 80:9–22. Google Scholar
  38. 38.
    Haimes Y, Santos J, Crowther K, Henry M, Lian C, Yan Z (2007) Risk analysis in interdependent infrastructures. In: Goetz E, Shenoi S (eds) Critical infrastructure protection, vol 253. Springer, pp 297–310.
  39. 39.
    Haimes YY, Pu J (2001) Leontief-based model of risk in complex interconnected infrastructures. J Infrastruct Syst 7(1):1–12. Google Scholar
  40. 40.
    Hasan S, Foliente G (2015) Modeling infrastructure system interdependencies and socioeconomic impacts of failure in extreme events: emerging R&D challenges. Nat Haz 78(3):2143–2168. Google Scholar
  41. 41.
    Hausken K (2017) Defense and attack for interdependent systems. Eur J Oper Res 256(2):582–591. MathSciNetzbMATHGoogle Scholar
  42. 42.
    Henneaux P, Labeau PE, Maun JC (2012) A level-1 probabilistic risk assessment to blackout hazard in transmission power systems. Reliab Eng Syst Saf 102:41–52. Google Scholar
  43. 43.
    Henneaux P, Labeau PE, Maun JC, Haarla L (2016) A two-level probabilistic risk assessment of cascading outages. IEEE Trans Power Syst 31(3):2393–2403. Google Scholar
  44. 44.
    Hines P, Cotilla-Sanchez E, Blumsack S (2010) Do topological models provide good information about electricity infrastructure vulnerability? Chaos Interdiscip J Nonlinear Sci 20(3):033122. Google Scholar
  45. 45.
    Holme P (2002) Edge overload breakdown in evolving networks. Phys Rev E 66(3).
  46. 46.
    Holme P, Kim BJ (2002) Vertex overload breakdown in evolving networks. Phys Rev E 65(6).
  47. 47.
    Holmgren A, Jenelius E, Westin J (2007) Evaluating strategies for defending electric power networks against antagonistic attacks. IEEE Trans Power Syst 22(1):76–84. Google Scholar
  48. 48.
    ICS-CERT (2016) Cyber-attack against Ukrainian critical infrastructure.
  49. 49.
    Jung J, Santos JR, Haimes YY (2009) International trade inoperability input-output model (IT-IIM): theory and application. Risk Anal 29(1):137–154. Google Scholar
  50. 50.
    Kaegi M, Mock R, Kröger W (2009) Analyzing maintenance strategies by agent-based simulations: a feasibility study. Reliab Eng Syst Saf 94(9):1416–1421. Google Scholar
  51. 51.
    Kar D, Nguyen TH, Fang F, Brown M, Sinha A, Tambe M, Jiang AX (2016) Trends and applications in Stackelberg security games. In: Handbook of dynamic game theory. Springer International Publishing, pp 1–47. Google Scholar
  52. 52.
    Karnouskos S (2011) Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011 – 37th annual conference of the IEEE industrial electronics society. IEEE.
  53. 53.
    Kelic A, Warren DE, Phillips LR (2008) Cyber and physical infrastructure interdependencies. Technical report, SAND2008-6192, 945905, Sandia National Laboratories.
  54. 54.
    Khouzani M, Sarkar S, Altman E (2012) Saddle-point strategies in malware attack. IEEE J Sel Areas Commun 30(1):31–43. Google Scholar
  55. 55.
    Kim CJ, Obah OB (2007) Vulnerability assessment of power grid using graph topological indices. Int J Emerg Electr Power Syst 8(6).
  56. 56.
    Kim J, Dobson I (2010) Approximating a loading-dependent cascading failure model with a branching process. IEEE Trans Reliab 59(4):691–699. Google Scholar
  57. 57.
    König S, Gouglidis A, Green B, Solar A (2018) assessing the impact of malware attacks in utility networks. Springer International Publishing, Cham, pp 335–351.
  58. 58.
    König S, Rass S, Schauer S (2019) Cyber-attack impact estimation for a port. In: Jahn C, Kersten W, Ringle CM (eds) Digital transformation in maritime and city logistics: smart solutions for logistics. In: Proceedings of the hamburg international conference of logistics (HICL), vol 28. epubli GmbH, pp 164–183. ISBN 978-3-7502-4949-3
  59. 59.
    La QD, Quek TQS, Lee J (2016) A game theoretic model for enabling honeypots in IoT networks. In: 2016 IEEE international conference on communications (ICC). IEEE.
  60. 60.
    Lechner U, Dännart S, Rieb A, Rudel S (eds) (2018) Case Kritis – Fallstudien zur IT-Sicherheit in Kritischen Infrastrukturen. Logos Verlag, Berlin.
  61. 61.
    Lee RM, Assante MJ, Conway T (2016) Analysis of the cyber attack on the Ukrainian power grid. Technical report, E-ISAC, Washington.
  62. 62.
    Leontief WW (1951) Input-output economics. Sci Am 185:15–21Google Scholar
  63. 63.
    Li Y, Shi L, Cheng P, Chen J, Quevedo DE (2015) Jamming attacks on remote state estimation in cyber-physical systems: a game-theoretic approach. IEEE Trans Autom Control 60(10):2831–2836. MathSciNetzbMATHGoogle Scholar
  64. 64.
    Lian C, Haimes YY (2006) Managing the risk of terrorism to interdependent infrastructure systems through the dynamic inoperability input–output model. Syst Eng 9(3):241–258. Google Scholar
  65. 65.
    Mehic M, Fazio P, Rass S, Maurhart O, Peev M, Poppe A, Rozhon J, Niemiec M, Voznak M (2019) A novel approach to quality-of-service provisioning in trusted relay quantum key distribution networks. IEEE/ACM Trans Netw 1–10.
  66. 66.
    Motter AE, de Moura APS, Lai YC, Dasgupta P (2002) Topology of the conceptual network of language. Phys Rev E 65(6).
  67. 67.
    North MJ (2000) Smart II: the spot market agent research tool version 2.0. Nat Res Environ Issues 8(11)Google Scholar
  68. 68.
    North MJ (2001) Toward strength and stability: agent-based modeling of infrastructure markets. Soc Sci Comput Rev 19(3):307–323. Google Scholar
  69. 69.
    Office of Homeland Security (2002) National strategy for homeland security. Technical report, Department of Homeland SecurityGoogle Scholar
  70. 70.
    Oliva G, Panzieri S, Setola R (2012) Modeling and simulation of critical infrastructures. In: Flammini F (ed) WIT transactions on state of the art in science and engineering, vol 1, 1 edn. WIT Press, pp 39–56.
  71. 71.
    Ouyang M (2014) Review on modeling and simulation of interdependent critical infrastructure systems. Reliab Eng Syst Saf 121:43–60.
  72. 72.
    Owusu A, Mohamed S, Anissimov Y (2010) Input-output impact risk propagation in critical infrastructure interdependency. In: International conference on computing in civil and building engineering (icccbe). Nottingham University PressGoogle Scholar
  73. 73.
    Pita J, Jain M, Ordonez F, Portway C, Tambe M, Western C (2008) ARMOR security for Los Angeles international airport. In: Proceedings of the 23rd AAAI conference on artificial intelligence (2008), pp 1884–1885Google Scholar
  74. 74.
    Pita J, Tambe M, Kiekintveld C, Cullen S, Steigerwald E (2011) GUARDS – innovative application of game theory for national airport security. In: IJCAI 2011, pp 2710–2715. Google Scholar
  75. 75.
    Qi J, Dobson I, Mei S (2013) Towards estimating the statistics of simulated cascades of outages with branching processes. IEEE Trans Power Syst 28(3):3410–3419. Google Scholar
  76. 76.
    Qi J, Ju W, Sun K (2016) Estimating the propagation of interdependent cascading outages with multi-type branching processes. IEEE Trans Power Syst 1212–1223.
  77. 77.
    Qi J, Sun K, Mei S (2015) An interaction model for simulation and mitigation of cascading failures. IEEE Trans Power Syst 30(2):804–819. Google Scholar
  78. 78.
    Rahnamay-Naeini M, Hayat MM (2016) Cascading failures in interdependent infrastructures: an interdependent Markov-chain approach. IEEE Trans Smart Grid 7(4):1997–2006. Google Scholar
  79. 79.
    Rahnamay-Naeini M, Wang Z, Ghani N, Mammoli A, Hayat MM (2014) Stochastic analysis of cascading-failure dynamics in power grids. IEEE Trans Power Syst 29(4):1767–1779. Google Scholar
  80. 80.
    Rass S, König S (2012) Turning Quantum Cryptography against itself: how to avoid indirect eavesdropping in quantum networks by passive and active adversaries. Int J Adv Syst Meas 5(1 & 2):22–33Google Scholar
  81. 81.
    Rass S, Konig S, Schauer S (2017) Defending against advanced persistent threats using game-theory. PLoS ONE 12(1):e0168675. Google Scholar
  82. 82.
    Rezazadeh A, Talarico L, Reniers G, Cozzani V, Zhang L (2018) Applying game theory for securing oil and gas pipelines against terrorism. Reliab Eng Syst Saf.
  83. 83.
    Rinaldi S (2004) Modeling and simulating critical infrastructures and their interdependencies. In: Proceedings of the 37th annual Hawaii international conference on system sciences, 2004. IEEE.
  84. 84.
    Rinaldi SM, Peerenboom JP, Kelly TK (2001) Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Syst 21(6):11–25. Google Scholar
  85. 85.
    Rosato V, Issacharoff L, Tiriticco F, Meloni S, Porcellinis SD, Setola R (2008) Modelling interdependent infrastructures using interacting dynamical models. Int J Crit Infrastruct 4(1):63. Google Scholar
  86. 86.
    Rose A (2004) Economic principles, issues, and research priorities in hazard loss estimation. In: Okuyama Y, Chang SE (eds) Modeling spatial and economic impacts of disasters. Springer, Berlin/Heidelberg, pp 13–36. Google Scholar
  87. 87.
    Rose A (2005) Tracing infrastructure interdependence through economic interdependence. Technical report, CREATE Research Archive. Non-published Research Reports, Paper 78
  88. 88.
    Santella N, Steinberg LJ, Parks K (2009) Decision making for extreme events: Modeling critical infrastructure interdependencies to aid mitigation and response planning. Rev Policy Res 26(4):409–422. Google Scholar
  89. 89.
    Santos JR (2006) Inoperability input-output modeling of disruptions to interdependent economic systems. Syst Eng 9(1):20–34. Google Scholar
  90. 90.
    Santos JR, Haimes YY, Lian C (2007) A framework for linking cybersecurity metrics to the modeling of macroeconomic interdependencies. Risk Anal 27(5):1283–1297. Google Scholar
  91. 91.
    Schneider CM, Yazdani N, Araújo NAM, Havlin S, Herrmann HJ (2013) Towards designing robust coupled networks. Sci Rep 3(1).
  92. 92.
    William S (2018) Lessons learned review of the WannaCry Ransomware Cyber Attack. Report NHS, Feb 2018Google Scholar
  93. 93.
    Shao J, Buldyrev SV, Havlin S, Stanley HE (2011) Cascade of failures in coupled network systems with multiple support-dependence relations. Phys Rev E 83(3).
  94. 94.
    Shekhtman LM, Danziger MM, Havlin S (2016) Recent advances on failure and recovery in networks of networks. Chaos Solitons Fractals 90:28–36. zbMATHGoogle Scholar
  95. 95.
    Mei S, He F, Zhang X, Wu S, Wang G (2009) An improved OPA model and blackout risk assessment. IEEE Trans Power Syst 24(2):814–823. Google Scholar
  96. 96.
    Shieh EA, An B, Yang R, Tambe M, Baldwin C, DiRenzo J, Maule B, Meyer G (2013) PROTECT: an application of computational game theory for the security of the ports of the United States. In: Proceedings of the 26th AAAI conference on artificial intelligence (AAAI’12), pp 2173–2179Google Scholar
  97. 97.
    Song J, Cotilla-Sanchez E, Ghanavati G, Hines PDH (2016) Dynamic modeling of cascading failure in power systems. IEEE Trans Power Syst 31(3):2085–2095. Google Scholar
  98. 98.
    Tazi K, Abdi F, Abbou MF (2015) Review on cyber-physical security of the smart grid: Attacks and defense mechanisms. In: 2015 3rd international renewable and sustainable energy conference (IRSEC). IEEE, pp 1–6.
  99. 99.
    Touhiduzzaman M, Hahn A, Srivastava A (2018) A diversity-based substation cyber defense strategy utilizing coloring games. IEEE Trans Smart Grid 1–1.
  100. 100.
    UP KRITIS (2014) Public-private partnership for critical infrastructure protection – basis and goals. Technical report, Bundesamt für Sicherheit in der Informationstechnick (BSI)Google Scholar
  101. 101.
    Wang WX, Chen G (2008) Universal robustness characteristic of weighted networks against cascading failure. Phys Rev E 77(2).
  102. 102.
    Wang Z, Scaglione A, Thomas RJ (2012) A Markov-transition model for cascading failures in power grids. In: 2012 45th Hawaii international conference on system sciences. IEEE, pp 2115–2124.
  103. 103.
    Wei DQ, Luo XS, Zhang B (2012) Analysis of cascading failure in complex power networks under the load local preferential redistribution rule. Phys A Stat Mech Appl 391(8):2771–2777. Google Scholar
  104. 104.
    Wei L, Sarwat AI, Saad W, Biswas S (2018) Stochastic games for power grid protection against coordinated cyber-physical attacks. IEEE Trans Smart Grid 9(2):684–694. Google Scholar
  105. 105.
    Wu SJ, Chu MT (2017) Markov chains with memory, tensor formulation, and the dynamics of power iteration. Appl Math Comput 303:226–239. MathSciNetzbMATHGoogle Scholar
  106. 106.
    Zetter K (2016) Everything we know about Ukraine’s power plant hack | WIRED.
  107. 107.
    Zhang L, Reniers G (2016) A game-theoretical model to improve process plant protection from terrorist attacks. Risk Anal 36(12):2285–2297. Google Scholar
  108. 108.
    Zhang L, Reniers G (2018) Applying a Bayesian Stackelberg game for securing a chemical plant. J Loss Prev Process Ind 51:72–83. Google Scholar
  109. 109.
    Zhang P, Peeta S (2011) A generalized modeling framework to analyze interdependencies among infrastructure systems. Transp Res Part B Methodol 45(3):553–579. Google Scholar
  110. 110.
    Zhang X, Zhan C, Tse CK (2017) Modeling the dynamics of cascading failures in power systems. IEEE J Emerg Sel Top Circuits Syst 7(2):192–204Google Scholar
  111. 111.
    Zhu Q, Saad W, Han Z, Poor HV, Başalr T (2011) Eavesdropping and jamming in next-generation wireless networks: a game-theoretic approach. In: 2011-MILCOM 2011 military communications conference. IEEE, pp 119–124Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Universitaet KlagenfurtKlagenfurtAustria
  2. 2.Austrian Institute of Technology GmbHWienAustria
  3. 3.Tandon School of EngineeringNew York UniversityBrooklynUSA

Personalised recommendations