Abstract
In this paper we report on a recent study of the impact of cyber-attacks on the resilience of complex industrial systems. We describe our approach to building a hybrid model consisting of both the system under study and an Adversary, and we demonstrate its use on a complex case study - a reference power transmission network (NORDIC 32), enhanced with a detailed model of the computer and communication system used for monitoring, protection and control. We studied the resilience of the modelled system under different scenarios: i) a base-line scenario in which the modelled system operates in the presence of accidental failures without cyber-attacks; ii) scenarios in which cyber-attacks can occur. We discuss the usefulness of our findings and outline directions for further work.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Stouffer, K., Falco, J., Kent, K.: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security, p. 164. National Institute of Standards and Technology (NIST) (2006)
Bloomfield, R.E., et al.: Preliminary Interdependency Analysis (PIA): Method and tool support, p. 56. Adelard LLP (2010)
Bloomfield, R., Buzna, L., Popov, P., Salako, K., Wright, D.: Stochastic Modelling of the Effects of Interdependencies between Critical Infrastructure. In: Rome, E., Bloomfield, R. (eds.) CRITIS 2009. LNCS, vol. 6027, pp. 201–212. Springer, Heidelberg (2010)
Ford, M.D., et al.: Implementing the ADVISE security modeling formalism in Möbius. In: The 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, Budapest (2013)
Sanders, W.H.: Mobius, http://www.mobius.illinois.edu/ [cited]
IRRIIS. Integrated Risk Reduction of Information-based Infrastructure Systems (IRRIIS) (2006–2009), http://www.irriis.org/ [cited]
Hearing Before The Subcommittee On National Security, Cybersecurity: Assessing The Immediate Threat To The United States 2011, House of Representatives One Hundred Twelfth Congress First Session (2011)
US-CERT, Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies, US-CERT, p. 44 (2009)
Ten, C.-W., Liu, C.-C., Manimaran, G.: Vulnerability Assessment of Cybersecurity for SCADA Systems. IEEE Transactions on Power Systems 23(4), 1836–1846 (2008)
Krautsevich, L., Martinelli, F., Yautsiukhin, A.: Towards Modelling Adaptive Attacker’s Behaviour. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds.) FPS 2012. LNCS, vol. 7743, pp. 357–364. Springer, Heidelberg (2013)
Johnson, B., Grossklags, J., Christin, N., Chuang, J.: Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 588–606. Springer, Heidelberg (2010)
Cavalieri, S., et al.: Quantitative Assessment of Distributed Networks through Hybrid Stochastic Modelling. In: Bruneo, D., Distefano, S. (eds.) Quantitative Assessments of Distributed Systems, pp. 1–39. Scrivener Publishing LLC, USA (to appear)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Netkachov, O., Popov, P., Salako, K. (2014). Quantification of the Impact of Cyber Attack in Critical Infrastructures. In: Bondavalli, A., Ceccarelli, A., Ortmeier, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science, vol 8696. Springer, Cham. https://doi.org/10.1007/978-3-319-10557-4_35
Download citation
DOI: https://doi.org/10.1007/978-3-319-10557-4_35
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10556-7
Online ISBN: 978-3-319-10557-4
eBook Packages: Computer ScienceComputer Science (R0)