Abstract
The sovereignty and well-being of nations are highly dependent on the continuous and uninterrupted operation of critical infrastructures. Thus, the protection of utilities that provision critical services (e.g., water, electricity, telecommunications) is of vital importance given the severity imposed by any failure of these services. Recent security incidents in the context of critical infrastructures indicate that threats in such environments appear to be increasing both in frequency and intensity. The complexity of typical critical infrastructures is among the factors that make these environments vulnerable to threats. One of the most problematic types of threat is an advanced persistent threat (APT). This usually refers to a sophisticated, targeted, and costly attack that employs multiple attack vectors to gain access to the target system, then to operate in stealth mode when penetration is achieved, and to exfiltrate data or cause failures inside the system. In this chapter, we demonstrate how a set of processes developed in the context of HyRiM’s framework can assist in minimizing the damage caused to a utility organization that is subjected to an APT style of attack. Specifically, the framework is demonstrated using data from a real-world water utility network and an industrial control system (ICS) test-bed, and in which optimal defensive strategies are investigated.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Busby, J.S., Gouglidis, A., Rass, S., König, S.: Modelling security risk in critical utilities: The system at risk as a three player game and agent society. In: Systems, Man, and Cybernetics (SMC), 2016 IEEE International Conference on, pp. 001,758–001,763. IEEE (2016)
Falliere, N., Murchu, L.O., Chien, E.: W32. stuxnet dossier. White paper, Symantec Corp., Security Response 5(6) (2011)
Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: From network event correlation to incident detection. Computers & Security 48, 35–57 (2015)
Green, B., Krotofil, M., Hutchison, D.: Achieving ICS resilience and security through granular data flow management. In: Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, October 2016, pp. 93–101. ACM (2016)
Green, B., Paske, B., Hutchison, D., Prince, D.: Design and construction of an industrial control system testbed. In: PG Net-The 15th Annual PostGraduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting (2014)
ISA99: ISA-62443-1-1: Security for industrial automation and control systems - models and concepts. URL http://isa99.isa.org/ISA99%20Wiki/WP-1-1.aspx,[retrieved:11/09/2017]
Johnson, C., Badger, L., Waltermire, D., Snyder, J., Skorupka, C.: Guide to cyber threat information sharing. NIST Special Publication 800, 150 (2016)
Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011-37th Annual Conference on IEEE Industrial Electronics Society, pp. 4490–4494. IEEE (2011)
König, S., Rass, S., Schauer, S., Beck, A.: Risk propagation analysis and visualization using percolation theory. Int. J. Adv. Comput. Sci. Appl.(IJACSA) 7(1) (2016)
Kushner, D.: The real story of stuxnet. IEEE Spectrum 3(50), 48–53 (2013)
Liu, Y., Jin, Z., Wang, Y.: Survey on security scheme and attacking methods of wpa/wpa2. In: Wireless Communications Networking and Mobile Computing (WiCOM), 2010 6th International Conference on, pp. 1–4. IEEE (2010)
MADIANT: APT1: Exposing one of china’s cyber espionage units (2013). URL https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf,[retrieved:28/09/2017]
Moon, D., Im, H., Lee, J.D., Park, J.H.: Mlds: multi-layer defense system for preventing advanced persistent threats. Symmetry 6(4), 997–1010 (2014)
Rass, S., König, S.: R package ’hyrim’: Multicriteria risk management using zero-sum games with vector-valued payoffs that are probability distributions (2017). URL https://hyrim.net/software/
Ross, R.S.: Managing information security risk: Organization, mission, and information system view. Special Publication (NIST SP)-800-39 (2011)
Tankard, C.: Advanced persistent threats and how to monitor and deter them. Network security 2011(8), 16–19 (2011)
Acknowledgements
The research leading to these results has received funding from the European Union Seventh Framework Program under grant agreement no. 608090, Project HyRiM (Hybrid Risk Management for Utility Networks).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Gouglidis, A., König, S., Green, B., Rossegger, K., Hutchison, D. (2018). Protecting Water Utility Networks from Advanced Persistent Threats: A Case Study. In: Rass, S., Schauer, S. (eds) Game Theory for Security and Risk Management. Static & Dynamic Game Theory: Foundations & Applications. Birkhäuser, Cham. https://doi.org/10.1007/978-3-319-75268-6_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-75268-6_13
Published:
Publisher Name: Birkhäuser, Cham
Print ISBN: 978-3-319-75267-9
Online ISBN: 978-3-319-75268-6
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)