Abstract
Nations, more than ever, depend on the correct functionality of critical infrastructures. In order to deliver their services, critical infrastructure providers often rely on information technologies. Thus, cyber attacks can lead to severe impacts within a nation’s critical infrastructure landscape causing deep scars to health, safety and economic wealth. To provide the demanded service level of critical infrastructures and to reduce the impacts of disruptions and unavailability of components during attacks, it is essential to have a comprehensive understanding of the linkages between providers on the one side and to have the capabilities to identify vulnerabilities of systems and their consequences if exploited on the other side. Therefore, in this paper, we present a agent-based modeling and simulation approach facilitating the assessment of critical infrastructure entities under attack. To demonstrate the capabilities we further provide a motivational example how our approach can be used to perform simulation-based evaluation of cyber attacks. We further provide an overview of our simulation prototype.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mansfield, N.: Development of policies for protection of critical information infrastructures. Technical report, Organisation for Economic Co-operation and Development (OECD) (2007)
German Federal Office for Information Security: Recommendations for critical information infrastructure protection (2013)
Symantec: Symantec intelligence quarterly report: Q4 2010 - targeted attacks on critical infrastructure. Technical report, Symantec (2010)
Mandiant: Mandiant intelligence center report - apt1: Exposing one of china’s cyber espionage units. Technical report, Mandiant (2013)
Public Safety Canada: Ontario-U.S. power outage - impacts on critical infrastructure (2006). http://www.publicsafety.gc.ca/prg/em/ia06-002-eng.aspx. Accessed: 16 May 2012
Centre for Natural Hazard Research: Types of hazards. http://www.sfu.ca/cnhr/types.html. Accessed: 16 May 2012
Hellström, T.: Critical infrastructure and systemic vulnerability: towards a planning frame. Saf. Sci. 45, 415–430 (2007)
Min, H., Beyeler, W., Brown, T., Son, Y., Jones, A.: Toward modeling and simulation of critical national infrastructure interdependencies. IIE Trans. 39(1), 57–71 (2007)
Rinaldi, S.M., Peerenboom, J.P., Kelly, T.K.: Identifying, understanding and analyzing critical infrastructure inderdependencies. IEEE Control Syst. Mag. 21, 11–25 (2001)
Potter, C., Waterfall, G.: Information security breaches survey 2012. Technical report, PwC (2012)
Cornish, P., Livingstone, D., Clemente, D., Yorke, C.: Cyber security and the uk’s critical national infrastructure. Technical report, Chatham House (2011)
Baker, S., Filipiak, N., Timlin, K.: In the dark - crucial industries confront cyberattacks. Technical report, McAfee - Center for Strategic International Studies (2011)
Obama, B.: Taking the cyberattack threat seriously (July 2012)
Hackmageddon.com (2013). http://hackmageddon.com/2012-cyber-attacks-statistics-master-index/. Accessed: 20 February 2013
CERT CC: Denial of Service Attacks (1999). http://www.cert.org/tech_tips/denial_of_service.html. Accessed: 20 February 2013
George Mason University: The CIP Report, August 2010. http://cip.gmu.edu/archive/CIPHS_TheCIPReport_August2010_CIPHSUpdate.pdf. Accessed: 16 May 2012
Boin, A., McConnell, A.: Preparing for critical infrastructure breakdowns: the limits of crisis management and the need for resilience. J. Contingencies Crisis Manage. 15(1), 50–59 (2007)
Moteff, J., Parfomak, P.: CRS Report for Congress - Critical Infrastructure and Key Assets: Definition and Identification. Technical report, Congressional Research Service (2004). Accessed: 16 May 2012
Harris, S.: CISSP All-in-One Exam Guide, 5th edn. Mcgraw-Hill Professional, New York (2010)
ISO/IEC: ISO/IEC 27002:2005 Information technology - Security techniques - Code of practice for information security management (2005)
Laprie, J.C.: Dependable computing: concepts, limits, challenges. In: 25th IEEE International Symposium on Fault-Tolerant Computing, Pasadena, CA, USA, pp. 42–54. IEEE (1995)
Avizienis, A., Laprie, J.C., Randell, B.: Fundamental concepts of dependability. Seven 1145, 7–12 (2001)
Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)
Sherwood, J., Clark, A., Lynas, D.: Enterprise security architecture. Technical report, SABSA Institute (2009)
Sherwood, J., Clark, A., Lynas, D.: Enterprise Security Architecture: A Business-Driven Approach. CRC Press, San Francisco (2005)
Bursztein, E.: NetQi: a model checker for anticipation game. In: Cha, S.S., Choi, J.-Y., Kim, M., Lee, I., Viswanathan, M. (eds.) ATVA 2008. LNCS, vol. 5311, pp. 246–251. Springer, Heidelberg (2008)
Bursztein, E.: Extending anticipation games with location, penalty and timeline. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 272–286. Springer, Heidelberg (2009)
Bursztein, E.: Multiple-sites defense strategy. Technical report, LSV, ENS Cachan, CNRS (2009)
BSI-Standard 100–4: Business Continuity Management (2008)
Macal, C.M., North, M.J.: Tutorial on agent-based modelling and simulation. J. Simul. 4(3), 151–162 (2010)
Allan, R.: Survey of agent based modelling and simulation tools. Engineering 501, 57–72 (2009)
Liu, D., Wang, X., Camp, L.J.: Game theoretic modeling and analysis of insider threats. Int. J. Crit. Infrastruct. Prot. 1, 75–80 (2008)
Grossklags, J., Christin, N., Chuang, J.: Secure or insure?: a game-theoretic analysis of information security games. In: Proceedings of the 17th International Conference on World Wide Web, pp. 209–218. ACM (2008)
Boehmer, W.: Dynamic systems approach to analyzing event risks and behavioral risks with game theory. In: 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third International Conference on Social Computing (SocialCom), pp. 1231–1238 (2011)
Specht, S., Lee, R.: Distributed denial of service: taxonomies of attacks, tools, and countermeasures. In: Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems, pp. 543–550 (2004)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Gottwald, S.: Studyon critical dependencies of energy, finance and transportinfrastructures on ict infrastructure. Technical report, European Commission (2009)
OpenL Tablets: Business Friendly Rules (2013). http://openl-tablets.sourceforge.net/. Accessed: 14 March 2013
Luke, S., Cioffi-Revilla, C., Panait, L., Sullivan, K., Balan, G.: MASON: a multi-agent simulation environment. Trans. Soc. Model. Simul. Int. 82(7), 517–527 (2005)
George Mason University: MASON (2012). http://cs.gmu.edu/eclab/projects/mason/. Accessed: 26 July 2012
Luke, S.: Multiagent simulation and the MASON library, August 2011. http://cs.gmu.edu/eclab/projects/mason/manual.pdf
Naveh, B.: Contributors: JGraphT (2013). http://jgrapht.org/. Accessed: 15 March 2013
Refractions Research: PostGIS, March 2013. http://www.postgis.org/. Accessed: 15 March 2013
mcobject: Perst - an open source, object-oriented embedded database, March 2013. http://www.mcobject.com/perst. Accessed: 15 March 2013
Object Refinery Limited: JFreeChart (2013). http://www.jfree.org/. Accessed: 15 March 2013
JasperSoft: iReport Desinger (2013). http://community.jaspersoft.com/project/ireport-designer. Accessed: 15 March 2013
Acknowledgments
This work has been supported by the Austrian Research Promotion Agency (FFG) under the Austrian Security Research Programme KIRAS.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Rybnicek, M., Tjoa, S., Poisel, R. (2014). Simulation-Based Cyber-Attack Assessment of Critical Infrastructures. In: Barjis, J., Pergl, R. (eds) Enterprise and Organizational Modeling and Simulation. EOMAS 2014. Lecture Notes in Business Information Processing, vol 191. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44860-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-662-44860-1_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44859-5
Online ISBN: 978-3-662-44860-1
eBook Packages: Computer ScienceComputer Science (R0)