A hierarchical colored Petri net–based cyberattacks response strategy making approach for critical infrastructures

Critical infrastructures are essential for national security, economy, and public safety. As an important part of security protection, response strategy making provides useful countermeasures to reduce the impacts of cyberattacks. However, there have been few researches in this domain that investigate the cyberattack propagation within a station and the incident spreading process in the critical infrastructure network simultaneously, let along analyzing the relationships between security strategy making for a station and scheduling strategy for the critical infrastructure network. To tackle this problem, a hierarchical colored Petri net–based cyberattacks response strategy making approach for critical infrastructures is presented. In this approach, the relationships among cyberattacks, security measures, devices, functions, and station capacity are analyzed and described in a hierarchical way, and the system loss is calculated with the input of abnormal station capacities. Then, based on the above model, the security strategy making for a station and the scheduling strategy making for the critical infrastructure network are investigated in depth. Finally, the effectiveness of the proposed approach is demonstrated on a simulated water supply system.

[1]  Naixue Xiong,et al.  A Risk-Based Dynamic Decision-Making Approach for Cybersecurity Protection in Industrial Control Systems , 2020, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[2]  Tyler Moore,et al.  Securing wastewater facilities from accidental and intentional harm: A cost-benefit analysis , 2013, Int. J. Crit. Infrastructure Prot..

[3]  Mohammad Modarres,et al.  Function-centered modeling of engineering systems using the goal tree–success tree technique and functional primitives , 1999 .

[4]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[5]  Ayan Banerjee,et al.  Ensuring Safety, Security, and Sustainability of Mission-Critical Cyber–Physical Systems , 2012, Proceedings of the IEEE.

[6]  T. Lewis Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation , 2006 .

[7]  Chunjie Zhou,et al.  A Dynamic Decision-Making Approach for Intrusion Response in Industrial Control Systems , 2019, IEEE Transactions on Industrial Informatics.

[8]  Jim W. Hall,et al.  System-of-systems formulation and disruption analysis for multi-scale critical national infrastructures , 2017, Reliab. Eng. Syst. Saf..

[9]  James H. Taylor,et al.  An implementation plan for integrated control and asset management of petroleum production facilities , 2006, 2006 IEEE Conference on Computer Aided Control System Design, 2006 IEEE International Conference on Control Applications, 2006 IEEE International Symposium on Intelligent Control.

[10]  Naixue Xiong,et al.  Multimodel-Based Incident Prediction and Risk Assessment in Dynamic Cybersecurity Protection for Industrial Control Systems , 2016, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[11]  Jie YAN,et al.  Risk assessment framework for power control systems with PMU-based intrusion response system , 2015 .

[12]  Rae Zimmerman,et al.  Causes, cost consequences, and risk implications of accidents in US hazardous liquid pipeline infrastructure , 2009, Int. J. Crit. Infrastructure Prot..

[13]  Kevin Jones,et al.  A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[14]  Marcin Szpyrka,et al.  Detection and Modeling of Cyber Attacks with Petri Nets , 2014, Entropy.

[15]  Michel Dagenais,et al.  ARITO: Cyber-attack response system using accurate risk impact tolerance , 2013, International Journal of Information Security.

[16]  Min Ouyang,et al.  Vulnerability analysis of interdependent infrastructure systems under edge attack strategies , 2013 .

[17]  Fabrizio Giulio Luca Pilo,et al.  Cost–benefit analysis for energy storage exploitation in distribution systems , 2017 .

[18]  Xiuli Wang,et al.  Decision-Making Model Based on Conditional Risks and Conditional Costs in Power System Probabilistic Planning , 2013, IEEE Transactions on Power Systems.

[19]  Yacov Y. Haimes,et al.  Risk‐based multiobjective resource allocation in hierarchical systems with multiple decisionmakers. Part I: Theory and methodology , 2011, Syst. Eng..

[20]  Ana Paula Cabral Seixas Costa,et al.  Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory , 2018, Int. J. Inf. Manag..

[21]  Richard Piggin Cyber security trends: What should keep CEOs awake at night , 2016, Int. J. Crit. Infrastructure Prot..

[22]  Silvano Chiaradonna,et al.  Quantification of dependencies between electrical and information infrastructures , 2012, Int. J. Crit. Infrastructure Prot..

[23]  Saman A. Zonouz,et al.  Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators' responsive behavior , 2013, Comput. Secur..

[24]  Jan Eric Larsson,et al.  Diagnosis Based on Explicit Means-End Models , 1996, Artif. Intell..

[25]  Andrew P. Sage,et al.  On the Systems Engineering and Management of Systems of Systems and Federations of Systems , 2001, Inf. Knowl. Syst. Manag..

[26]  James L. Peterson,et al.  A Note on Colored Petri Nets , 1980, Inf. Process. Lett..

[27]  G. Manimaran,et al.  Cybersecurity for Critical Infrastructures: Attack and Defense Modeling , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.