Analyzing vulnerabilities between SCADA system and SUC due to interdependencies

Interdependencies within and among Critical Infrastructures (CIs), e.g., between Industrial Control Systems (ICSs), in particular Supervisory Control and Data Acquisition (SCADA) system, and the underlying System Under Control (SUC), have dramatically increased the overall complexity of related systems, causing the emergence of unpredictable behaviors and making them more vulnerable to cascading failures. It is vital to get a clear understanding of these often hidden interdependency issues and tackle them with advanced modeling and simulation techniques. In this paper, vulnerabilities due to interdependencies between these two exemplary systems (SCADA and SUC) are investigated and analyzed comprehensively using a modified five-step methodical framework. Furthermore, suggestions for system performance improvements based on the investigation and analysis results, which could be useful to minimize the negative effects and improve their coping capacities, are also presented in this paper.

[1]  Kathleen M. Carley,et al.  Balancing the criticisms: Validating multi-agent models of social systems , 2008, Simul. Model. Pract. Theory.

[2]  A. D. Swain,et al.  Comparative evaluation of methods for human reliability analysis , 1989 .

[3]  Reuven Cohen,et al.  Stability and topology of scale-free networks under attack and defense strategies. , 2005, Physical review letters.

[4]  James H. Lambert,et al.  Inoperability Input-Output Model for Interdependent Infrastructure Sectors. I: Theory and Methodology , 2005 .

[5]  Wolfgang Kröger,et al.  Exploring critical infrastructure interdependency by hybrid simulation approach , 2012 .

[6]  R. Caire,et al.  Modeling cyber and physical interdependencies - Application in ICT and power grids , 2009, 2009 IEEE/PES Power Systems Conference and Exposition.

[7]  Erik Hollnagel,et al.  Cognitive reliability and error analysis method : CREAM , 1998 .

[8]  Dirk Helbing,et al.  Efficient response to cascading disaster spreading. , 2007, Physical review. E, Statistical, nonlinear, and soft matter physics.

[9]  James H. Lambert,et al.  Inoperability Input-Output Model for Interdependent Infrastructure Sectors. II: Case Studies , 2005 .

[10]  Albert Jones,et al.  Toward modeling and simulation of critical national infrastructure interdependencies , 2005 .

[11]  Irene Eusgeld,et al.  Exploring impacts of single failure propagation between SCADA and SUC , 2011, 2011 IEEE International Conference on Industrial Engineering and Engineering Management.

[12]  R. Baumann,et al.  New SCADA/EMS concept of the Swiss Federal Railways , 1996 .

[13]  H. Ito,et al.  IEC61850 based Substation Automation System , 2008, 2008 Joint International Conference on Power System Technology and IEEE Power India Conference.

[14]  Roberto Setola,et al.  Critical infrastructure dependency assessment using the input-output inoperability model , 2009, Int. J. Crit. Infrastructure Prot..

[15]  Jonas Johansson,et al.  An approach for modelling interdependent infrastructures in the context of vulnerability analysis , 2010, Reliab. Eng. Syst. Saf..

[16]  Erol Gelenbe,et al.  Design of a Mobile Agent-Based Adaptive Communication Middleware for Federations of Critical Infrastructure Simulations , 2009, CRITIS.

[17]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[18]  Cen Nan,et al.  Creating a simulation environment for critical infrastructure interdependencies study , 2009, 2009 IEEE International Conference on Industrial Engineering and Engineering Management.

[19]  George E Apostolakis,et al.  A Screening Methodology for the Identification and Ranking of Infrastructure Vulnerabilities Due to Terrorism , 2005, Risk analysis : an official publication of the Society for Risk Analysis.

[20]  Andreas Tolk,et al.  Agents: Agenthood, Agent Architectures, and Agent Taxonomies , 2010 .

[21]  Cen Nan A HYBRID MODELING / SIMULATION APPROACH FOR IDENTIFICATION OF HIDDEN VULNERABILITIES DUE TO INTERDEPENDENCIES WITHIN AND AMONG CRITICAL INFRASTRUCTURES , 2012 .

[22]  Rae Zimmerman Decision-making and the vulnerability of interdependent critical infrastructure , 2004, 2004 IEEE International Conference on Systems, Man and Cybernetics (IEEE Cat. No.04CH37583).

[23]  Vincenzo Fioriti,et al.  Methodologies for inter-dependency assessment , 2010, 2010 5th International Conference on Critical Infrastructure (CRIS).

[24]  Sandro Bologna,et al.  Safeguarding information intensive critical infrastructures against novel types of emerging failures , 2007, Reliab. Eng. Syst. Saf..

[25]  Enrico Zio,et al.  Vulnerable Systems , 2011 .

[26]  Igor Nai Fovino,et al.  An experimental investigation of malware attacks on SCADA systems , 2009, Int. J. Crit. Infrastructure Prot..

[27]  Giovanni Ulivi,et al.  Simulation of heterogeneous and interdependent critical infrastructures , 2008, Int. J. Crit. Infrastructures.

[28]  Igor Nai Fovino,et al.  An experimental platform for assessing SCADA vulnerabilities and countermeasures in power plants , 2010, 3rd International Conference on Human System Interaction.

[29]  Wassily Leontief Input-Output Economics , 1966 .

[30]  Gabor Karsai,et al.  A testbed for secure and robust SCADA systems , 2008, SIGBED.

[31]  Infrastructure interdependency analysis : Introductory research review , 2022 .

[32]  Xinghuo Yu,et al.  Building a SCADA Security Testbed , 2009, 2009 Third International Conference on Network and System Security.

[33]  Chris T. Kiranoudis,et al.  A fuzzy modeling application of CREAM methodology for human reliability analysis , 2006, Reliab. Eng. Syst. Saf..

[34]  Francesco Liberati,et al.  Interdependency modeling and analysis of critical infrastructures based on Dynamic Bayesian Networks , 2011, 2011 19th Mediterranean Conference on Control & Automation (MED).

[35]  Eric A. M. Luiijf,et al.  Creating a European SCADA Security Testbed , 2007, Critical Infrastructure Protection.

[36]  Igor Nai Fovino,et al.  Cyber security assessment of a power plant , 2011 .

[37]  Irene Eusgeld,et al.  "System-of-systems" approach for interdependent critical infrastructures , 2011, Reliab. Eng. Syst. Saf..

[38]  Chloe Griot,et al.  Modelling and simulation for critical infrastructure interdependency assessment: a meta-review for model characterisation , 2010, Int. J. Crit. Infrastructures.

[39]  Vincenzo Fioriti,et al.  Inter-dependency Assessment in the ICT-PS Network: The MIA Project Results , 2010, CRITIS.

[40]  Cen Nan A hybrid modeling/simulation approach for identification of hidden vulnerabilities due to interdependencies within and among critical infrastructures , 2012 .

[41]  Wolfgang Kröger,et al.  Critical infrastructures at risk: A need for a new conceptual approach and extended analytical tools , 2008, Reliab. Eng. Syst. Saf..

[42]  Igor Nikolic,et al.  Agent-Based Modelling of Socio-Technical Systems , 2012, Agent-Based Social Systems.

[43]  Min Ouyang,et al.  A methodological approach to analyze vulnerability of interdependent infrastructures , 2009, Simul. Model. Pract. Theory.

[44]  Xia Hong,et al.  Adaptive Modelling, Estimation and Fusion from Data: A Neurofuzzy Approach , 2002, Advanced information processing.

[45]  Hafiz Abdur Rahman,et al.  Identification of sources of failures and their propagation in critical infrastructures from 12 years of public failure reports , 2009, Int. J. Crit. Infrastructures.

[46]  Robert E. Johnson,et al.  Survey of SCADA security challenges and potential attack vectors , 2010, 2010 International Conference for Internet Technology and Secured Transactions.

[47]  Wolfgang Kröger,et al.  Reliability Analysis of Electric Power Systems Using an Object-oriented Hybrid Modeling Approach , 2012, ArXiv.

[48]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[49]  S. Sultana,et al.  Modeling infrastructure interdependency among floodplain infrastructures with extended Petri-Net , 2007 .

[50]  Vincenzo Fioriti,et al.  On Modeling and Measuring Inter-dependencies among Critical Infrastructures , 2010, 2010 Complexity in Engineering.

[51]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[52]  Jordan McAfee,et al.  Hong Kong, 2008 , 2008 .

[53]  Roberta Terruggia,et al.  Unavailability of critical SCADA communication links interconnecting a power grid and a Telco network , 2010, Reliab. Eng. Syst. Saf..

[54]  Yao Wang,et al.  A simplified CREAM prospective quantification process and its application , 2008, Reliab. Eng. Syst. Saf..

[55]  Harry Eugene Stanley,et al.  Catastrophic cascade of failures in interdependent networks , 2009, Nature.

[56]  Maarten van Steen,et al.  Graph Theory and Complex Networks: An Introduction , 2010 .

[57]  Enrico Zio,et al.  The role of network theory and object-oriented modeling within a framework for the vulnerability analysis of critical infrastructures , 2009, Reliab. Eng. Syst. Saf..

[58]  Irene Eusgeld,et al.  Adopting HLA standard for interdependency study , 2011, Reliab. Eng. Syst. Saf..