protection against cyber-attacks: introducing resilience ......* e. knapp, j.t. langill,...

Protection Against Cyber-Attacks: Introducing Resilience for SCADA Networks

Dr. Antonios Gouglidis [email protected]

Symposium on Innovative Smart Grid Cybersecurity Solutions Vienna, Austria, 13th-14th March, 2017

Outline

13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions 2

• Cyber-Attacks on Critical Infrastructures

• Resilience Strategy

• Resilience for SCADA networks

o Resilience Policies & Resilience Architecture

• Results & Questions

Cyber-attacks on Critical Infrastructures

3 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions

Cyber-threats & actors to CI

Cyber-threat

Unauthorised access

Loss of security

Loss of safety

4 Symposium on Innovative Smart Grid Cybersecurity Solutions 13th – 14th March, 2017

Threat actors

Script kiddies, hackers …

Major firms / organisations …

Cyber warfare

Likelihood vs. consequence*

15.11.2016 2nd HyRiM End User Workshop, Barcelona 5

* E. Knapp, J.T. Langill, 'Industrial Network Security', 2nd Edition

Attack vectors


Resilience Strategy


Resilience and ways of achieving it…

* J. Sterbenz, D. Hutchison, et al. ‘Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines.’ Computer Networks 54.8 (2010): 1245-1265.

• ‘… the ability of a network/system to defend against and maintain an acceptable level of service in the presence of challenges.’ *

• D2R2+DR – Real-time control (internal) loop – Background (external) loop

Resilience strategy


Common network architecture


Viewpoints for critical infrastructures


Resilience in Access Control Policies


Resilience policies


Resilience in access control is the ability of a system not to restrict, but to enable access

Resilience policies – tool chain


Access

control policy tool (ACPT)

Model in NuSMV

+

Resilience specifications

NuSMV model checker

Detected resilience violations

Resilience Architecture for CI


Anomaly detection framework


Resilience architecture

WP3

– D

eliv

erab

le 3

.4


Results and Discussion


Evaluation of SCADA attacks

• Dataset: ‘Morris, T., Thornton, Z., Turnipseed, I., Industrial Control System Simulation and Data Logging for Intrusion Detection System Research. 7th Annual Southeastern Cyber Security Summit. Huntsvile, AL. June 3 - 4, 2015.’

• Gas pipeline log, captured in a laboratory environment, including: – Normal operation – Cyber-attacks

• Reconnaissance • Denial-of-Service • Command injection


Comparison of techniques

0

0,1

0,2

0,3

0,4

0,5

0,6

0,7

0,8

0,9

1

K-Means Naive bayesian Principal Componet

Analysis

Gaussian Mixture Model

Data density

Precision Accuracy19 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions

Questions?

Protection Against Cyber-Attacks: Introducing Resilience for SCADA Networks

Dr. Antonios Gouglidis [email protected]

Symposium on Innovative Smart Grid Cybersecurity Solutions Vienna, Austria, 13th-14th March, 2017

protection against cyber-attacks: introducing resilience ......* e. knapp, j.t. langill,...

Documents