Critical Infrastructure Networks Research Articles

Optimal Monitoring Strategies for Critical Infrastructure Networks

Given a choice among multiple security monitoring solutions and multiple locations to deploy them,what strategy best protects the network? What metric is used to compare different securing strategies? What constraints make it harder/easier to secure critical infrastructure networks? This paper explores these questions and formalizes the network monitoring strategy problem for critical infrastructure networks. It also presents a deterministic polynomial time algorithm for discovering a near-optimal network monitoring strategy.

Multi-Agent Systems and Complex Networks: Review and Applications in Systems Engineering

Systems engineering is an ubiquitous discipline of Engineering overlapping industrial, chemical, mechanical, manufacturing, control, software, electrical, and civil engineering. It provides tools for dealing with the complexity and dynamics related to the optimisation of physical, natural, and virtual systems management. This paper presents a review of how multi-agent systems and complex networks theory are brought together to address systems engineering and management problems. The review also encompasses current and future research directions both for theoretical fundamentals and applications in the industry. This is made by considering trends such as mesoscale, multiscale, and multilayer networks along with the state-of-art analysis on network dynamics and intelligent networks. Critical and smart infrastructure, manufacturing processes, and supply chain networks are instances of research topics for which this literature review is highly relevant.

An adaptive ensemble classification framework for real-time data streams by distributed control systems

Smart Grids are critical infrastructure networks. They play a critical role in the survival of our postmodern economies, as all other areas depend on their availability. An interruption in their operation may have a direct impact on the availability of other services (e.g., health, transportation). The problem is particularly intense when no backup networks are available, or the required recovery time is beyond backup autonomy. The transition to a decentralized management and control system for these networks requires digital technologies, advanced interconnected system communications, and Internet access. These technologies expose critical infrastructure networks to external threats that require careful assessment of cyber-security risks and appropriate countermeasures. An important factor that enhances the range of threats is the heterogeneity of Smart Grids, which incorporate industrial control systems such as the SCADA, distributed control system, and programmable logic controllers to which security improvements may not have been made since they were installed. Υet, another serious problem arises from the fact that older technologies were designed at times when cyber-security was not part of their technical design specifications. At the same time, it should be seriously considered that many of the systems of these networks that can be cyber-attacked may not be easily disconnected, as this could potentially lead to generalized operational problems. In this scientific research, a sophisticated active security framework is proposed, which is based solely on advanced computational intelligence methods and concerns the digital security of critical infrastructure networks. Specifically, this research introduces a sophisticated adaptive ensemble classification framework for real-time data streams by distributed control systems. It is a “Kappa” architecture framework that is based on a two-step online ensemble learning model based on bagging and boosting methods. The aim is performance of real-time analysis and evaluation of data flows from Smart Grids, toward the effective identification of APT attacks.

Multi-criteria node criticality assessment framework for critical infrastructure networks

Spotting criticalities in Critical Infrastructure networks is a crucial task in order to implement effective protection strategies against exogenous or malicious events. Yet, most of the approaches in the literature focus on specific aspects (e.g., presence of hubs, minimum paths) and there is a need to identify tradeoffs among importance metrics that are typically clashing with each other. In this paper we propose an approach for the assessment of criticalities which combines multi-criteria decision making techniques and topological/dynamical centrality measures. In particular, we resort to the Sparse Analytic Hierarchy Process (SAHP) technique to calculate the relevance of the different metrics based on pairwise comparisons of the metrics by Subject Matter Experts (SMEs) and to merge the different metrics into a holistic indicator of node criticality/importance that takes into account all the metrics. With the aim to experimentally demonstrate the potential of the proposed approach, we consider a case study related to the Central London Tube Network. According to the experimental results, the proposed aggregated ranking exhibits negligible correlation with the single metrics being aggregated, thus suggesting that the proposed approach effectively combines the different metrics into a new perspective.

Social vulnerability and equity perspectives on interdependent infrastructure network component importance

Critical infrastructure networks are often described as (i) interdependent in nature for operability, (ii) vulnerable against multiple natural or human-made hazards, and (iii) vital for providing the essential needs and ensuring the functionality of societies. Developing a plan for infrastructure network resilience is enabled by the identification of the most critical components that have the largest impact on the performance interdependent networks, as well as on society in terms of serving its needs. In this work, we propose a component importance measure that is driven by the social aspects of resilience, which quantifies the impact of equitable restoration activities on components of interdependent infrastructure networks. To integrate the social expectations from various perspectives in the restoration scheduling of interdependent infrastructure networks, we combine this component importance measure with multiple social vulnerability measures that define different socio-economic characteristics in a society. Finally, we implement a multi-criteria decision analysis technique to determine the final importance ranking of the components and illustrate our approach with two critical infrastructure networks in Shelby County, TN. To our knowledge, our proposed methodology is the first to incorporate both social equity and social vulnerability concepts with the component importance measures of critical interdependent infrastructure network restoration scheduling.

A hierarchical colored Petri net–based cyberattacks response strategy making approach for critical infrastructures

Critical infrastructures are essential for national security, economy, and public safety. As an important part of security protection, response strategy making provides useful countermeasures to reduce the impacts of cyberattacks. However, there have been few researches in this domain that investigate the cyberattack propagation within a station and the incident spreading process in the critical infrastructure network simultaneously, let along analyzing the relationships between security strategy making for a station and scheduling strategy for the critical infrastructure network. To tackle this problem, a hierarchical colored Petri net–based cyberattacks response strategy making approach for critical infrastructures is presented. In this approach, the relationships among cyberattacks, security measures, devices, functions, and station capacity are analyzed and described in a hierarchical way, and the system loss is calculated with the input of abnormal station capacities. Then, based on the above model, the security strategy making for a station and the scheduling strategy making for the critical infrastructure network are investigated in depth. Finally, the effectiveness of the proposed approach is demonstrated on a simulated water supply system.

Emerging Cyber Security Threats in Organization

Background Cyber-security is a preventive preparation of protecting sensitive information, information systems, computers, servers, critical infrastructure, mobile devices, and computer networks from unauthorized access or hackers. Now a day digital technology takes the most significant role in growth effectiveness and efficiency in the organization. However, new technologies like mobile technologies (5G), IoT and cloud computing are Coming with new information security threats. Study design qualitative, survey, case study and an in-depth literature review were conducted. Employees still using the old software, they didn’t update the software (operating system), they use a permanent password, they are still using weak and default password (Wife name or her phone number) information security literacy and behavior end users or IT staff. They don’t have awareness about proactive cyber-attacks prevention policies and procedures. Because they have not took short and long term training on most serious cyber-attacks like ransom ware, social engineering, malware, DDoS, and phishing. This study aims to assess the most common and emerging cyber security threats. That the organizations are facing. The main objective of these investigations is to create awareness about the emerging and the most serious cyber-attacks occurring in the organization. The findings/results demonstrate that cyber security preparations and trained employees are very low; hackers becoming more sophisticated. Conclusion based the findings we conclude that cyber security protection using current method is not sufficient; employees have no idea about security threats due to lack of awareness and training.

The Smart Extension approach for securing industrial control systems

Industrial Control Devices are one of the major targets for hackers due to their exposure to threats. The principle of "air gaps" (disconnecting the Industrial Control Network from the operational networks) is not anymore feasible in a connected world. In this paper, a host anomaly detection system for Critical Infrastructures networks is presented. The device, called Smart Extension, also implements a filtering strategy in order to secure a single host reacting to cyber threats. Therefore, it is positioned in the network between PLC (Programmable Logic Controller) and the SCADA (Supervisory Control and Data Acquisition) control centre, more precisely just in front of the PLC. Finally, experimental results are shown in order to explain the internal working procedures in a possible case study.

Quantitative modeling in disaster management: A literature review

The number, magnitude, complexity, and impact of natural disasters have been steadily increasing in various parts of the world. When preparing for, responding to, and recovering from a disaster, multiple organizations make decisions and take actions considering the needs, available resources, and priorities of the affected communities, emergency supply chains, and infrastructures. Most of the prior research focuses on decision-making for independent systems (e.g., single critical infrastructure networks or distinct relief resources). An emerging research area extends the focus to interdependent systems (i.e., multiple dependent networks or resources). In this article, we survey the literature on modeling approaches for disaster management problems on independent systems, discuss some recent work on problems involving demand, resource, and/or network interdependencies, and offer future research directions to add to this growing research area.

Measures of robustness for networked critical infrastructure: An empirical comparison on four electrical grids

Evaluating the robustness of critical infrastructure is important for good decisions and for communicating progress toward greater robustness. Nonetheless there is no widely accepted measure analogous to readily available measures of cost-efficiency; our aim here is to examine the usefulness of some candidate robustness measures. A number of possible choices can be computed based on different principles including network topology, entropy and direct estimation of cumulative maximum capacity loss, and measures based on the latter principles are suggested here. To judge their usefulness we introduce the required-capacity survival function and compute this function on representations of four electrical grids, together with a set of scalar robustness measures, conditional on publicly available information. We then evaluate the degree to which the scalar measures provide adequate summary indicators of the more comprehensive capacity-loss information revealed in the survival functions. The measures produce substantially different results, and we find in particular that topological measures correspond only weakly with cumulative capacity loss from destructive events.

A System-level Behavioral Detection Framework for Compromised CPS Devices

Cyber-Physical Systems (CPS) play a significant role in our critical infrastructure networks from power-distribution to utility networks. The emerging smart-grid concept is a compelling critical CPS infrastructure that relies on two-way communications between smart devices to increase efficiency, enhance reliability, and reduce costs. However, compromised devices in the smart grid poses several security challenges. Consequences of propagating fake data or stealing sensitive smart grid information via compromised devices are costly. Hence, early behavioral detection of compromised devices is critical for protecting the smart grid’s components and data. To address these concerns, in this article, we introduce a novel and configurable system-level framework to identify compromised smart grid devices. The framework combines system and function call tracing techniques with signal processing and statistical analysis to detect compromised devices based on their behavioral characteristics. We measure the efficacy of our framework with a realistic smart grid substation testbed that includes both resource-limited and resource-rich devices. In total, using our framework, we analyze six different types of compromised device scenarios with different resources and attack payloads. To the best of our knowledge, the proposed framework is the first in detecting compromised CPS smart grid devices with system and function-level call tracing techniques. The experimental results reveal an excellent rate for the detection of compromised devices. Specifically, performance metrics include accuracy values between 95% and 99% for the different attack scenarios. Finally, the performance analysis demonstrates that the use of the proposed framework has minimal overhead on the smart grid devices’ computing resources.

A resilience assessment framework for critical infrastructure networks' interdependencies.

Critical infrastructures (CIs) provide essential services to the society. As infrastructures are becoming more interdependent, there is an increasing need for better management of their interactions and interdependencies. Interdependencies among CI can cause cascading failures and, hence, amplify negative consequences due to these failures. This can also affect CIs' service restoration rate and consequently reduce their resilience in coping with these hazardous events. The common challenge currently faced by CI asset owners is the lack of robust resilience-informed business planning and management strategies in response to interdependent assets' failures due to low-probability/high-impact hazards. This is of particular importance as CI owners and managers are investing more on improving the resilience of their assets in response to extreme environmental hazards. This study has approached CI nexus from the interdependency management point of view. It has developed an integrated resilience assessment framework to identify and map interdependency-induced vulnerabilities in critical infrastructure networks. This framework can potentially support effective management of the interdependencies in CI networks. The findings have been reflected in mapping the connection between the changes in resilience due to interdependency-induced failures and the cost of intervention scenarios, providing means of exploring shared intervention strategies.

Distributed denial of service attack on targeted resources in a computer network for critical infrastructure: A differential e-epidemic model

Distributed denial of service (DDoS) attack on critical infrastructure networks has increased rapidly in recent past and therefore it is a matter of great concern that how to safeguard these targeted network resources. Our paper proposes a defense strategy by introducing quarantine compartment in the population of computer in a critical infrastructure network so that even in the case of attack the network should perform its operations successfully. This strategy if implemented properly may control propagation of malicious objects by reducing the rate of infection to a great extent. Therefore, the goal of this paper is to analyse that can quarantine help in reducing the damage of the critical infrastructure network by preventing the outbreak as epidemic? Our proposed differential model is analysed at infection free and endemic equilibrium points to find the conditions for their local and global stability. Numerical methods and simulation tools are employed to solve and simulate the system of ordinary differential equations developed.

Low-margin optical networking at cloud scale [Invited

Every day, customers across the globe connect to cloud service provider servers with requests for diverse types of data, requiring instantaneous response times and seamless availability. The physical infrastructure which underpins those services is based on optics and optical networks, with the focus of this paper being on Microsoft’s approach to the optical network. Maintaining a global optical networking infrastructure which meets these customer needs means Microsoft must utilize solutions which are highly tailored and optimized for the application space which they address, with appropriately streamlined solutions for metropolitan data center interconnect and long-haul portions of the network. This paper presents Microsoft’s approach for tackling these challenges at cloud scale, highlighting the low-margin solutions which are employed. We provide a survey of Microsoft’s regional network design and corresponding optical network architectures, and present volumes of real-time polled metrics from the thousands of lines systems and tens of thousands of transceivers deployed today. We close by describing our approach to a unified software-defined networking toolset which ultimately enables the velocity and scale with which we can grow and operate this critical network infrastructure.

Evaluating and Visualizing the Economic Impact of Commercial Districts Due to an Electric Power Network Disruption.

Critical infrastructure networks enable social behavior, economic productivity, and the way of life of communities. Disruptions to these cyber-physical-social networks highlight their importance. Recent disruptions caused by natural phenomena, including Hurricanes Harvey and Irma in 2017, have particularly demonstrated the importance of functioning electric power networks. Assessing the economic impact (EI) of electricity outages after a service disruption is a challenging task, particularly when interruption costs vary by the type of electric power use (e.g., residential, commercial, industrial). In contrast with most of the literature, this work proposes an approach to spatially evaluate EIs of disruptions to particular components of the electric power network, thus enabling resilience-based preparedness planning from economic and community perspectives. Our contribution is a mix-method approach that combines EI evaluation, component importance analysis, and GIS visualization for decision making. We integrate geographic information systems and an economic evaluation of sporadic electric power outages to provide a tool to assist with prioritizing restoration of power in commercial areas that have the largest impact. By making use of public data describing commercial market value, gross domestic product, and electric area distribution, this article proposes a method to evaluate the EI experienced by commercial districts. A geospatial visualization is presented to observe and compare the areas that are more vulnerable in terms of EI based on the areas covered by each distribution substation. Additionally, a heat map is developed to observe the behavior of disrupted substations to determine the important component exhibiting the highest EI. The proposed resilience analytics approach is applied to analyze outages of substations in the boroughs of New YorkCity.

REACT: reactive resilience for critical infrastructures using graph-coloring techniques

Nowadays society is more and more dependent on critical infrastructures. Critical network infrastructures (CNI) are communication networks whose disruption can create a severe impact. In this paper we propose REACT, a distributed framework for reactive network resilience, which allows networks to reconfigure themselves in the event of a security incidents so that the risk of further damage is mitigated. Our framework takes advantage of a risk model based on multilayer networks, as well as a graph-coloring problem conversion, to identify new, more resilient configurations for networks in the event of an attack. We propose two different solution approaches, and evaluate them from two different perspectives, with a number of centralized optimization techniques. Experiments show that our approaches outperform the reference approaches in terms of risk mitigation and performance.

Community resilience-driven restoration model for interdependent infrastructure networks

Critical interdependent infrastructure networks such as water distribution, natural gas pipeline, electricity power, communication and transportation systems provide the essential necessities for societies and their utilization is the backbone of everyday processes such as production, health, convenience and many more. Often cascading dysfunctionality or disruption in these critical infrastructure networks triggers chain reactions of blackouts or blockages through the system of highly interconnected infrastructure networks, and the disruption of surrounding societies. For the planning of restoration processes and resilience of these, social aspects and demographics should also be considered to assign and mitigate the possible social risks associated with these disruptions. In this work, we study the restoration planning of critical interdependent infrastructure networks after a possible disruptive event by mainly emphasizing on the vulnerability indices of interacting society. We integrate (i) a resilience-driven multi-objective mixed-integer programming formulation to schedule the restoration process of disrupted network components in each network with (ii) an index of social vulnerability that is geographically distributed. We present an illustrative example of the proposed integrated model that focuses on studying the community resilience in Shelby County, TN, United States.

Modeling interdependencies of critical infrastructures after hurricane Sandy

This paper evaluates the level of inoperability and the resilience of the critical infrastructure networks of the New York Metropolitan Area affected by Hurricane Sandy in October 2012. The region analyzed in the case study includes New York City and some New Jersey counties. The highly concentrated critical infrastructures of this area are vulnerable to the direct impact of catastrophic events, such as hurricanes, as well as to the disruptive cascading effects that are spread through the existing interdependencies. The inoperability Input-Output model, developed by Haimes and Jiang, is selected to numerically define the degree of interconnection among these systems and quantify the effect of an external perturbation on the network's functionality. Based on the model's results, a new indicator called the “inoperability ratio” is introduced to identify some initiatives that policymakers can implement during the restoration process. These actions reduce the inoperability ratio to prevent cascading effects and to speed up the recovery process.

Local floods induce large-scale abrupt failures of road networks

The adverse effect of climate change continues to expand, and the risks of flooding are increasing. Despite advances in network science and risk analysis, we lack a systematic mathematical framework for road network percolation under the disturbance of flooding. The difficulty is rooted in the unique three-dimensional nature of a flood, where altitude plays a critical role as the third dimension, and the current network-based framework is unsuitable for it. Here we develop a failure model to study the effect of floods on road networks; the result covers 90.6% of road closures and 94.1% of flooded streets resulting from Hurricane Harvey. We study the effects of floods on road networks in China and the United States, showing a discontinuous phase transition, indicating that a small local disturbance may lead to a large-scale systematic malfunction of the entire road network at a critical point. Our integrated approach opens avenues for understanding the resilience of critical infrastructure networks against floods.

Component importance measures for interdependent infrastructure network resilience

Critical infrastructure networks such as transportation, telecommunications, electric power, natural gas and oil, and water distribution rely on one another for their proper functionality. Hence, they are increasingly interdependent, making them highly vulnerable, where the occurrence of even a small disruption in one infrastructure network could propagate to affect other dependent infrastructure networks leading to a more significant adverse impact on society. Therefore, a key aspect of preparedness planning in infrastructure networks is identifying the critical network components that influence not only (i) the performance of their networks the most when disrupted and restored but also (ii) the performance of other networks due to their interdependent nature. This work offers a means to study the importance of interdependent network components with a resilience-focused performance measure in mind. We propose two component importance measures, (i) the first of which quantifies the effect of disrupted components on the resilience of the interdependent infrastructure networks once they are recovered, while (ii) the second measures the potential impact on the resilience of the interdependent infrastructure networks caused by a specific disrupted network element. The proposed measures are illustrated through generated interdependent power-water networks and compared with two other common network centrality measures. The use of such measures could identify components that are candidates for the allocation of resources to reduce their vulnerability or to expedite their recovery.