Critical Infrastructure Operators Research Articles

Leveraging Swarm Intelligence for Invariant Rule Generation and Anomaly Detection in Industrial Control Systems

Industrial control systems (ICSs), which are fundamental to the operation of critical infrastructure, face increasingly sophisticated security threats due to the integration of information and operational technologies. Conventional anomaly detection techniques often lack the ability to provide clear explanations for their detection, and their inherent complexity can impede practical implementation in the resource-constrained environments typical of ICSs. To address these challenges, this paper proposes a novel approach that leverages swarm intelligence algorithms for the extraction of numerical association rules, specifically designed for anomaly detection in ICS. The proposed approach is designed to effectively identify and precisely localize anomalies by analyzing the states of sensors and actuators. Experimental validation using the Secure Water Treatment (SWaT) dataset demonstrates that the proposed approach can detect over 84% of attack instances, with precise anomaly localization achievable by examining as few as two to six sensor or actuator states. This significantly improves the efficiency and accuracy of anomaly detection. Furthermore, since the method is based on the general control dynamics of ICSs, it demonstrates robust generalization, making it applicable across a wide range of industrial control systems.

Application of SHAP and Multi-Agent Approach for Short-Term Forecast of Power Consumption of Gas Industry Enterprises

Currently, machine learning methods are widely applied in the power industry to solve various tasks, including short-term power consumption forecasting. However, the lack of interpretability of machine learning methods can lead to their incorrect use, potentially resulting in electrical system instability or equipment failures. This article addresses the task of short-term power consumption forecasting, one of the tasks of enhancing the energy efficiency of gas industry enterprises. In order to reduce the risks of making incorrect decisions based on the results of short-term power consumption forecasts made by machine learning methods, the SHapley Additive exPlanations method was proposed. Additionally, the application of a multi-agent approach for the decomposition of production processes using self-generation agents, energy storage agents, and consumption agents was demonstrated. It can enable the safe operation of critical infrastructure, for instance, adjusting the operation modes of self-generation units and energy-storage systems, optimizing the power consumption schedule, and reducing electricity and power costs. A comparative analysis of various algorithms for constructing decision tree ensembles was conducted to forecast power consumption by gas industry enterprises with different numbers of categorical features. The experiments demonstrated that using the developed method and production process factors reduced the MAE from 105.00 kWh (MAPE of 16.81%), obtained through expert forecasting, to 15.52 kWh (3.44%). Examples were provided of how the use of SHapley Additive exPlanation can increase the safety of the electrical system management of gas industry enterprises by improving experts’ confidence in the results of the information system.

Principles of Construction System for Monitoring the Psychoemotional State and Health of Critical Infrastructure Operators

Principles of Construction System for Monitoring the Psychoemotional State and Health of Critical Infrastructure Operators

Predictive modeling of combined cycle power plant performance using a digital twin-based neural ODE approach

This study presents a novel digital twin-based predictive modeling approach to enhance the operation, maintenance, and management of combined cycle power plants. The research aimed to accurately forecast the combined cycle power (CCP) output, a critical performance indicator, to support intelligent decision-making for plant operators and engineers. The proposed framework leverages a neural ordinary differential equation (NODE) model integrated within a digital twin architecture to capture the complex, nonlinear dynamics of combined cycle gas turbine unit (CCGU) system. The predictive model was trained and validated using multivariate time-series data collected from a CCGU, achieving high accuracy with an R2_score of 0.993, a mean absolute percentage error of 0.325 %, and a root mean squared error of 1.518. Importantly, the NODE model demonstrated superior forecasting capabilities compared to traditional machine learning techniques. The digital twin (DT) concept enables seamless real-time data integration, physics-based models, and advanced data analytics to facilitate comprehensive CCGU lifecycle management. This novel approach provides operators with reliable, real-time insights to optimize plant performance, reduce maintenance costs, and improve overall sustainability. The generalization of the NODE model to an independent CCGU unit validated its applicability across diverse power plant configurations, highlighting the originality and practical value of the research. The key contribution of this work is the development of a digital twin-based predictive modeling framework centered on the innovative use of neural ordinary differential equations to enhance the operation and maintenance of critical energy infrastructure. This research advances the state-of-the-art in intelligent asset management for the built environment.

The Importance of Cybersecurity Governance Model in Operational Technology Environments

There is a common will to unify regulation in the Western world regarding overall security, including cybersecurity. European cyber security regulations aim to create a foundation and guidelines for international standards in various industries and the operation of critical infrastructure. Protected critical infrastructure is a common goal for Western allies. Allies of NATO and EU member states mainly support the anti-aggression policy in Europe. The unstable situation in the world forces states to find solutions that represent the thoughts of the allies. Defending common values is crucial when the purpose is to protect critical infrastructure and vital functions in societies. The research will demonstrate the industrial needs of IT/OT-related cybersecurity governance. The study analyzes EU-level cybersecurity requirements and how those requirements affect standardization regarding cybersecurity governance in the operational technology environment. There will be four primary governance levels: Political, Strategical, Operational and Tactical. Many criminal state-linked operators do not care about international agreements or contracts. Some rogue states have even taken to inciting violations of international agreements. We cannot trust the loose contracts between states anymore. The research will find the main challenges concerning the cybersecurity governance of the industrial organizations that use operational technology-related technology in their daily businesses. We have seen that Information and Operational Technology are based on something other than similar threats and risk basements. Operational Technology-related threats threaten the cyber-physical ecosystem where anomalies affect the physical world, so operational functions of equipment, devices, sensors, components, and production lines are interrupted. As a result, continuity management and supply chain management are compromised. The study's primary purpose is to describe the cybersecurity governance elements of the OT environment for enhancing situational awareness. Standardizing the cybersecurity level among industrial stakeholders requires EU member states to have a national cybersecurity strategy that follows main EU-level guidelines. Despite the EU member states' implementation level of the regulation, the EU-level cybersecurity requirements obligate companies to take steps to solve future cybersecurity challenges.

Impact of Cyber Security Operations on Hardware Requirements for Stable and Workable Industrial Environments

Securing electricity distribution is one of the most important principles of the EU cyber security strategy. For example, European cyber security regulations, such as NIS2 (Network and Information Security Directive), CER (Critical Entities Resilience Directive), and Cyber Resilience Act (CRA) together aim to create a foundation and guidelines for international standards in various industries and the operation of critical infrastructure. Securing critical infrastructure is a common goal for Western operators. The new European Union (EU) directives bring new requirements to critical infrastructure administrators, device manufacturers and operators. Previously, member states have had responsibility for compliance with the directives, but they have been given freedom in the method by which they approach the requirements. Currently, member states' solutions are not always uniform, which has led to increased difficulties in coordination on a multi-national level. This, in turn, may lead to difficulties in coordination when responding to cybersecurity threats and attacks on critical infrastructure. The new regulation focuses on unifying the reporting between member states, reporting requirements of severe critical infrastructure events, and creating cybersecurity risk management procedures. In this study, we will provide a novel solution on how critical infrastructure administrators, device manufacturers, and operators may respond and become compliant with the new EU directives. To reach compliance and to enable the responsibilities that are required by the directive, the critical infrastructure devices and environment must have the capability to enable the responsible parties to identify, protect, detect, respond, and report. This sequence of actions is cyclical in nature since the identification of threats and vulnerabilities requires reports, which in turn requires data and detection. Our study focuses on the hardware requirements this causes on the manufacturing specifications, such as data collection and detection capabilities. The research belongs to the CSG project, and the purpose is to develop a governance model to minimize Operational Technology related risks and create a new standardized operating environment for the seamless utilization of energy solutions and industrial environment. The results of the study will be used in the analysis of requirements definitions in the OT environment.

Cathodic protection mechanism of iron and steel in porous media

Cathodic protection was introduced two centuries ago and since has found widespread application in protecting structures such as pipelines, offshore installations, and bridges from corrosion. Despite its extensive use, the fundamental working mechanism of cathodic protection remains debated, particularly for metals in porous media such as soil. Here, we use in-situ and ex-situ characterisation techniques coupled with electrochemical measurements to characterise the spatio-temporal changes occurring at the steel-electrolyte interface. We show that upon cathodic protection, the interfacial electrolyte undergoes alkalinisation and deoxygenation, and that depending on polarisation conditions, an iron oxide film can simultaneously form on the steel surface. We further demonstrate that these changes in interfacial electrolyte chemistry and steel surface state result in altered anodic and cathodic reactions and their kinetics. We propose a mechanism of cathodic protection that integrates previous theories, based on both concentration and activation polarisation, complimentarily. We discuss the implications of this study in enhancing corrosion protection technologies and the safe, economical, and environmentally friendly operation of critical steel-based infrastructures.

A Novel Deep Federated Learning-Based Model to Enhance Privacy in Critical Infrastructure Systems

Deep learning (DL) can provide critical infrastructure operators with valuable insights and predictive capabilities to help them make more informed decisions, improving system's robustness. However, training DL models requires large amounts of data, which can be costly to store in a centralized manner. Storing large amounts of sensitive critical infrastructure data in the cloud can pose significant security risks. Federated learning (FL) allows several clients to share learning data and train ML models. Unlike centralized models, FL does not require the sharing of client data. A novel framework is presented to train a VGG16 based CNN global model without sharing the data and only updating the local models among clients using federated averaging. For experimentation, MNIST dataset is used. The framework achieves high accuracy and keep data private using FL in critical infrastructures. The benefits and challenges of FL along with security vulnerabilities and attacks have been discussed along with the defenses that can be used to mitigate these attacks.

Assessment of Security KPIs for 5G Network Slices for Special Groups of Subscribers

It is clear that 5G networks have already become integral to our present. However, a significant issue lies in the fact that current 5G communication systems are incapable of fully ensuring the required quality of service and the security of transmitted data, especially in government networks that operate in the context of the Internet of Things, hostilities, hybrid warfare, and cyberwarfare. The use of 5G extends to critical infrastructure operators and special users such as law enforcement, governments, and the military. Adapting modern cellular networks to meet the specific needs of these special users is not only feasible but also necessary. In doing so, these networks must meet additional stringent requirements for reliability, performance, and, most importantly, data security. This scientific paper is dedicated to addressing the challenges associated with ensuring cybersecurity in this context. To effectively improve or ensure a sufficient level of cybersecurity, it is essential to measure the primary indicators of the effectiveness of the security system. At the moment, there are no comprehensive lists of these key indicators that require priority monitoring. Therefore, this article first analyzed the existing similar indicators and presented a list of them, which will make it possible to continuously monitor the state of cybersecurity systems of 5G cellular networks with the aim of using them for groups of special users. Based on this list of cybersecurity KPIs, as a result, this article presents a model to identify and evaluate these indicators. To develop this model, we comprehensively analyzed potential groups of performance indicators, selected the most relevant ones, and introduced a mathematical framework for their quantitative assessment. Furthermore, as part of our research efforts, we proposed enhancements to the core of the 4G/5G network. These enhancements enable data collection and statistical analysis through specialized sensors and existing servers, contributing to improved cybersecurity within these networks. Thus, the approach proposed in the article opens up an opportunity for continuous monitoring and, accordingly, improving the performance indicators of cybersecurity systems, which in turn makes it possible to use them for the maintenance of critical infrastructure and other users whose service presents increased requirements for cybersecurity systems.

Predicting Cybersecurity Threats in Critical Infrastructure for Industry 4.0: A Proactive Approach Based on Attacker Motivations.

In Industry 4.0, manufacturing and critical systems require high levels of flexibility and resilience for dynamic outcomes. Industrial Control Systems (ICS), specifically Supervisory Control and Data Acquisition (SCADA) systems, are commonly used for operation and control of Critical Infrastructure (CI). However, due to the lack of security controls, standards, and proactive security measures in the design of these systems, they have security risks and vulnerabilities. Therefore, efficient and effective security solutions are needed to secure the conjunction between CI and I4.0 applications. This paper predicts potential cyberattacks and threats against CI systems by considering attacker motivations and using machine learning models. The approach presents a novel cybersecurity prediction technique that forecasts potential attack methods, depending on specific CI and attacker motivations. The proposed model's accuracy in terms of False Positive Rate (FPR) reached 66% with the trained and test datasets. This proactive approach predicts potential attack methods based on specific CI and attacker motivations, and doubling the trained data sets will improve the accuracy of the proposed model in the future.

Evaluation of an Interactive Simulation of Continuity Related to the Operations and Recovery of Critical Infrastructure Facilities

Maintaining the continuous operation of Critical Infrastructure (CI) facilities and restoring them after a disaster is an important task for the functioning of individual communities and even the country as a whole. For this reason, tools are being developed to assist staff responsible for the operation of CI facilities. One interesting example of this type of tool is interactive training simulations implemented in virtual reality. This type of simulation allows procedures to be practised in situations where the continuity of the CI facility is threatened, and the procedures to be followed after a CI facility failure. This paper presents the possibilities of interacting with the virtual environment during a training simulation. Preliminary results are also discussed. Concerning research into the usability of such a training tool, the acceptance of the technology used etc.

Threat Hunting Architecture Using a Machine Learning Approach for Critical Infrastructures Protection

The number and the diversity in nature of daily cyber-attacks have increased in the last few years, and trends show that both will grow exponentially in the near future. Critical Infrastructures (CI) operators are not excluded from these issues; therefore, CIs’ Security Departments must have their own group of IT specialists to prevent and respond to cyber-attacks. To introduce more challenges in the existing cyber security landscape, many attacks are unknown until they spawn, even a long time after their initial actions, posing increasing difficulties on their detection and remediation. To be reactive against those cyber-attacks, usually defined as zero-day attacks, organizations must have Threat Hunters at their security departments that must be aware of unusual behaviors and Modus Operandi. Threat Hunters must face vast amounts of data (mainly benign and repetitive, and following predictable patterns) in short periods to detect any anomaly, with the associated cognitive overwhelming. The application of Artificial Intelligence, specifically Machine Learning (ML) techniques, can remarkably impact the real-time analysis of those data. Not only that, but providing the specialists with useful visualizations can significantly increase the Threat Hunters’ understanding of the issues that they are facing. Both of these can help to discriminate between harmless data and malicious data, alleviating analysts from the above-mentioned overload and providing means to enhance their Cyber Situational Awareness (CSA). This work aims to design a system architecture that helps Threat Hunters, using a Machine Learning approach and applying state-of-the-art visualization techniques in order to protect Critical Infrastructures based on a distributed, scalable and online configurable framework of interconnected modular components.

The Impact of Edge Computing on the Industrial Internet of Things

The emergence of the Industrial Internet of Things (IIoT) has improved the management of industrial operations and processes. IIoT involves collecting and processing data from a vast array of sensors deployed across industrial complexes. This enables the measurement of the efficiency of industrial processes, monitoring the health of machinery, optimisation of operations, and response to real-time events. In its application, IIoT underpins the operation of critical infrastructure in sectors including manufacturing and utilities. Maintaining the availability and resilience of critical infrastructure against internal and external threats is essential to minimise disruptions that could have a debilitating effect on a nation’s economy. Although internal threats can lead to a critical infrastructure’s downtime, external threats through cyberattacks also pose a significant threat. Historical events have demonstrated that the successful disruption of critical infrastructure can lead to the loss of human life, the interruption of necessary economic activities and national security concerns. Therefore, the availability of resilient critical infrastructures is vital to the well-being of a country. In this context, the paper compares the deployment of traditional IIoT to that of edge computing for the storage and processing of data. Traditional IIoT relies on a centralised server for data storage and processing, which is insufficient as IIoT environments cannot tolerate delays in responding to real-time events. Conversely, edge computing allows for data processing at the edge, closer to the data source, which plays a crucial role in enabling IIoT devices to respond to real-time events by reducing decision-making latency. Moreover, the decentralised nature of edge computing reduces the reliance on a centralised server by only sending required data to the cloud for further processing. Although edge computing enhances IIoT deployments, a notable concern is a resultant increase in the attack surface of IIoT environments, which consequently restricts its implementation. Exploratory research is conducted to explore the integration of edge computing into IIoT environments with a focus on improving the management and operation of critical infrastructures. A review of the current literature is performed to identify and discuss security concerns prevalent in edge computing-enabled IIoT environments and proposed mitigation strategies.

Modelling language for cyber security incident handling for critical infrastructures

Cyber security incident handling is a consistent methodology with which to ensure overall business continuity. However, specifically handling incidents for critical information infrastructures is challenging owing to the inherent complexity and evolving nature of the threat. Despite the number of contributions made to cyber incident handling, there is little evidence of literature that focuses on modelling activities that will enhance developers’ abilities to model incident handling processes and activities according to different views. Modelling languages of this nature should integrate essential concepts and a descriptive implementation process in order to enable developers to analyse, represent and reason about the crucial incident handling efforts required to support critical information infrastructures. The aim of this paper is, as part of the CyberSANE EU project, to develop a Cyber Incident Handling Modelling Language (CIHML) that focuses explicitly on modelling incident handling in the context of a critical information infrastructure. The work is innovative in its approach because it consolidates concepts from various domains such as security requirements, forensics, threat intelligence, critical infrastructures and cyber incident handling. The approach will allow the phases of the incident handling lifecycle to be modelled from three different views (critical information infrastructures, threat and risk analysis, and incident response). An implementation process is also proposed, which will serve as a comprehensive guide for developers in order to create these modelling views. Finally, CIHML is evaluated using a real-life scenario from the CyberSANE project to demonstrate its applicability. The incident observed had a severe impact on the overall business continuity of the context studied. The results obtained from the study show that CIHML can help critical information infrastructure operators to identify, evaluate, represent and model cyber incidents in critical information systems, in addition to providing the support required to determine the response strategies needed in order to mitigate these cyber-attacks.

Problematika eksploatacije i održavanja vezana za zaštita kritične infrastrukture u domenu procesne industrije

Proper operation of Critical Infrastructure (CI) is by definition of high importance for a region, nation or even several countries connected in some way. The term and idea of Critical Infrastructure Protection (CIP) has to do with the preparedness and response to serious incidents that might influence the operation of CI. In Europe, the European Programme for Critical Infrastructure Protection (EPCIP) refers to the doctrine or specific programs created as a result of the European Commission’s directive EU COM(2006) 786 which designates European critical infrastructure that, in case of fault, incident, or attack, could impact both the country where it is hosted and at least one other European Member State. Member states are obliged to adopt the 2006 directive into their national statutes. [1]

УПРАВЛІННЯ МІЖНАРОДНОЮ ПОЛІТИКОЮ ЄС У СФЕРІ ЗАХИСТУ КРИТИЧНОЇ ІНФРАСТРУКТУРИ

The article defines the principles of management of the protection of critical infrastructure objects from the position of international policy of the EU countries. The main stages of development of EU cooperation in this area were studied. The possibility of implementing the EU experience in the management of the security of critical infrastructure in Ukraine has been justified. The structure of protection of critical infrastructure objects in the EU is analyzed. The place of the corporate sector in these issues is considered. The importance of insurance companies and medical centers in this sphere was underlined. Analysis of critical infrastructure protection programs helps to identify the principles, processes and tools that propose the implementation of security systems. Implementation of these projects will be completed in appropriate cases specific to the communications sector. The authors emphasize that nuclear safety should be the focus of the EU and each country’s governance bodies, so the EU Joint Research Center solves key scientific and technological challenges in nuclear safety. Based on the analysis of foreign experience, it is noted that the scientific and practical interest for use in Ukraine in the process of protection of critical infrastructure objects can be the activity of structures created for the purpose of monitoring and analysis of open information. On this basis, the ways of ensuring the security of the objects of the critical infrastructure of Ukraine have been defined. It is noted that international policy should be based on legislative acts, which are coordinated for coordination by a single center. It is concluded that Ukraine’s security policy is developing in the context of implementation of European standards of formation and operation of critical infrastructure.

Security of Information Systems and Infrastructure Against Emerging Cyber Threats

Abstract: The information technology revolution that has been occurring over the last three decades has subtly altered how commercial and government activities are conducted worldwide. We have seen the incredible development of the commercial Internet over the past twenty years, which laid the seed for a worldwide, linked digital network that has enabled everything from online banking and commerce to telemedicine and social networks accessible and commonplace. Without taking into account cyber newline security, modern nations all over the world have moved the control of crucial activities in industry, utilities, banking, transportation, and newline communication to networked computers. As a result, there was tremendous output with little expenditures. The move to networked systems is still on the rise. Today, information technology and the newline information infrastructure are absolutely necessary for both our economic and our security. Cyberspace, industrial control systems, and newline information technology are required for the security and efficient operation of India's critical infrastructure, which includes the nation's energy, banking and finance, transportation, communication, and newline base for the defence industry. These systems are susceptible to disruption or exploitation. Organized cyberattacks on our infrastructure may be launched from a newline distance thanks to the cyber newline space. This study was conducted to examine the current situation of developing cyberthreats and ensuing cyberattacks, as well as the efforts taken by different organisations to reduce risk and safeguard their newline information systems and information infrastructure.

Analysis and Evaluation of Business Continuity Measures Employed in Critical Infrastructure during the COVID-19 Pandemic

The purpose of the presented research was to determine the effectiveness and sufficiency of measures put in place to protect the business continuity of critical infrastructure (CI) and key services (KSs) during the COVID-19 pandemic. The wide variety of research conducted in the area of business continuity maintenance during the COVID-19 pandemic does not change the fact that there is still a research gap in this area, particularly in terms of issues related to CI and KS protection. A systematic review of scientific publications revealed the need for continued research into this topic given the fact that only 19 papers related to CI continuity and 8 directly to KS operators could be identified. Holistic and interdisciplinary research is particularly needed to organize and systematize the existing scientific knowledge on the subject, and in practical terms, help organizations and institutions to better prepare for future continuity disruptions. A survey conducted between March and May 2021 among entities operating in Poland and classified as critical infrastructure operators as well as key service operators, subcontractors, and suppliers crucial to maintaining the continuity of critical infrastructure operations revealed that entrepreneurs, surprised by the speed and aggressive nature of the pandemic, mainly resorted to protective measures that were immediately available, standard solutions that did not require excessive financial and organizational effort. But in the face of long-term pandemic threat, such measures may no longer be sufficient, so it is important to intensify research into those precautions that require readaptation of work organization and organizational processes to protect key workers, increase supply chain resilience, and protect the work process.

A Novel Model for Enhancing the Resilience of Smart MicroGrids’ Critical Infrastructures with Multi-Criteria Decision Techniques

Microgrids have the potential to provide reliable electricity to key components of a smart city’s critical infrastructure after a disaster, hence boosting the microgrid power system’s resilience. Policymakers and electrical grid operators are increasingly concerned about the appropriate configuration and location of microgrids to sustain post-disaster critical infrastructure operations in smart cities. In this context, this paper presents a novel method for the microgrid allocation problem that considers several technical and economic infrastructure factors such as critical infrastructure components, geospatial positioning of infrastructures, power requirements, and microgrid cost. In particular, the geographic allocation of a microgrid is presented as an optimization problem to optimize a weighted combination of the relative importance of nodes across all key infrastructures and the associated costs. Furthermore, the simulation results of the formulated optimization problem are compared with a modified version of the heuristic method based on the critical node identification of an interdependent infrastructure for positioning microgrids in terms of the resilience of multiple smart critical infrastructures. Numerical results using infrastructure in the city of Pittsburgh in the USA are given as a practical case study to illustrate the methodology and trade-offs. The proposed method provides an effective method for localizing renewable energy resources based on infrastructural requirements.

Implementation Aspects of Smart Grids Cyber-Security Cross-Layered Framework for Critical Infrastructure Operation

Communication networks in power systems are a major part of the smart grid paradigm. It enables and facilitates the automation of power grid operation as well as self-healing in contingencies. Such dependencies on communication networks, though, create a roam for cyber-threats. An adversary can launch an attack on the communication network, which in turn reflects on power grid operation. Attacks could be in the form of false data injection into system measurements, flooding the communication channels with unnecessary data, or intercepting messages. Using machine learning-based processing on data gathered from communication networks and the power grid is a promising solution for detecting cyber threats. In this paper, a co-simulation of cyber-security for cross-layer strategy is presented. The advantage of such a framework is the augmentation of valuable data that enhances the detection as well as identification of anomalies in the operation of the power grid. The framework is implemented on the IEEE 118-bus system. The system is constructed in Mininet to simulate a communication network and obtain data for analysis. A distributed three controller software-defined networking (SDN) framework is proposed that utilizes the Open Network Operating System (ONOS) cluster. According to the findings of our suggested architecture, it outperforms a single SDN controller framework by a factor of more than ten times the throughput. This provides for a higher flow of data throughout the network while decreasing congestion caused by a single controller’s processing restrictions. Furthermore, our CECD-AS approach outperforms state-of-the-art physics and machine learning-based techniques in terms of attack classification. The performance of the framework is investigated under various types of communication attacks.