Successful Cyber-attack Research Articles

State‐of‐the‐art of cybersecurity in the power system: Simulation, detection, mitigation, and research gaps

AbstractIn a power system, the communication link can be compromised by intruders who can launch cyberattacks by capturing data packets, sending falsified packets, or stopping data packets from reaching their destination. Moreover, intruders can compromise control devices using supply chain attacks, firmware patching attacks, and insider attackers. Numerous cyberattacks have been reported previously, and cyberattacks are becoming more frequent since attackers are aware of their socioeconomic impacts. Extensive research has been conducted on developing platforms to simulate cyberattacks, studying different types of cyberattacks, investigating the adverse effects of a successful cyberattack on different components of the power system, designing ways to detect anomalies in the power system using electrical measurements, and proposing ways to mitigate the adverse effects of the detected cyberattack. This paper presents a review of state‐of‐the‐art of cybersecurity in the power system, reviewing available simulation tools for studying the cybersecurity of the power system, classifying components of the power system vulnerable to cyberattacks, and summarizing the adverse effects of a successful cyberattack on each component in the power system. Furthermore, different types of cyberattacks and detection and mitigation methods are classified. Research gaps in the cybersecurity of the power system are also discussed.

RETRACTED ARTICLE: An intelligent dynamic cyber physical system threat detection system for ensuring secured communication in 6G autonomous vehicle networks

Smart cities have developed advanced technology that improves people’s lives. A collaboration of smart cities with autonomous vehicles shows the development towards a more advanced future. Cyber-physical system (CPS) are used blend the cyber and physical world, combined with electronic and mechanical systems, Autonomous vehicles (AVs) provide an ideal model of CPS. The integration of 6G technology with Autonomous Vehicles (AVs) marks a significant advancement in Intelligent Transportation Systems (ITS), offering enhanced self-sufficiency, intelligence, and effectiveness. Autonomous vehicles rely on a complex network of sensors, cameras, and software to operate. A cyber-attack could interfere with these systems, leading to accidents, injuries, or fatalities. Autonomous vehicles are often connected to broader transportation networks and infrastructure. A successful cyber-attack could disrupt not only individual vehicles but also public transportation systems, causing widespread chaos and economic damage. Autonomous vehicles communicate with other vehicles (V2V) and infrastructure (V2I) for safe and efficient operation. If these communication channels are compromised, it could lead to collisions, traffic jams, or other dangerous situations. So we present a novel approach to mitigating these security risks by leveraging pre-trained Convolutional Neural Network (CNN) models for dynamic cyber-attack detection within the cyber-physical systems (CPS) framework of AVs. The proposed Intelligent Intrusion Detection System (IIDS) employs a combination of advanced learning techniques, including Data Fusion, One-Class Support Vector Machine, Random Forest, and k-Nearest Neighbor, to improve detection accuracy. The study demonstrates that the EfficientNet model achieves superior performance with an accuracy of up to 99.97%, highlighting its potential to significantly enhance the security of AV networks. This research contributes to the development of intelligent cyber-security models that align with 6G standards, ultimately supporting the safe and efficient integration of AVs into smart cities.

DAR-LFC: A data-driven attack recovery mechanism for Load Frequency Control

In power systems, generation must be maintained in constant equilibrium with consumption. A key indicator for this balance is the frequency of the power grid. The load frequency control (LFC) system is responsible for maintaining the frequency close to its nominal value and the power deviation of tie-lines at their scheduled levels. However, the remote communication system of LFC exposes it to several cyber threats. A successful cyberattack against LFC attempts to affect the field measurements that are transferred though its remote control loop. In this work, a data-driven, attack recovery method is proposed against denial of service and false data injection attacks, called DAR-LFC. For this purpose, a deep neural network is developed that generates estimations of the area control error (ACE) signal. When a cyberattack against the LFC occurs, the proposed estimator can temporarily compute and replace the affected ACE, mitigating the effects of the cyberattacks. The effectiveness and the scalability of the DAR-LFC is verified on a single and a two area LFC simulations in MATLAB/Simulink.

Survey: An Overview of Lightweight RFID Authentication Protocols Suitable for the Maritime Internet of Things

The maritime sector employs the Internet of Things (IoT) to exploit many of its benefits to maintain a competitive advantage and keep up with the growing demands of the global economy. The maritime IoT (MIoT) not only inherits similar security threats as the general IoT, it also faces cyber threats that do not exist in the traditional IoT due to factors such as the support for long-distance communication and low-bandwidth connectivity. Therefore, the MIoT presents a significant concern for the sustainability and security of the maritime industry, as a successful cyber attack can be detrimental to national security and have a flow-on effect on the global economy. A common component of maritime IoT systems is Radio Frequency Identification (RFID) technology. It has been revealed in previous studies that current RFID authentication protocols are insecure against a number of attacks. This paper provides an overview of vulnerabilities relating to maritime RFID systems and systematically reviews lightweight RFID authentication protocols and their impacts if they were to be used in the maritime sector. Specifically, this paper investigates the capabilities of lightweight RFID authentication protocols that could be used in a maritime environment by evaluating those authentication protocols in terms of the encryption system, authentication method, and resistance to various wireless attacks.

A statistical approach for assessing cyber risk via ordered response models.

Proper evaluation of the risk associated to a cyber attack is a crucial aspect for many companies. There is an increasing need to plan for and implement effective ways to address cyber security, data security, and privacy protection. Estimating the risk of a successful cyber attack is an important issue, since this type of threat is proliferating and thus poses increasing danger to companies and the customers who use their services. While quantitative loss data are rarely available, it is possible to obtain a qualitative evaluation on an ordinal scale of severity of cyber attacks from experts of the sector. Hence, it is natural to apply order response models for the analysis of cyber risk. In particular, we rely on cumulative link models. We explain the experts' assessment of the severity of a cyber attack as a function of a set of explanatory variables describing the characteristics of the attack under consideration. A measure of diffusion of the effects of the attacks obtained via the use of a network structure is also incorporated into the set of explanatory variables of the model. Along with the description of the methodology, we present a detailed analysis of a real data set that includes information on serious cyber attacks occurred worldwide in the period2017-2018.

CYBERSECURITY STRATEGIES IN INDUSTRY 4.0

Cybersecurity is now the one of the highest important part of the Industry 4.0 and to all the design and manufacturing companies. This paper presents new cybersecurity strategies in Industry 4.0, where current vulnerabilities and exploitation processes, possible attack vectors, attack, compromise, and performance indicators should be considered. Also, cyber risk in product lifecycle management is a very important aspect. This revealed authentication issues, unsecured communications, default deployment issues, susceptibility to physical attacks. For example, a successful cyberattack could bring subtle changes to the control parameters of a robot or of a manufacturing process. This can further change the robot's operating mode in an almost undetectable way, but instead alters the efficiency and integrity of the final product. By monitoring these behaviours, cataloguing indicators, and inspecting potential risks, we can determine how an attacker gains access to the network and predict the intent they had. We need well-trained staff in any enterprise to drastically reduce the risk of cyberattacks. For this reason, appropriate measures must be taken to solve these problems, and one of these is cybersecurity education. It is necessary to implement appropriate policies and risk reduction plans in the product lifecycle management to prevent possible cyber-attacks.

Threats to information security of state corporations of the Russian Federation

Objectives. Structuring of publicly available information to identify the distinctive features inherent in state corporations of the Russian Federation and to describe the threats arising as a result of their continuous operation.Method. The following methods of scientific cognition are used: systematization, description, analysis, deduction. The characteristics of state corporations are formed on the basis of data obtained both from the regulatory framework and by means of analysis of modern research in the field. In the future, the systematization of knowledge about the threats of state corporations is carried out, the most common classifications are considered, the increasing activity of intruders regarding critical information infrastructure objects is noted, and possible consequences for the state corporation after a successful computer attack on them are noted.Result. In this paper, a study was conducted on a little–covered area in the scientific literature - the protection of Russian state corporations. A comprehensive analysis made it possible to characterize the object of research in detail, thereby specifying the significant aspects of its functioning. Next, the most significant threats of Russian state corporations were shown, the importance of ensuring information security was noted and 15 factor influences of a successful cyberattack were shown.Conclusions. The conducted research is of an overview nature. The materials presented in the paper can serve as a basis for further research in the direction, as well as the formation of principles of protection against the mentioned threats.

Trust Me, I’m a Liar

Cyberattacks will continue to thrive as long as their benefits exceed their cost. A successful cyberattack requires a vulnerability, but also and foremost the attacker’s willingness to exploit. Can we reduce this willingness, can we even the attack/defense asymmetry?

Cybersecurity Challenges in the Offshore Oil and Gas Industry: An Industrial Cyber-Physical Systems (ICPS) Perspective

There has been significant interest within the offshore oil and gas industry to utilise Industrial Internet of Things (IIoT) and Industrial Cyber-Physical Systems (ICPS) . There has also been a corresponding increase in cyberattacks targeted at oil and gas companies. Offshore oil production requires remote access to and control of large and complex hardware resources. This is achieved by integrating ICPS, Supervisory, Control and Data Acquisition (SCADA) systems, and IIoT technologies. A successful cyberattack against an oil and gas (O&G) offshore asset could have a major impact on the environment, marine ecosystem and safety of personnel. Any disruption to the world’s supply of O&G can also have an effect on oil prices and the global economy. We describe the cyberattack surface within the oil and gas industry, discussing emerging trends in the offshore sub-sector and provide a historical perspective of known cyberattacks. We also present a case study of a subsea control system architecture typically used in offshore O&G operations and highlight potential vulnerabilities affecting the components of the system. This study is the first to provide a detailed analysis of attack vectors in a subsea control system. The analysis provided can be used to understand key vulnerabilities in such systems and may be used to implement efficient mitigation methods.

Analysis of malicious operation of electric vehicle charging stations to disrupt stable operation of distribution grids

A rising number of electric vehicle (EV) charging stations is connected to control systems using information and communication technology for demand-side management purposes. In case of a successful cyber attack on this infrastructure, the attackers can send manipulated control signals to these assets and disturb power system operation. This paper analyzes the short-term impact of such malicious operation of charging stations and quantifies the impact on the stable operation of the distribution grid. Therefore, manipulation scenarios are defined and investigated in the CIGRE medium voltage benchmark grid with different penetration rates of charging stations using dynamic RMS time-domain simulations. The results show, that with a high EV charging station penetration rate and a high simultaneity local voltage band violations and subsequent plant protection triggering of manipulated charging stations and additional assets can be achieved by sending compromised active and reactive power setpoints. Though the impact of manipulated charging stations in a single medium voltage grid is not critical for the power system, the investigation highlights possible consequences of the malicious operation of EV charging stations.

HEAD Access Control Metamodel: Distinct Design, Advanced Features, and New Opportunities

Access control (AC) policies are a set of rules administering decisions in systems and they are increasingly used for implementing flexible and adaptive systems to control access in today’s internet services, networks, security systems, and others. The emergence of the current generation of networking environments, with digital transformation, such as the internet of things (IoT), fog computing, cloud computing, etc., with their different applications, bring out new trends, concepts, and challenges to integrate more advanced and intelligent systems in critical and heterogeneous structures. This fact, in addition to the COVID-19 pandemic, has prompted a greater need than ever for AC due to widespread telework and the need to access resources and data related to critical domains such as government, healthcare, industry, and others, and any successful cyber or physical attack can disrupt operations or even decline critical services to society. Moreover, various declarations have announced that the world of AC is changing fast, and the pandemic made AC feel more essential than in the past. To minimize security risks of any unauthorized access to physical and logical systems, before and during the pandemic, several AC approaches are proposed to find a common specification for security policy where AC is implemented in various dynamic and heterogeneous computing environments. Unfortunately, the proposed AC models and metamodels have limited features and are insufficient to meet the current access control requirements. In this context, we have developed a Hierarchical, Extensible, Advanced, and Dynamic (HEAD) AC metamodel with substantial features that is able to encompass the heterogeneity of AC models, overcome the existing limitations of the proposed AC metamodels, and follow the various technology progressions. In this paper, we explain the distinct design of the HEAD metamodel, starting from the metamodel development phase and reaching to the policy enforcement phase. We describe the remaining steps and how they can be employed to develop more advanced features in order to open new opportunities and answer the various challenges of technology progressions and the impact of the pandemic in the domain. As a result, we present a novel approach in five main phases: metamodel development, deriving models, generating policies, policy analysis and assessment, and policy enforcement. This approach can be employed to assist security experts and system administrators to design secure systems that comply with the organizational security policies that are related to access control.

Effectiveness of cybersecurity audit

The aim of this paper is to analyze the effectiveness of internal audit of cybersecurity. We developed a Cybersecurity Audit Index composed of three dimensions – planning, performing and reporting – to address this question. We hypothesize that cybersecurity audit effectiveness is positively related to cyber risk management maturity and negatively to the probability of a successful cyber attack. We tested our hypotheses in a survey with auditors and Chief Audit Executives from various countries and industries. We found that Cybersecurity Audit Index scores significantly vary, with a mean of 58 on a scale from 0 to 100. While the planning and performing phases are strongly and positively correlated, they are less strongly related to reporting about cyber risk management effectiveness to the Board of Directors. As predicted, the Cybersecurity Audit Index is positively associated with maturity, but contrary to expectations, it is not related to the probability of a successful cyber attack. This is the first paper that comprehensively measures the effectiveness of cybersecurity audit and its effects on cyber risk management.

Resilience Enhancing Mechanisms for Cyber-Manufacturing Systems against Cyber-Attacks

The advent of cyber-attacks against cyber-manufacturing systems (CMS) is recognized as one of the most prominent non-traditional risks that need to be addressed to facilitate widespread adoption of such a system. In current literature, the notion of resilience has been recognized as an effective way to deal with those threats. Resilience is the ability of CMS to perform its intended goals in the presence of a deliberate disruptions—cyber-attacks. A more resilient CMS would show reduced failure probability, less disastrous consequences, and a faster recovery from disruptions caused by cyber-attacks. The goal of the work presented in this paper is to identify resilience-increasing mechanisms and provide a framework for their classification.A resilience-increasing mechanism is defined as an action implemented in CMS, aimed to a) reduce the probability of a successful cyber-attack, b) reduce the time to detection of a cyber-attack, c) reduce the adverse effects of a successful cyber-attack, or d) reduce the time to recover from a cyber-attack. A non-exhaustive list of resilience-increasing mechanisms is provided that had been published on peer reviewed publication and applied to the specific context of cyber-manufacturing.

Detectability‐based controller design screening for processes under multiplicative cyberattacks

AbstractCyberattacks on process control systems (PCSs) may target communication links, compromising the data integrity. Cyberattack detection and mitigation are essential capabilities, as the consequences of a successful cyberattack on a PCS may be severe. While detectability may be viewed as a systems‐theoretic property, cyberattack detection in practice depends on the attack detection scheme used and the PCS design. This paper presents an approach for control parameter screening based on the detectability of sensor‐controller communication link multiplicative attacks. First, a residual set‐based condition for the undetectability of an attack is developed. A controller screening methodology aimed at identifying controller parameter choices that mask the detectability of an attack is presented. The proposed methodology can be used to incorporate the detectability of an attack as a criterion into conventional control design criteria (e.g., closed‐loop stability and economic considerations). Finally, the application of the controller screening methodology is demonstrated using two illustrative examples.

Approach To Ship’s It And Ot Systems Cybersecurity Improvement

Daily cyber-attacks on ships’ IT and OT systems are not a rare occurrence anymore. This has been taken into account in recent years and the IMO has issued directives and circulars with recommendations for increasing the cybersecurity of ship information systems as part of the overall ship security system. The effect of a successful cyber-attack of any kind, on elements of the ship’s IT and OT systems, can have a disastrous impact not only on the ship itself but also on the environment. While modern ships can be designed and all modern methods implemented to reduce and prevent the possibility of cyber-attacks onboard existing ships, it is not possible to achieve this security level and it is necessary to implement various solutions. At the same time, the ships’ crew is declining worldwide and most ships do not have IT officers or trained staff onboard to maintain the ship’s information systems. Because of that, the solutions that need to be put in place to increase the security of ship’s information systems must be easy to implement, use, and maintain. This article examines the need and some technical solutions that can be used to improve the cybersecurity of ship’s IT and OT systems in response to the existing cyber-attacks and threats in the global shipping and maritime industry.

Synchrophasor spoofing detection and remediation for wide-area damping control

Evolving cyber-attack threats put at risk automatic closed-loop systems to be incorporated in the smart grid. Wide-area control systems are particularly vulnerable to signal spoofing attacks due to sensor remoteness and dependence on satellite communication for time synchronization. A successful cyber-attack on a wide-area controller has the potential to reduce relative stability of the power system or worse, destabilize it. As such, detection algorithms must be deployed as defense against such attacks with the ability to autonomously correct for detected tampering or misoperation. The Spoof Catch and Restore Routine (SCR2), a combination of three real-time spoof detectors, each requiring limited information about the plant, is presented. Nonlinear simulations of a compromised wide-area control system deployed in the Western Interconnection show the effectiveness of SCR2 in detecting both delay-type and counterfeit-type spoofing attacks on wide-area sensors.

Determining a Return on Investment for Cybersecurity Technologies in Networked Critical Infrastructures

Much of modern life is dependent on networked critical infrastructure systems—many known to be susceptible to cyberattacks—such as the electrical grid, water purification, and transportation systems. The consequences of a successful cyberattack on these systems could be catastrophic. Appropriate levels and strategies for cybersecurity investment for networked critical infrastructures present a serious challenge that administering organizations, whether public or private, must overcome in order to provide resilient services. This challenge includes understanding the actual vulnerabilities of an organization's networked systems, as well as the cost of a successful cyberattack on those systems. On top of this, an organization's cybersecurity acquisition workforce must be able to discern reality from the marketing hype that is produced by cybersecurity sales forces. Many product offerings from industry promise to secure critical infrastructures, but there is no good method for determining which product (or combination of products) is most effective for a specific environment or scenario. This paper presents a return on cybersecurity investment (ROCI) model utilized, together with a previously-developed framework for evaluating cybersecurity technologies, by the resilient critical infrastructures through secure and efficient microgrids (ReCIst) capability. ReCIst uses this model to guide decision makers on how to best implement cybersecurity towards energy resiliency, from financial, security posture, and energy efficiency perspectives. Challenges and the current state of cyber investment modeling in this domain are presented along with technical details on ReCIst's ROCI model and future work.

Motivating Employees and Organizations to Adopt a Cybersecurity-Focused Culture

We explore the reality of cyber risk faced by organizations, along with the lack of preparedness that continues to become apparent with each successful cyber-attack. Sources project continued growth and evolution of cyber-attacks; they will become more frequent and more sophisticated. To prepare for and mitigate these risks, we propose creating a cybersecurity-focused culture throughout all organizations. The greatest vulnerability, the employees, can also become the greatest defense when properly trained and informed. We review numerous studies that provide outcomes focused on enhancing cybersecurity culture to provide a list of recommended activities for organizations looking to strengthen their cybersecurity posture.

Geo-Economics Chapter 7: Data—The Oil of the 21st Century

Chapter 7 of Geo-Economics: The Interplay between Geopolitics, Economics, and Investments focuses on globally connected economies, the economic damage caused by successful cyber attacks, and the potential impact of a large-scale cyber attack. Could a successful cyber attack cause a prolonged blackout of a major city or even trigger another financial crisis? If so, how bad would it be? These are the questions addressed in this chapter.

How Effective Is Cyber Security Assurance by Internal Auditors?

The aim of this paper is to analyze how effective internal audit of cybersecurity is. We developed a Cybersecurity Audit Index composed of three dimensions (planning, performing and reporting) to address this question. We hypothesize that CSA effectiveness is positively related to cyber risk management maturity and negatively to the probability of a successful cyber attack. We tested our hypotheses in a survey with auditors and Chief Audit Executives from various countries and industries. We found that CSA Index scores significantly vary, with a mean of 58 on a scale from 0 to 100. While planning and performing CSA are strongly and positively correlated, they are less strongly related to reporting about CS risk management effectiveness to the Board of Directors. In line with our hypothesis, the CSA Index is positively associated with CS risk maturity, but contrary to our hypothesis, it is not related to the probability of a cyber attack. This is the first paper that comprehensively measures the effectiveness of cybersecurity audit and its effects on CS risk management.