This book constitutes the refereed proceedings of the 16th International Conference on Critical Information Infrastructures Security, CRITIS 2021, which took place in Lausanne, Switzerland, during September 27-29, 2021.The 12 full papers included in this volume were carefully reviewed and selected from 42 submissions. They were organized in topical sections as follows: protection of cyber-physical systems and industrial control systems (ICS); C(I)IP organization, (strategic) management and legal aspects; human factor, security awareness and crisis management for C(I)IP and critical services; and future, TechWatch and forecast for C(I)IP and critical services.
Author(s): Dimitri Percia David (editor), Alain Mermoud (editor), Thomas Maillart (editor)
Publisher: Springer
Year: 2021
Language: English
Pages: 248
Preface
Organization
Contents
Protection of Cyber-Physical Systems and Industrial Control Systems (ICS)
Bank of Models: Sensor Attack Detection and Isolation in Industrial Control Systems
1 Introduction
2 System and Threat Model
2.1 System Dynamics
2.2 Threat Model
3 Attack Detection and Isolation
3.1 Attack Detection Framework
3.2 Attack Isolation
4 Evaluation
4.1 Experimentation Setup
4.2 Attack Detection
4.3 Attack Isolation
4.4 Reduction in False Alarm Rate via Ensemble
5 Discussion
6 Related Work
7 Conclusions and Future Work
References
Super Detector: An Ensemble Approach for Anomaly Detection in Industrial Control Systems
1 Introduction
2 Related Work
3 SWaT: The Secure Water Treatment Plant
3.1 Architecture
3.2 Existing Anomaly Detectors
3.3 Cyber Exercise
3.4 Dataset
4 Learning Algorithms Used in the Approach
4.1 Random Forest
4.2 Gaussian Naïve Bayes
4.3 Bagging with k-nearest Neighbors
4.4 Stacking Classifier
5 Methodology
5.1 Data Pre-processing
5.2 Training
6 Results and Analysis
6.1 Analysis
7 Conclusion
References
Optimal Man-In-The-Middle Stealth Attack
1 Introduction
1.1 Related Works
1.2 Contribution and Paper Outline
1.3 Preliminaries: Notation and Definitions
2 Optimization Formulation
3 Local Optimality and Attack Strategy
3.1 Necessary Local Optimality Condition
3.2 Sufficient Local Optimality Conditions
3.3 Attack Strategy
4 Example
5 Conclusions
References
GNSS Positioning Security: Automatic Anomaly Detection on Reference Stations
1 Introduction
2 Background Theory on GNSS
2.1 Technology Basics
2.2 Vulnerabilities
2.3 Attacks Incentives
3 Related Work
4 Data and Methodology
4.1 Data
4.2 Indicator Selection
4.3 Anomaly Detection Scheme
5 Results
5.1 Proof of Effectiveness
5.2 Detected Anomalies
6 Limitations and Perspectives
7 Conclusions
References
C(I)IP Organisation, (Strategic) Management and Legal Aspects
Model-Based Risk Analysis Approach for Network Vulnerability and Security of the Critical Railway Infrastructure
1 Introduction
2 Related Work
3 System Architecture
3.1 Modeling Approach
3.2 Modeling Environment
3.3 Modeling Railway Infrastructure and Communications
3.4 Component Attack Tree
3.5 System Attack Graph
3.6 Algorithms for Vulnerability Propagation
3.7 Tree Visualization and Algorithms
3.8 Risk Profile
3.9 Cyber Gaming for Risk Management
4 Case Study from a Railway Cyber Network
4.1 Railway System Model
4.2 Modeling the System
4.3 Risk Dependencies
4.4 Risk Management Plan
5 Conclusion and Future Work
References
A Survey on Applications of Formal Methods in Analysis of SCADA Systems
1 Introduction
2 Background
2.1 SCADA Systems
2.2 Formal Methods
3 Methodology
4 Applying Formal Methods to SCADA
4.1 Formal Analysis of Protocols Used in SCADA Systems
4.2 The Modbus Protocol
4.3 The OPC-UA Protocol
4.4 The DNP3 Protocol
4.5 The IEC 61850 Protocol
4.6 The PROFINET Protocol
4.7 Fieldbus Protocols
4.8 Formal Methods in Attack Detection
4.9 Formal Methods Applied on SCADA Architecture
5 Discussion
6 Related Work
7 Conclusion
References
The Cost of Incidents in Essential Services—Data from Swedish NIS Reporting
1 Introduction
2 Related Work
3 Method
4 Results
4.1 Costs Entailed by Incidents
4.2 Funding of Costs Entailed by Incidents
4.3 Causes of Incidents
5 Discussion
5.1 Characteristics of Operators Incurring High Cost
5.2 Cyber Insurance
5.3 Validity and Reliability
5.4 Generalization to Other Countries
5.5 Usefulness of Data from NIS Reporting
6 Conclusions
References
Human Factor, Security Awareness and Crisis Management for C(I)IP and Critical Services
Impact Analysis of PLC Performance When Applying Cyber Security Solutions Using Active Information Gathering
1 Introduction
2 Background
3 Related Works
3.1 Security Solutions for PLC
3.2 Impact Analysis of Security Solutions in ICS
4 Experimental Design
4.1 Metrics for PLC Performance
4.2 Experimental System Architecture
4.3 Communication Load Scenarios
4.4 Load Generator Implementation
5 Experiment, Results, and Discussion
5.1 Impact Analysis Results
5.2 Discussion
6 Performance Impact Analysis Procedure
6.1 Candidate KPIs for PLC
6.2 Proposed Procedure
7 Conclusion
References
Multi-categorical Risk Assessment for Urban Critical Infrastructures
1 Introduction
2 Related Work
3 Impact Assessment
4 Local Risk Assessment
4.1 One-Dimensional Likelihood Assessment
4.2 Multi-dimensional Likelihood Assessment
5 Global Risk Assessment
6 Example
7 Discussion and Conclusion
References
Use-Case Informed Task Analysis for Secure and Usable Design Solutions in Rail
1 Introduction
2 Related Work
2.1 Task Analysis Processes and Tools
2.2 Evaluating Performance and Potential Human Error
2.3 Usable Security and Requirements Engineering
3 Approach
3.1 Personas for Task Elicitation
3.2 Use-Case Specifications Informed Task Analysis
3.3 Cognitive Task Analysis
3.4 Hierarchical Task Analysis
3.5 Risk Analysis
3.6 Implementation in CAIRIS
4 Preliminary Evaluation: Identifying Tasks for Human Error Potential
4.1 Personas for Task Elicitation
4.2 Use Case Specifications Informed Task Analysis
4.3 Cognitive Task Analysis
4.4 Hierarchical Task Analysis
4.5 Risk Analysis
5 Discussion
6 Conclusion
References
Studying Neutrality in Cyber-Space: a Comparative Geographical Analysis of Honeypot Responses
1 Introduction
2 Background and Related Work
3 Dynamics of Neutrality in Cyber-Space
4 Switzerland and Cyber-Sovereignty: A Brief Review
4.1 the Swiss Notion of Neutrality
4.2 The National Strategy for the Protection of Switzerland Against Cyber-Risks
4.3 Early Public Debate on Cyber-Sovereignty in Switzerland
5 Design of a Cyber-Neutrality Experiment
5.1 Honeynet
5.2 Deployment
5.3 Comparative Traffic Analysis
6 Results
7 Discussion
7.1 Limitations
7.2 Future Work
8 Conclusion
References
Future, TechWatch & Forecast for C(I)IP and Critical Services
Tableau: Future-Proof Zoning for OT Networks
1 Introduction
2 Current OT Networks
3 Challenges to OT Networks
4 Mondrian Network Zoning
4.1 Mondrian Overview
4.2 Mondrian in Detail
5 A Flat Zoning Architecture for OT Networks
5.1 A Tableau Production Plant
5.2 Inter-domain Zone Bridging
5.3 Decoupling TP from Logical Zone Connectivity
5.4 Backwards Compatibility
6 Security Aspects
7 Related Work
8 Conclusion
References
Link Prediction for Cybersecurity Companies and Technologies: Towards a Survivability Score
1 Introduction
2 Related Work
3 Data and Methods
3.1 Data
3.2 Methods
4 Preliminary Results
5 Further Steps
6 Conclusion
References
Author Index
