Protection Against Cyber-Attacks: Introducing Resilience for SCADA Networks
Dr. Antonios Gouglidis [email protected]
Symposium on Innovative Smart Grid Cybersecurity Solutions Vienna, Austria, 13th-14th March, 2017
Outline
13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions 2
• Cyber-Attacks on Critical Infrastructures
• Resilience Strategy
• Resilience for SCADA networks
o Resilience Policies & Resilience Architecture
• Results & Questions
Cyber-attacks on Critical Infrastructures
3 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions
Cyber-threats & actors to CI
Cyber-threat
Unauthorised access
Loss of security
Loss of safety
4 Symposium on Innovative Smart Grid Cybersecurity Solutions 13th – 14th March, 2017
Threat actors
Script kiddies, hackers …
Major firms / organisations …
Cyber warfare
Likelihood vs. consequence*
15.11.2016 2nd HyRiM End User Workshop, Barcelona 5
* E. Knapp, J.T. Langill, 'Industrial Network Security', 2nd Edition
Resilience Strategy
7 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions
Resilience and ways of achieving it…
* J. Sterbenz, D. Hutchison, et al. ‘Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines.’ Computer Networks 54.8 (2010): 1245-1265.
• ‘… the ability of a network/system to defend against and maintain an acceptable level of service in the presence of challenges.’ *
• D2R2+DR – Real-time control (internal) loop – Background (external) loop
Resilience strategy
8 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions
Common network architecture
9 Symposium on Innovative Smart Grid Cybersecurity Solutions 13th – 14th March, 2017
Viewpoints for critical infrastructures
10 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions
Resilience in Access Control Policies
11 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions
Resilience policies
12 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions
Resilience in access control is the ability of a system not to restrict, but to enable access
Resilience policies – tool chain
13 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions
Access
control policy tool (ACPT)
Model in NuSMV
+
Resilience specifications
NuSMV model checker
Detected resilience violations
Resilience Architecture for CI
14 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions
Anomaly detection framework
15 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions
Resilience architecture
WP3
– D
eliv
erab
le 3
.4
7 Symposium on Innovative Smart Grid Cybersecurity Solutions 13th – 14th March, 2017
Results and Discussion
17 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions
Evaluation of SCADA attacks
• Dataset: ‘Morris, T., Thornton, Z., Turnipseed, I., Industrial Control System Simulation and Data Logging for Intrusion Detection System Research. 7th Annual Southeastern Cyber Security Summit. Huntsvile, AL. June 3 - 4, 2015.’
• Gas pipeline log, captured in a laboratory environment, including: – Normal operation – Cyber-attacks
• Reconnaissance • Denial-of-Service • Command injection
18 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions
Comparison of techniques
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
K-Means Naive bayesian Principal Componet
Analysis
Gaussian Mixture Model
Data density
Precision Accuracy19 13th – 14th March, 2017 Symposium on Innovative Smart Grid Cybersecurity Solutions
Questions?
Protection Against Cyber-Attacks: Introducing Resilience for SCADA Networks
Dr. Antonios Gouglidis [email protected]
Symposium on Innovative Smart Grid Cybersecurity Solutions Vienna, Austria, 13th-14th March, 2017