Security And Privacy In Critical Infrastructure Cyber Physical Systems

Written by a team of experts at the forefront of the cyber-physical systems (CPS) revolution, this book provides an in-depth look at security and privacy, two of the most critical challenges facing both the CPS research and development community and ICT professionals. It explores, in depth, the key technical, social, and legal issues at stake, and it provides readers with the information they need to advance research and development in this exciting area. Cyber-physical systems (CPS) are engineered systems that are built from, and depend upon the seamless integration of computational algorithms and physical components. Advances in CPS will enable capability, adaptability, scalability, resiliency, safety, security, and usability far in excess of what today’s simple embedded systems can provide. Just as the Internet revolutionized the way we interact with information, CPS technology has already begun to transform the way people interact with engineered systems. In the years ahead, smart CPS will drive innovation and competition across industry sectors, from agriculture, energy, and transportation, to architecture, healthcare, and manufacturing. A priceless source of practical information and inspiration, Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications is certain to have a profound impact on ongoing R&D and education at the confluence of security, privacy, and CPS.

This book presents a comprehensive overview of security issues in Cyber Physical Systems (CPSs), by analyzing the issues and vulnerabilities in CPSs and examining state of the art security measures. Furthermore, this book proposes various defense strategies including intelligent attack and anomaly detection algorithms. Today’s technology is continually evolving towards interconnectivity among devices. This interconnectivity phenomenon is often referred to as Internet of Things (IoT). IoT technology is used to enhance the performance of systems in many applications. This integration of physical and cyber components within a system is associated with many benefits; these systems are often referred to as Cyber Physical Systems (CPSs). The CPSs and IoT technologies are used in many industries critical to our daily lives. CPSs have the potential to reduce costs, enhance mobility and independence of patients, and reach the body using minimally invasive techniques. Although this interconnectivity of devices can pave the road for immense advancement in technology and automation, the integration of network components into any system increases its vulnerability to cyber threats. Using internet networks to connect devices together creates access points for adversaries. Considering the critical applications of some of these devices, adversaries have the potential of exploiting sensitive data and interrupting the functionality of critical infrastructure. Practitioners working in system security, cyber security & security and privacy will find this book valuable as a reference. Researchers and scientists concentrating on computer systems, large-scale complex systems, and artificial intelligence will also find this book useful as a reference.

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well.

Cyber-physical systems (CPS) are engineered systems that are built from, and depend upon, the seamless integration of computational algorithms and physical components. CPS are characterized by a strong interconnection of various computing systems (and algorithms) that are used to control, monitor, and interact with physical processes, thus improving the overall capability, adaptability, scalability, resiliency, safety, security, and usability of the associated engineered system. CPS technology has also enabled several critical infrastruc-ture applications, such as smart grid and renewable energy systems, biomedical and health care, next-generation transportation, industrial automation, and defense systems. However, such Critical-Infrastructure CPS (CI-CPS) are extremely vulnerable to sophisticated cyber-attacks due to their interconnected nature. The consequences of malicious attacks may range from minor variation in performance to absolute inability to control the system, which may lead to catastrophic results for both the system operators and users. Ensuring security of system components, privacy of system or user data, and availability of services (provided by the system), are some of the most vital requirements of a CI-CPS. Previous works in the literature proposed many solutions to improve security, privacy and availability of CI-CPS. However, several critical open problems in these areas remain unaddressed. In this direction, the rst part of this dissertation addresses the problem of securing location discovery of wireless and mobile components (of a CI-CPS) by proposing a novel spread-spectrum-based approach to eliminate incorrect localization data injected by malicious location anchors. The second part of this dissertation presents a framework to increase the capacity (and consequently availability) of existing wireless networks, by utilizing a secondary cognitive radio network based approach. The third part and nal part of this dissertation presents a novel framework to enable privacy-preserving smart meter data reporting in a smart grid CI-CPS, with a minimal impact on data utility. The e ciency and e ectiveness of the proposed solutions are demonstrated by means of analytical evaluations and empirical results. The outcomes of this dissertation will further our current knowledge and understanding of the security, privacy and availability issues in this upcoming and nationally important area of CI-CPS.

This book constitutes the refereed proceedings of the First International Workshop on Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2020, which was organized in conjunction with the European Symposium on Research in Computer Security, ESORICS 2020, and held online on September 2020. The 14 full papers presented in this volume were carefully reviewed and selected from 24 submissions. They were organized in topical sections named: security threat intelligence; data anomaly detection: predict and prevent; computer vision and dataset for security; security management and governance; and impact propagation and power traffic analysis. The book contains 6 chapters which are available open access under a CC-BY license.

Modern critical infrastructures comprise of many interconnected cyber and physical assets, and as such are large scale cyber-physical systems. Hence, the conventional approach of securing these infrastructures by addressing cyber security and physical security separately is no longer effective. Rather more integrated approaches that address the security of cyber and physical assets at the same time are required. This book presents integrated (i.e. cyber and physical) security approaches and technologies for the critical infrastructures that underpin our societies. Specifically, it introduces advanced techniques for threat detection, risk assessment and security information sharing, based on leading edge technologies like machine learning, security knowledge modelling, IoT security and distributed ledger infrastructures. Likewise, it presets how established security technologies like Security Information and Event Management (SIEM), pen-testing, vulnerability assessment and security data analytics can be used in the context of integrated Critical Infrastructure Protection. The novel methods and techniques of the book are exemplified in case studies involving critical infrastructures in four industrial sectors, namely finance, healthcare, energy and communications. The peculiarities of critical infrastructure protection in each one of these sectors is discussed and addressed based on sector-specific solutions. The advent of the fourth industrial revolution (Industry 4.0) is expected to increase the cyber-physical nature of critical infrastructures as well as their interconnection in the scope of sectorial and cross-sector value chains. Therefore, the demand for solutions that foster the interplay between cyber and physical security, and enable Cyber-Physical Threat Intelligence is likely to explode. In this book, we have shed light on the structure of such integrated security systems, as well as on the technologies that will underpin their operation. We hope that Security and Critical Infrastructure Protection stakeholders will find the book useful when planning their future security strategies.

The worldwide reach of the Internet allows malicious cyber criminals to coordinate and launch attacks on both cyber and cyber-physical infrastructure from anywhere in the world. This purpose of this handbook is to introduce the theoretical foundations and practical solution techniques for securing critical cyber and physical infrastructures as well as their underlying computing and communication architectures and systems. Examples of such infrastructures include utility networks (e.g., electrical power grids), ground transportation systems (automotives, roads, bridges and tunnels), airports and air traffic control systems, wired and wireless communication and sensor networks, systems for storing and distributing water and food supplies, medical and healthcare delivery systems, as well as financial, banking and commercial transaction assets. The handbook focus mostly on the scientific foundations and engineering techniques – while also addressing the proper integration of policies and access control mechanisms, for example, how human-developed policies can be properly enforced by an automated system. Addresses the technical challenges facing design of secure infrastructures by providing examples of problems and solutions from a wide variety of internal and external attack scenarios Includes contributions from leading researchers and practitioners in relevant application areas such as smart power grid, intelligent transportation systems, healthcare industry and so on Loaded with examples of real world problems and pathways to solutions utilizing specific tools and techniques described in detail throughout

Cyber-physical systems (CPS) are complex networked systems that consist of cyber components for computation and communication, closely interacting with physical components such as sensors and actuators. Recent years have witnessed exponential growth in the development of cyber-physical systems. As being the basis for emerging and future smart service, they play an increasingly important role in critical infrastructure, government, everyday lives, etc. On the other hand, the integration of CPS brings more threats that may result in catastrophic consequences for the society. In this dissertation, we aim to address the security and privacy issues in cyber-physical systems and internet of things (IoT) devices. Our contributions in this dissertation are two-fold. Firstly, we study the security issues in power grid, which is one of the most critical infrastructures in the world. Security of the power grid has gained enormous attention for decades. Cascading failure, one of the most serious problems in power systems, can result in catastrophic impacts such as massive blackouts. More importantly, it can be taken advantage by malicious attackers to launch physical or cyber attacks on the power grid. However, due to the expansive geographical coverage and complex interdependencies among system components, protecting the power grid is data and computing intensive and hence extremely challenging. We investigate cascading failure attack (CFA) from a stochastic game perspective. In particular, we formulate a zero-sum stochastic attack/defense game for CFA while considering the attack/defense costs, limited budgets, diverse load shedding costs, and dynamic states in the system. Then, we develop a Q-CFA learning algorithm that works efficiently in a large system without any a-priori information. We also formally prove that the proposed algorithm can converge and achieve Nash equilibrium. Simulation results validate the efficacy and efficiency of the proposed scheme by comparisons with the state-of-the-art approaches.Secondly, we focus on secure outsourcing of large-scale fundamental problems in the cloud. Conducting such large-scale data analytics in a timely manner requires a large amount of computing resources, which may not be available for individuals and small companies in practice. By outsourcing their computations to the cloud, clients can solve such problems in a cost-effective way. However, confidential data stored at the cloud is vulnerable to cyber attacks, and thus needs to be protected. Previous works employ cryptographic techniques like homomorphic encryption, which significantly increase the computational complexity of solving a large-scale problem at the cloud and is impractical for big data applications. We present an efficient secure outsourcing scheme for convex separable programming problems (CSPs). In particular, we first develop efficient matrix and vector transformation schemes only based on arithmetic operations that are computationally indistinguishable both in value and in structure under a chosen-plaintext attack (CPA). Then, we design a secure outsourcing scheme in which the client and the cloud collaboratively solve the transformed problems. The client can efficiently verify the correctness of returned results to prevent any malicious behavior of the cloud. Theoretical correctness and privacy analysis together show that the proposed scheme obtains optimal results and that the cloud cannot learn private information from the client's concealed data. We conduct extensive simulations on Amazon Elastic Cloud Computing (EC2) platform and find that our proposed scheme provides significant time savings to the clients.

The chapters in this book present the work of researchers, scientists, engineers, and teachers engaged with developing unified foundations, principles, and technologies for cyber-physical security. They adopt a multidisciplinary approach to solving related problems in next-generation systems, representing views from academia, government bodies, and industrial partners, and their contributions discuss current work on modeling, analyzing, and understanding cyber-physical systems.

Cybersecurity and Privacy in Cyber-Physical Systems collects and reports on recent high-quality research that addresses different problems related to cybersecurity and privacy in cyber-physical systems (CPSs). It Presents high-quality contributions addressing related theoretical and practical aspects Improves the reader’s awareness of cybersecurity and privacy in CPSs Analyzes and presents the state of the art of CPSs, cybersecurity, and related technologies and methodologies Highlights and discusses recent developments and emerging trends in cybersecurity and privacy in CPSs Proposes new models, practical solutions, and technological advances related to cybersecurity and privacy in CPSs Discusses new cybersecurity and privacy models, prototypes, and protocols for CPSs This comprehensive book promotes high-quality research by bringing together researchers and experts in CPS security and privacy from around the world to share their knowledge of the different aspects of CPS security. Cybersecurity and Privacy in Cyber-Physical Systems is ideally suited for policymakers, industrial engineers, researchers, academics, and professionals seeking a thorough understanding of the principles of cybersecurity and privacy in CPSs. They will learn about promising solutions to these research problems and identify unresolved and challenging problems for their own research. Readers will also have an overview of CPS cybersecurity and privacy design.