Intelligent System for Risk Identification of Cybersecurity Violations in Energy Facility

Gaskova, Daria; Massel, Aleksei

doi:10.1109/rpc.2018.8482229

Cited by 7 publications

(5 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They identify a broad set of attack vectors and attack scenarios that threaten the security of power networks for which they propose to employ a defensively in-depth strategy that includes measures for device and application security, network security, physical security, and ultimately policies, procedures, and information sharing. The common basis for these analyses is the implementation of risk analysis as indicated by V. Mokhor from Pukhov Institute for Modelling in Energy Engineering [ 11 , 12 ], respectively, in the article “Intelligent System for Risk Identification of Cybersecurity Violations in Energy Facility”. Both articles are connected by the detailed concept of complex cyber security risks of information systems of critical infrastructure objects, in the form of a vector risk model, including similarly developed options for calculating the overall risk, based on the structural decision of an autonomous computer system for calculating the cyber security risk of such systems Using the published approaches, it is then possible to assess the risks as a whole, including the consideration of the human subjective factor in risk assessment, which is extremely important for critical infrastructure, especially in the energy sector.…”

Section: Cyber Security In Substation Automation Systemsmentioning

confidence: 99%

Security Baseline for Substation Automation Systems

Horálek

Soběslav

2023

Sensors

View full text Add to dashboard Cite

The use of information technology and the automation of control systems in the energy sector enables a more efficient transmission and distribution of electricity. However, in addition to the many benefits that the deployment of intelligent and largely autonomous systems brings, it also carries risks associated with information and cyber security breaches. Technology systems form a specific and critical communication infrastructure, in which powerful control elements integrating IoT principles and IED devices are present. It also contains intelligent access control systems such as RTU, IDE, HMI, and SCADA systems that provide communication with the data and control center on the outer perimeter. Therefore, the key question is how to comprehensively protect these specialized systems and how to approach security implementation projects in this area. To establish rules, procedures, and techniques to ensure the cyber security of smart grid control systems in the energy sector, it is necessary to understand the security threats and bring appropriate measures to ensure the security of energy distribution. Given the use of a wide range of information and industrial technologies, it is difficult to protect energy distribution systems using standard constraints to protect common IT technologies and business processes. Therefore, as part of a comprehensive approach to cyber security, specifics such as legislative framework, technological constraints, international standards, specialized protocols or company processes, and many others need to be considered. Therefore, the key question is how to comprehensively protect these specialized systems and how to approach security implementation projects in this area. In this article, a basic security concept for control systems of power stations, which are part of the power transmission and distribution system, is presented based on the Smart Grid domain model with emphasis on substation intelligence, according to the Purdue model. The main contribution of the paper is the comprehensive design of mitigation measures divided into mandatory and recommended implementation based on the standards defined within the MITRE ATT&CK matrix specified, concerning the specifications of intelligent distribution substations. The proposed and industry-tested solution is mapped to meet the international security standards ISO 27001 and national legislation reflecting the requirements of NIS2. This ensures that the security requirements will be met when implementing the proposed Security Baseline.

show abstract

Section: Cyber Security In Substation Automation Systemsmentioning

confidence: 99%

Security Baseline for Substation Automation Systems

Horálek

Soběslav

2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Software and hardware must follow a strict quality assurance, for example, to avoid getting infected by viruses or worms from wider networks [2], [19]. Cybersecurity procedures include strategies, security principles, security guarantees, guidelines, and risk management approaches [20]. Human resources relate to personnel that has to be equipped with skills and knowledge that are up-to-date and are continuously refreshed through training [21] (otherwise, the personnel can also turn into a threat [22]).…”

Section: A Cybersecurity and Cyberattacksmentioning

confidence: 99%

“…Risk can be defined as a combined frequency or probability and consequences of an event or incident that may compromise a system [20], [14]. Another way of expressing risk is the likelihood that a certain vulnerability of a particularly attractive object as the target will be manipulated by a certain threat leading to undesired consequences [54].…”

Section: A Cybersecurity Risk Assessment In Nuclear Facilitiesmentioning

confidence: 99%

“…Another way of expressing risk is the likelihood that a certain vulnerability of a particularly attractive object as the target will be manipulated by a certain threat leading to undesired consequences [54]. Risk can be formulated as a function of (1) the threat for any attack to occur, (2) the vulnerability of the targeted object to endure the attack, and eventually, (3) the damage caused by the threat attack [20], [55], [49]. In a cybersecurity concept, cyber risk is associated with the risk of operational activities in cyberspace, in which the impact can threaten the information systems and assets, the information and communication technology, devices, and peripheral technology resources, and can create damage to the tangible and intangible materials [56].…”

Section: A Cybersecurity Risk Assessment In Nuclear Facilitiesmentioning

confidence: 99%

See 1 more Smart Citation

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Setianingsih¹,

Pulungan²,

Putra³

et al. 2021

IJACSA

View full text Add to dashboard Cite

As strategic infrastructures, nuclear facilities are considered attractive targets for attackers to commit their malicious intention. At the same time, for efficiency, those infrastructures are increasingly implemented, equipped with, and managed by digitally computerized systems. Attackers, therefore, try to realign their attack scenarios through such cyber systems. It is crucial to understand various existing risk assessment methods for cybersecurity in nuclear facilities to prevent such attacks. Risk assessment is designed to study the nature of the originated attack threats and the consequences implied. This paper studies a series of risk assessment methods implemented for security related to cybersecurity of strategic infrastructures, including nuclear facilities. Extended from cybersecurity, the required concepts in nuclear security cover defense-in-depth, synergy of safety and security, and probabilistic safety/risk assessment. Selecting cybersecurity risk assessment methods should integrate these three essential concepts in their evaluation. This paper highlights the suitable and appropriate risk assessment methods that meet security requirements in the nuclear industry as specified in the national and international regulations.

show abstract

“…Approval of mandatory requirements for formalizing the results of compliance assessment of high-confidence information protection software [1] lent relevance to the use of mathematical models for assessing IS software performance reliability and safety. Although studies into mathematical models for software reliability assessment were first undertaken back in the second half of the last century [2,3], these issues remain relevant nowadays [4][5][6][7][8][9][10][11][12][13][14][15][16]. All this relates both to software manufacturing technologies (for example, open source software) and to newly introduced international standards in the software engineering and information security area (ISO/IEC 15408, ISO/IEC 33001, IEC 61508, IEC 61511 etc.)…”

Section: Introductionmentioning

confidence: 99%

Simulation of Software Security Tests by Soft Computational Methods

Markov¹,

Markov²,

Tsirlov³

2019

Proceedings of the VIth International Workshop 'Critical Infrastructures: Contingency Management, Intelligent, Agent-Based, Clo

View full text Add to dashboard Cite

The worth of the using of software performance reliability assessment models at early testing stages is shown. The characteristic property of nonmonotonic increasing of performance reliability of current software systems is underscored. Ways of enhancing adequacy and fidelity of software testing simulation are exemplified. The conditions of using of soft computing for assessing the reliability and security of information systems software are shown.

show abstract

Intelligent System for Risk Identification of Cybersecurity Violations in Energy Facility

Cited by 7 publications

References 1 publication

Security Baseline for Substation Automation Systems

Security Baseline for Substation Automation Systems

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Simulation of Software Security Tests by Soft Computational Methods

Contact Info

Product

Resources

About