STPA-SafeSec: Safety and Security Analysis for Cyber-Physical Systems

Cyber-physical systems tightly integrate physical processes and information and communication technologies. As today’s critical infrastructures, e.g., the power grid or water distribution networks, are complex cyber-physical systems, ensuring their safety and security becomes of paramount importance. Traditional safety analysis methods, such as HAZOP, are ill-suited to assess these systems. Furthermore, cybersecurity vulnerabilities are often not considered critical, because their effects on the physical processes are not fully understood. In this work, we present STPA-SafeSec, a novel analysis methodology for both safety and security. Its results show the dependencies between cybersecurity vulnerabilities and system safety. Using this information, the most effective mitigation strategies to ensure safety and security of the system can be readily identified. We apply STPA-SafeSec to a use case in the power grid domain, and highlight its benefits.

Towards a Resilience Metric Framework for Cyber-Physical Systems

Resilience is widely accepted as a desirable system property for cyber-physical systems. However, there are no metrics that can be used to measure the resilience of cyber-physical systems (CPS) while the multi-dimensional nature of performance in these systems is considered. In this work, we present first results towards a resilience metric framework. The key contributions of this framework are threefold: First, it allows to evaluate resilience with respect to different performance indicators that are of interest. Second, complexities that are relevant to the performance indicators of interest, can be intentionally abstracted. Third and final, it supports the identification of reasons for good or bad resilience to improve system design.

Towards a Cyber-physical Resilience Framework for Smart Grids

As modern power grids move towards becoming a smart grid, there is an increasing reliance on the data that is transmitted and processed by ICT systems. This reliance introduces new digital attack vectors. Many of the proposed approaches that aim to address this problem largely focus on applying well-known ICT security solutions. However, what is needed are approaches that meet the complex concerns of the smart grid as a cyber-physical system. Furthermore, to support the automatic control loops that exist in a power grid, similarly automatic security and resilience mechanisms are needed that rely on minimal operator intervention. The research proposed in this paper aims to develop a framework that ensures resilient smart grid operation in light of successful cyber-attacks.

Investigating Cyber-Physical Attacks against IEC 61850 Photovoltaic Inverter Installations

Cyber-attacks against Smart Grids have been found in the real world. Malware such as Havex and BlackEnergy have been found targeting industrial control systems (ICS) and researchers have shown that cyber-attacks can exploit vulnerabilities in widely used Smart Grid communication standards. This paper addresses a deep investigation of attacks against the manufacturing message specification of IEC 61850, which is expected to become one of the most widely used communication services in Smart Grids. We investigate how an attacker can build a custom tool to execute man-in-the-middle attacks, manipulate data, and affect the physical system. Attack capabilities are demonstrated based on NESCOR scenarios to make it possible to thoroughly test these scenarios in a real system. The goal is to help understand the potential for such attacks, and to aid the development and testing of cyber security solutions. An attack use-case is presented that focuses on the standard for power utility automation, IEC 61850 in the context of inverter-based distributed energy resource devices; especially photovoltaic (PV) generators.

Association between participation in life situations of children with cerebral palsy and their physical, social, and attitudinal environment:A cross-sectional multicenter European study

Objective:
To evaluate how participation of children with cerebral palsy (CP) varied with their environment.

Design:
Home visits to children. Administration of Assessment of Life Habits and European Child Environment Questionnaires. Structural equation modeling of putative associations between specific domains of participation and environment, while allowing for severity of child's impairments and pain.

Setting:
European regions with population-based registries of children with CP.

Participants:
Children (n=1174) aged 8 to 12 years were randomly selected from 8 population-based registries of children with CP in 6 European countries. Of these, 743 (63%) agreed to participate; 1 further region recruited 75 children from multiple sources. Thus, there were 818 children in the study.

Interventions:
Not applicable.

Main Outcome Measure:
Participation in life situations.

Results:
For the hypothesized associations, the models confirmed that higher participation was associated with better availability of environmental items. Higher participation in daily activities—mealtimes, health hygiene, personal care, and home life—was significantly associated with a better physical environment at home (P<.01). Mobility was associated with transport and physical environment in the community. Participation in social roles (responsibilities, relationships, recreation) was associated with attitudes of classmates and social support at home. School participation was associated with attitudes of teachers and therapists. Environment explained between 14% and 52% of the variation in participation.

Conclusions:
The findings confirmed the social model of disability. The physical, social, and attitudinal environment of disabled children influences their participation in everyday activities and social roles.

A Cyber-Physical Security Analysis of Synchronous-Islanded Microgrid Operation

Cyber-security research in the field of smart grids is often performed with a focus on either the power and control domain or the Information and Communications Technology (ICT) domain. The characteristics of the power equipment or ICT domain are commonly not collectively considered. This work provides an analysis of the physical effects of cyber-attacks on microgrids – a smart grid construct that allows continued power supply when disconnected from a main grid. Different types of microgrid operations are explained (connected, islanded and synchronous-islanding) and potential cyber-attacks and their physical effects are analyzed. A testbed that is based on physical power and ICT equipment is presented to validate the results in both the physical and ICT domain.

A Microgrid Testbed for Interdisciplinary Research on Cyber-Secure Industrial Control in Power Systems

This paper describes a smart grid test bed comprising embedded generation, phasor measurement units (PMUs), and supporting ICT components and infrastructure. The test bed enables the development of a use case focused on a synchronous islanding scenario, where the embedded generation becomes islanded from the mains supply. Due to the provisioned control components, control strategy, and best-practice ICT support infrastructure, the islanded portion of the grid is able to continue to operate in a secure and dependable manner.

“Boundary-setting as a core activity in complex public systems”

Title: Boundary-setting as a core activity in complex public systems
Authors: Joanne Murphy & Mary Lee Rhodes

The definition of the boundary of a system is at the core of any systems approach (Midgley 2000; 2003). By defining boundaries we enable – and delimit – the range of outcomes sought and the actions and resources that can be brought to bear. In complex adaptive systems (CAS) analysis, the conceptualisaion and definition of boundaries is particularly challenging as they are constantly undergoing redefinition through agent action, interaction and entry/exit. (Rhodes et al 2011). The concept of ‘boundaries’ appears regularly in a wide range of literature around public management, administration, geopolitics, regeneration and organisational development. Discussions around boundaries focus on many things from concrete physical manifestations and barriers, to virtual interfaces between one organisational unit and another, or even entirely theoretical demarcations between different schools of thought (Kaboolian, 1998, Levi-Faur, 2004, Agranoff & McGuire, 2004).

However, managing ‘beyond’ such boundaries is a routinely recurring aspiration that transcends sectors and local concerns. Unsurprisingly then, there is an increasing understanding of the need to acknowledge and manage such boundaries (whether they be physical, social or organisational) within public management as a discipline (Currie et al 2007, Fitzsimmons and White, 1997, Murtagh, 2002). This paper explores the impact of boundaries on public management strategic decision-making in the sectors of urban regeneration and healthcare. In particular, it focuses on demarcations to physical space, communal identity and within professional relationships in these sectors.

The first section describes the research that gave rise to the paper and the cases examined. Next we briefly define what we mean by boundaries. We explore issues that have emerged from our analysis of urban regeneration and health care singularly, before looking at how the concept of boundaries is a recurrent concern across the sectors. The main contribution of the paper is an exploration of how a CAS lens can bring a new insight into the concept of boundaries and decision-making in the two sets of case studies. This discussion will concentrate on initial conditions, bifurcation and adaptation as key CAS factors in relation to boundaries. We conclude with a brief discussion on the benefits of a CAS lens to an analysis of boundaries in public management decision-making.
References:

Agranoff, R. and McGuire, M. (2003) Collaborative Public Management: Strategies for Local Government. Washington, DC: Georgetown Univ. Press.

Currie, G., Lockett, A. (2007) “A critique of transformational leadership: moral, professional & contingent dimensions of leadership within public services organizations”. Human Relations 60: 341-370.

Fitzsimmons and White, (1997) "Crossing boundaries: communication between professional groups", Journal of Management in Medicine, Vol. 11 Iss: 2, pp.96 – 101

Kaboolian, L. (1998) “The New Public Management: Challenging the Boundaries of the Management vs. Administration Debate” Public Administration Review Vol. 58, No. 3 pp.189-193

Levi-Faur D. and Vigoda-Gadot Eran (eds) (2004) International Public Policy and Management: Policy Learning Beyond Regional, Cultural and Political Boundaries, Marcel Dekker,
Midgley, G. (ed) (2003) Systems Thinking. London: Sage Publications

Midgley, G. (2000) Systemic Intervention: Philosophy, Methodology and Practice. New York, NY: Kluwer.

Murtagh, B. (2002). The Politics of Territory: Policy and Segregation in Northern Ireland. Basingstoke, Palgrave.

Rhodes, ML, Joanne Murphy, Jenny Muir, John Murray (2011) Public Management & Complexity Theory: Richer Decision Making in Irish Public Services, UK: Routledge

Early warning systems for cyber defence

Cybercriminals ramp up their efforts with sophisticated techniques while defenders gradually update their typical security measures. Attackers often have a long-term interest in their targets. Due to a number of factors such as scale, architecture and nonproductive traffic however it makes difficult to detect them using typical intrusion detection techniques. Cyber early warning systems (CEWS) aim at alerting such attempts in their nascent stages using preliminary indicators. Design and implementation of such systems involves numerous research challenges such as generic set of indicators, intelligence gathering, uncertainty reasoning and information fusion. This paper discusses such challenges and presents the reader with compelling motivation. A carefully deployed empirical analysis using a real world attack scenario and a real network traffic capture is also presented.

Changing Attitudes of Community Through the Design Charrette Process

The traditional planning process in the UK and elsewhere takes too long to develop, are demanding on resources that are scarce and most times tend to be unrelated to the needs and demands of society. It segregates the plan making from the decision making process with the consultants planning, the politicians deciding and the community receiving without being integrated into the planning and decision making process. The Scottish Planning system is undergoing radical changes as evidenced by the publication of the Planning Advice Note, PAN by the Scottish Executive in July 2006 with the aim of enabling Community Engagement that allow for openness and accountability in the decision making process. The Public Engagement is a process that is driven by the physical, social and economic systems research aimed at improving the process at the level of community through problem solving and of the city region through strategic planning. There are several methods available to engage the community in large scale projects. The two well known ones are the Enquiry be Design and the Charrette approaches used in the UK and US respectively. This paper is an independent and rigorous analysis of the Charrette process as observed in the proposed Tornagrain Settlement in the Highlands area of Scotland. It attempts to gauge and analyse the attitudes, perceptions of the participants the Charrette as well as the mechanics and structure of the Charrette. The study analyzes the Charrette approach as a method future public engagement in and its effectiveness within the Scottish Planning System in view of PAN 2005. The analysis revealed that the Charrette as a method of engagement could be effective in changing attitudes of the community to the design process under certain conditions as discussed in the paper.

Cybersecurity Test-Bed for IEC 61850 based Smart Substations

With the development and deployment of IEC 61850 based smart substations, cybersecurity vulnerabilities of supervisory control and data acquisition (SCADA) systems are increasingly emerging. In response to the emergence of cybersecurity vulnerabilities in smart substations, a test-bed is indispensable to enable cybersecurity experimentation. In this paper, a comprehensive and realistic cyber-physical test-bed has been built to investigate potential cybersecurity vulnerabilities and the impact of cyber-attacks on IEC 61850 based smart substations. This test-bed is close to a real production type environment, and has the ability to carry out end-to-end testing of cyber-attacks and physical consequences. A fuzz testing approach is proposed for detecting IEC 61850 based intelligent electronic devices (IEDs) and validated in the proposed test-bed.

Threat Analysis of BlackEnergy Malware for Synchrophasor based Real-time Control and Monitoring in Smart Grid

The BlackEnergy malware targeting critical infrastructures has a long history. It evolved over time from a simple DDoS platform to a quite sophisticated plug-in based malware. The plug-in architecture has a persistent malware core with easily installable attack specific modules for DDoS, spamming, info-stealing, remote access, boot-sector formatting etc. BlackEnergy has been involved in several high profile cyber physical attacks including the recent Ukraine power grid attack in December 2015. This paper investigates the evolution of BlackEnergy and its cyber attack capabilities. It presents a basic cyber attack model used by BlackEnergy for targeting industrial control systems. In particular, the paper analyzes cyber threats of BlackEnergy for synchrophasor based systems which are used for real-time control and monitoring functionalities in smart grid. Several BlackEnergy based attack scenarios have been investigated by exploiting the vulnerabilities in two widely used synchrophasor communication standards: (i) IEEE C37.118 and (ii) IEC 61850-90-5. Specifically, the paper addresses reconnaissance, DDoS, man-in-the-middle and replay/reflection attacks on IEEE C37.118 and IEC 61850-90-5. Further, the paper also investigates protection strategies for detection and prevention of BlackEnergy based cyber physical attacks.

Multidimensional Intrusion Detection System for IEC 61850 based SCADA Networks

Emerging cybersecurity vulnerabilities in supervisory control and data acquisition (SCADA) systems are becoming urgent engineering issues for modern substations. This paper proposes a novel intrusion detection system (IDS) tailored for cybersecurity of IEC 61850 based substations. The proposed IDS integrates physical knowledge, protocol specifications and logical behaviours to provide a comprehensive and effective solution that is able to mitigate various cyberattacks. The proposed approach comprises access control detection, protocol whitelisting, model-based detection, and multi-parameter based detection. This SCADA-specific IDS is implemented and validated using a comprehensive and realistic cyber-physical test-bed and data from a real 500kV smart substation.

Integrating Ballymun? Flawed progress in Ireland's largest estate regeneration scheme

Urban regeneration in the Republic of Ireland takes place in the context of the rapid, ‘Celtic Tiger’ economic growth of the 1990s. The boom transformed Irish society and led to greater affluence for many people, along with continuing and arguably worsening inequality for those excluded from its opportunities. In particular, Ireland’s small social rented sector has become the focus of the country’s most concentrated poverty and social exclusion. The Ballymun regeneration programme in North Dublin aims to facilitate physical, social and economic change in order to integrate the area more closely with the
more affluent surrounding suburbs. This article reviews the issues involved in restructuring such a large area of social exclusion within a rapidly changing European capital city, using a framework that disaggregates the concept of integration into three elements: market, citizenship and reciprocity. With just over half the physical refurbishment complete, progress has been made but some fundamental issues remain. The article concludes that although substantial advancement has been made with physical regeneration, progress with wider economic and social integration has been uneven and in some cases flawed.