Figure 2 - uploaded by Leandros Maglaras
Content may be subject to copyright.
Purdue Model for Control Hierarchy[18]  

Purdue Model for Control Hierarchy[18]  

Source publication
Article
Full-text available
In order to deter or prosecute for cyber attacks on industrial control systems it is necessary to assign attribution to the attacker and define the type of attack so that international law enforcement agencies or national governments can decide on appropriate recourse. In this paper we identify the current state of the art of attribution in industr...

Context in source publication

Context 1
... [81] described the Purdue model, a reference architecture for control hierarchy that has become the standard within ICS [84]. It described six levels within an organisation managing an industrial control system, as illustrated in Figure 2. [18] Level 5 describes the corporate or enterprise network of an organisation running its business management applications and services. ...

Similar publications

Chapter
Full-text available
No território português, entre o Ribatejo e o Alto Alentejo, reúnem-se condições excecionais para se dinamizar uma oferta turística em torno do montado de sobro e da cortiça. Desde logo, trata-se da região com maior produção de cortiça do planeta e, consequentemente, com um extraordinário património natural. Por outro lado, existe um exemplar quase...
Article
Full-text available
Simulation-based design increasingly replaces traditional experience-based design. This article gives an overview of techniques now used in advanced industry practice, with particular focus on navy applications. The article covers the basics of the techniques, illustrating approaches and state of the art with applications taken from the experience...
Conference Paper
Full-text available
The CPSoS project is developing a roadmap for future research and innovation in cyber-physical systems of systems. This paper presents preliminary findings and proposals that are put forward as a result of broad consultations with experts from industry and academia, and through analysis of the state of the art in cyber-physical systems of systems.
Conference Paper
Full-text available
Im Rahmen des vom Bundesministerium für Wirtschaft und Energie geförderten Projekts "LIPS-Live Interactive PMSE Services" arbeiten die Projektpartner aus Industrie und Forschung an einer immersiven audiovi-suellen Verbindung zwischen entfernten Räumlichkeiten, die es Menschen erlaubt in einer möglichst natürlichen Art und Weise miteinander kommuniz...

Citations

... The four Agile values have been mapped into the context of ICS incident response to meet those requirements along with a number of tools to aid IR teams in the feld. Proper incident response can improve technical attribution in relation to ICS [7]. Future research will focus on business case studies on whether the integration of Agile values can improve ICS IR procedure through the implementation of exploratory industrial case studies. ...
... Attack attribution seeks to answer the question of "What kind of attack was it?" and this is generally more challenging to answer in ICS than in typical IT/OT systems due to the different network structures, industry-specific protocols, and so forth [17], [18]. While there have been a small number of ML-based malware attack attributions [19], [20], designing robust and effective ML-based attack attribution for ICS and IIoT systems appears to be understudied. ...
Article
Full-text available
Securing Internet of Things (IoT)-enabled cyber-physical systems (CPS) can be challenging, as security solutions developed for general information / operational technology (IT / OT) systems may not be as effective in a CPS setting. Thus, this paper presents a two-level ensemble attack detection and attribution framework designed for CPS, and more specifically in an industrial control system (ICS). At the first level, a decision tree combined with a novel ensemble deep representation-learning model is developed for detecting attacks imbalanced ICS environments. At the second level, an ensemble deep neural network is designed for attack attribution. The proposed model is evaluated using real-world datasets in gas pipeline and water treatment system. Findings demonstrate that the proposed model outperforms other competing approaches with similar computational complexity.
... Research into conducting and understanding cyber warfare and cyber terrorism is extensive and wide-ranging [18], yet research into restoring peace after cyber warfare has recently been addressed [1]. Attribution of cyber-attacks is an open issue [6] and the correct norms and procedures are yet to be discovered. Some security solutions specifically for Critical Infrastructures must be put forward in the National or International level. ...
... Research into conducting and understanding cyber warfare and cyber terrorism is extensive and wide-ranging [Robinson et al. 2019], yet research into restoring peace after cyber warfare has recently been addressed [Ayres and Maglaras 2016]. Attribution of cyberattacks is an open issue [Cook et al. 2016] and the correct norms and procedures are yet to be discovered. Some security solutions specifically for Critical Infrastructures must be put forward in the National or International level. ...
Preprint
Full-text available
In Cyberspace nowadays, there is a burst of information that everyone has access. However, apart from the advantages the Internet offers, it also hides numerous dangers for both people and nations. Cyberspace has a dark side, including terrorism, bullying, and other types of violence. Cyberwarfare is a kind of virtual war that causes the same destruction that a physical war would also do. In this article, we discuss what Cyberterrorism is and how it can lead to Cyberwarfare.
... One thing that all cyber-attacks have in common is the difficulty of attribution. Attribution in cyberattacks is always problematic [4] [5]. It is difficult to determine who actually the perpetrator was. ...
Article
Full-text available
Attack attribution in cyber-attacks tends to be a qualitative exercise with a substantial room forerror. Graph theory is already a proven tool for modeling any connected system. Utilizing graph theory canprovide a quantitative, mathematically rigorous methodology for attack attribution. By identifyinghomomorphic subgraphs as points of comparison, one can create a fingerprint of an attack. That would allowone to match that fingerprint to new attacks and determine if the same threat actor conducted the attack. Thiscurrent study provides a mathematical method to create network intrusion fingerprints by applying graph theoryhomomorphisms. This provides a rigorous method for attack attribution. A case study is used to test thismethodology and determine its efficacy in identifying attacks perpetrated by the same threat actor and/or usingthe same threat vector.
... Research into conducting and understanding cyber warfare and cyber terrorism is extensive and wide-ranging [12], yet research into restoring peace after cyber warfare has recently been addressed [13]. Attribution of cyberattacks is an open issue [14] and the correct norms and procedures are yet to be discovered. Some solutions for security the systems and specifically Critical Infrastructures must be put forward in National or International level [15]. ...
Preprint
Full-text available
Cyberspace has a dark side, including terrorism, bullying, and other types of violence. It is essential to note that Cyberwarfare is still a kind of virtual war that causes the same destruction to a state that a physical war would also do. In this article, we discuss cyber Warfare and Cyber Terrorism and outline their different types, motivation, and countermeasures. The article concludes with the key findings from the literature and suggests avenues for future research efforts.
... Some of the threats that are identified to be a part of the CPS or ICS threat landscape are put together below. A mapping of the resilience metrics analysis domains with the threats is presented in Figure 12.2 where some of the attacks are collected from the discussion provided by Andrew Ginter (2017) and Cardenas et al. (2009) ...
Chapter
Full-text available
Cyber-physical systems (CPS) play a critical role in diversified fields. The integration of computation and physical processes makes CPS a vital part in different industries, e.g., autonomous automobile systems, smart grid systems, healthcare systems, communication systems, etc. The CPS often involves transdisciplinary approaches, merging theory of different scientific domains such as cybernetics, control systems, process design, and embedded systems. With the expanding uses of the CPS, major cybersecurity concerns are also growing around these systems. Often computing the cyber resilience metrics are omitted in literature because of the complexity of the systems and lack of a clear idea about the overall network security posture. The chapter focuses on the cyber resilience metrics and frameworks for the CPS. The chapter presents a detailed cyber resilience framework for CPS to be used across different industries. The framework also guides the methodologies to compute the resilience metrics for the CPS. The chapter presents both qualitative and quantitative modeling of cyber resilience for the CPS. A discussion on the automation process for the CPS resilience metrics computation is presented which covers details of the qualitative and quantitative simulation tools architectures, vulnerability assessment, visualization, and reporting processes. The chapter also covers complexities in designing and developing simulation tools and resilience metrics computation methodologies. The chapter aims to provide an overall idea about the cyber resilience metrics computation process and a simulation platform for the CPS and how that would be beneficial across various industries.
... Some of the threats that are identified to be a part of the CPS or ICS threat landscape are put together below. A mapping of the resilience metrics analysis domains with the threats is presented in Figure 12.2 where some of the attacks are collected from the discussion provided by Andrew Ginter (2017) and Cardenas et al. (2009) ...
Chapter
Full-text available
Cyber‐physical systems (CPSs) play a critical role in diversified fields. The integration of computation and physical processes makes CPS a vital part in different industries, e.g. autonomous automobile systems, smart grid systems, healthcare systems, communication systems, etc. The CPS often involves transdisciplinary approaches, merging theory of different scientific domains such as cybernetics, control systems, process design, and embedded systems. With the expanding uses of the CPS, major cybersecurity concerns are also growing around these systems. Often computing the cyber resilience metrics are omitted in literature because of the complexity of the systems and lack of a clear idea about the overall network security posture. The chapter focuses on the cyber resilience metrics and frameworks for the CPS. The chapter presents a detailed cyber resilience framework for CPS to be used across different industries. The framework also guides the methodologies to compute the resilience metrics for the CPS. The chapter presents both qualitative and quantitative modeling of cyber resilience for the CPS. A discussion on the automation process for the CPS resilience metrics computation is presented, which covers details of the qualitative and quantitative simulation tool architectures, vulnerability assessment, visualization, and reporting processes. The chapter also covers complexities in designing and developing simulation tools and resilience metrics computation methodologies. The chapter aims to provide an overall idea about the cyber resilience metrics computation process and a simulation platform for the CPS and how that would be beneficial across various industries.
... The development of modelling strategies for evaluating cyber attacks [38] are also important. Cook et al. [39] have used six individual metrics, as summarized in Table 1, to measure the effectiveness of each attribution in the context of ICS that can be applied to CIs. ...
Preprint
Full-text available
As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threats to critical infrastructures along with protective measures that one nation can take, and which are classified according to legal, technical, organizational, capacity building, and cooperation aspects. Finally we provide an overview of current methods and practices regarding cyber attribution and cyber peace keeping
... Measuring the performance of attribution attacks is an open issue although several methods have been proposed [23]. In [24] Cook et al, have used six individual metrics as summarized in Table 1, to measure the effectiveness of each attribution in the context of ICS that can be applied to CIs. ...