Abstract image of a woman sitting on books and studying on a laptop

Securing Critical Infrastructures with a cybersecurity digital twin

Download as PPTX, PDF
Massimiliano Masi, profile picture
Massimiliano Masi

The document discusses the importance of securing critical infrastructures through a cybersecurity digital twin, highlighting the differences between IT and OT security and providing examples of critical infrastructures like healthcare, energy, and transportation. It emphasizes the interconnectedness of these systems and the potential consequences of cyber-physical attacks, as well as outlining a methodology for creating a digital twin to evaluate and enhance cybersecurity measures. The document illustrates this methodology with a focus on road tunnels, exploring attack scenarios and countermeasure implementations for improving business continuity plans.

Automotive
Related topics:
Critical InfrastructureEnterprise Architecture
1 of 29
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
OCCASIONE D’USO DATA IN GG/MM/AA 1 Securing Critical Infrastructures with a Cybersecurity Digital Twin Massimiliano Masi - <mmasi@autostrade.it> IEEE CBI 2023, Prague 22/06/2023
OCCASIONE D’USO DATA IN GG/MM/AA 1. What are critical infrastructures A. The definitions – and the legal context B. Examples: the Intelligent Transport Systems. 2. The problem: OT Security A. Difference between IT/OT Security 1. The use of EA A. A digital twin for cybersecurity: the cybersecurity view B. A systematic creation of the DT starting from the RAMI 4.0 2. A couple of real use cases: a Road Tunnel and C-ITS PROPOSED AGENDA
OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures seen from the law The law (2008/114/CE/) defines ‘critical infrastructure’ means an asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions; Examples are (they all have a EA) • Healthcare facilities, and their IT infrastructure • The entire financial sector • Energy, from transmission to distribution • Transportation: road, maritime, aviation, and water supply Critical Infrastructures
OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: a Computer Science perspective Usually, critical infrastructures utilizes hardware and software components which are specifically devised for the operations In Healthcare • Medical Equipment under the Medical Device Regulation • Picture Archiving and Communication Systems (PACS) In Energy Supply • Programmable Logic Controllers (PLC) to monitor and actuate energy management • Intelligent Electronic Devices (IED) enabling use cases such as the Virtual Power Plant Critical Infrastructures
OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: Cyber-and-Physical Systems A virtual power plant, an water management facility, or truck platooning system, are examples of remote-controlled cyber-and-physical systems. A control room, usually sends commands to actuate the controlled devices to modify the physical world, and receives information from sensors sensing from the real world. In Road Transportation • A red light might affect the traffic regulations In Energy Supply • Sensors may return values from a PV used by a software to decide the day-ahead electricity consumption Critical Infrastructures
OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: Cyber-and-Physical Attacks Critical Infrastructures Cybersecurity attacks may be originated from the digital infrastructures to impact on the digital infrastructures itself, or even impact the physical world. And VICEVERSA.
OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: Cyber-and-Physical Systems When an attack is performed towards a Critical Infrastructure it may affect our lives. • Trains might not be circulating (economic loss) • Hospitals are not able to treat patients (potential casualties) • Water can be poisoned (potential casualties) • Fuel might not be available (unavailability of vehicles) • Goods might not be circulating (economic loss, and eventual casualties) Think availability of critical infrastructures in case of disasters (natural, human, or war) Campi flegrei • A volcano is sleeping over a population of millions of inhabitants Critical Infrastructures
OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: Cyber-and-Physical Systems Critical Infrastructures Protection (CIP) is in most case the mastering of many interdependent subsystems composed by Industrial Automation and Control Systems (IACS – introducing the IEC 62443-x-y jargon) • According with EU JRC, IACS are complex systems composed by all the components (PLCs, SCADA, HMI, Data Loggers) that are integrated into critical infrastructures and industrial production environments. Threats, Countermeasures, risk analyses are different than in IT Cybersercurity Testing Business Continuity Plans is impossible: there is no test tunnel or substation, or water pipe! Critical Infrastructures
OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: Cyber-and-Physical Systems Critical Infrastructures
OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: interconnected Systems are all interconnected: unavailability of the power grid may have an interruption on the traffic, as tunnels shall be closed after 1 hour of lack of power, which may create congestion in a smart city and patients can’t be hospitalised… This is at european level! Reasons of such cascading effects? Critical Infrastructures
OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: We need EA! Critical Infrastructures
OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures are complex systems of systems • All interconnected, different data domains • No test infrastructures, usually the system is tailored to the specific use case • (Luckily) CI owners are required to test business continuity and incident response plans. • Need to include also physical attacks that can influence the digital world and viceversa. How to solve? The Problem
OCCASIONE D’USO DATA IN GG/MM/AA Securing OT systems is different than Typical IT • Availability over Integrity and Confidentiality • The phases: (rare) Security By Design, Securing Legacy, and Attack Simulations • Systems are there to stay: they expose vulnerabilities solved in IT decades ago • PLCs are different than Computers, the programming languages does not have the modern measures (buffer overflows are normal) • The traffic of the communication network should be exactly the one expected by the devices. Pings of Death are possible • Attacker can be APTs, or disgruntled employees, skilled on the IACS functioning Typical Countermeasures • Network segregation and segmentation, DMZ, no ZTNA as today • Attacker is Dolev-Yao, omnipotent • And many other myths https://gca.isa.org/blog/common-ics-cybersecurity-myths-lessons- learned OT (and I-IoT) Security
OCCASIONE D’USO DATA IN GG/MM/AA THE ROLE OF A MOTORWAY OPERATOR THE CONTEXT Road Operators are considered critical infrastructures in some countries. • Service Disruptions impact other critical infrastructure [ENISA] • Service is delivered through IT/OT/IoT infrastructure: Variable Message Signs, C-ITS, Red lights. Such data is used for Traffic Management Plans • Road operators are interconnected indirectly through National Access Points and directly to exchange Real Time Traffic Information (RTTI) and Safety Related Traffic Information (SRTI) • It is also a typical company, with IT systems: endpoints, ERP, social networking PECULIARITIES [ENISA] Good Practices on Interdependencies between OES and DSPs, Nov. 2018 IMPACTS 14 • Usually operates Optic Fiber-based network equipment, geographically distributed • Energy supply, Diesel Engines, Radio Equipment, Charging Stations • Network congestion could cause pressure on other adjacent infrastructures (Hospitals, Smart Cities, Good delivery), and causes vehicle crashes • Malfunctioning on a Road Tunnel IoT/OT equipment can cause injuries and deaths
OCCASIONE D’USO DATA IN GG/MM/AA DATA FROM DIFFERENT SECURITY DOMAINS THE CONTEXT Typical data journey • Read from a sensor on the road (IoT). Data is semantically and syntactically different (e.g., CCTV, LoraWAN). • Sensors and actuators in Tunnels. Data is exchanged using OT protocols from IoT devices, actuating tunnel pumps in case of fire. • Data arrives in a Data Center or in a Cloud VPC. Risks related to cloud have to be considered • Data is elaborated in a Traffic Control Center:Traffic Management Plans, SRTI, RTTI, send Hazardous Location Notification • C-ITS data arrives at 10hz per vehicle over a public network (DSRC) According with IEC 62443, those may have different Security Level Target (SL-T) • This means different countermeasures on integrity, confidentiality • How to trust data from C-ITS? Security Policy only requires a “ISO 27001 certification” 15
OCCASIONE D’USO DATA IN GG/MM/AA RAMI, 27001, 62443 THE CONTEXT Use of IEC 62443 • Mapping all the abstract architectural assets to the RAMI 4.0 framework • Use Business and Functional as target for the high-level risk analysis • Use Communication as hint for zone and conduit • Use integration and assets to select the items for the low-level risk analysis • Perform security testing The 27001 protection rings • Multi-compliance: security zones share 27001 and 62443 requirements • Use of the NIST Cybersecurity Framework as a mapping tool • IEC 62443-2-1 and the related TR, should be updated 16
OCCASIONE D’USO DATA IN GG/MM/AA Many definitions and many publications • In this context it is adopted the definition from Grieves, Manufacturing Excellence Through Virtual Factory Replication (2015) • We consider a virtual description of a physical product that is accurate to both micro-and macro- level. • Digital twins exhibit fidelity, a high number of parameters transferred between the physical and the virtual entity, high accuracy and a satisfying level of abstraction. • In the past physical models have been widely used in engineering and architecture to help the design and facilitate physical testing of buildings, plants, machines and systems. • Digital twin can be either inline, where an actuation on the twin has an immediate effect on the system, or asynchronous, where an actuation on the twin is actuated at a second stage DIGITAL TWIN
OCCASIONE D’USO DATA IN GG/MM/AA Many definitions and many publications • Other meanings are as digital shadows, when not communicating or interacting with their physical counterpart, or models • The use of a Digital Twin in Cybersecurity is not new. Publications and PoC exists to demonstrate its usage for Security Operation Centre DIGITAL TWIN We are using a methodology that systematically gets the description of the IACS from its Reference Architecture and builds its digital twin. On that, we evaluate countermeasures, and we test Business Continuity Plans. Results will be then, asynchronously, implemented site by site
OCCASIONE D’USO DATA IN GG/MM/AA It is divided in 3 steps • It leverages the concept of Reference Architecture and Solution Architecture to produce the architecture models needed to design the cybersecurity Digital Twin • It starts with a model or by mapping the system into a Reference Architecture. • We introduce a cybersecurity view with the following viewpoint • Overview: enabling the assessment of BCPs and security posture of IACS • Concerns: decrease the cyber-threat risk to acceptable levels • Anti-Concerns: ROI Analysis • Typical Stakeholders: business decision makers and cybersecurity experts • Mode Kind • Choose a Reference Architecture Framework • Translating the View into a Digital Twin • Identify Attack Scenarios The Methodology
OCCASIONE D’USO DATA IN GG/MM/AA Generating a Cybersecurity View • Choose an Architecture Framework (e.g., RAMI 4.0, SGAM, TOGAF). It is worth noting that the methodology is parametric, as long as mapping exists • For legacy systems, a mapping is required from the system to the EA conceptual space • The mapping may be guided by existing frameworks, such as the NIST CSF for CIP. • Once the system is in the conceptual space, the view is created by selecting the architectural elements to be protected, by Business Impact Analyses, Risk Analysis, regulations Step 1
OCCASIONE D’USO DATA IN GG/MM/AA Deriving the Cybersecurity Digital Twin • The elements in the EA Conceptual space in the Cybersecurity View are translated into Meta Attack Language (MAL) Step 2
OCCASIONE D’USO DATA IN GG/MM/AA Security simulations and countermeasure identification • Once the system is represented in MAL, SecuriCAD has been used to perform simulations • Simulations are performed using a twin concept, which includes specific threats related to the IACS (e.g, water poisoning, or tunnel light system availability) • Simulations enable reasonings also on the Techniques, Tactics, and Procedures from the MITRE ATT&CK matrix for ICS Step 3
OCCASIONE D’USO DATA IN GG/MM/AA The methodology in Practice: a Road Tunnel
OCCASIONE D’USO DATA IN GG/MM/AA Target for (cyber)terrorist attacks • By nature, a tunnel connects two sites physically separated by geographic obstacles (mountain, rivers, sea) • Hence a malfunctioning tunnel leads to economic loss and pressure over other infrastructures lying on both sides of the entrance. • Road Authorities are required to perform risk analysis and business continuity plans Road Tunnels
OCCASIONE D’USO DATA IN GG/MM/AA Building a reference architecture of the road tunnel and generating a Cybersecurity View • The system under analysis already exist, and no EA conceptual models are available • We mapped all the components of a single tunnel (around 200) into RAMI 4.0 to create the EA space • The cybersecurity mappings have been performed following the NIST CSF CIP v1.1. • ID.AM-3 – data flows are mapped -> all the traffic from all the switches has been sniffed and the entire network map has been created. Results of elements in the RAMI 4.0 Communication layer • ID.AM-2 - Software platforms and applications within the organization are inventoried -> Results are elements in the RAMI 4.0 Asset layer Phase 1
OCCASIONE D’USO DATA IN GG/MM/AA Phase 2: deriving the cybersecurity digital twin From: Massimiliano Masi, Giovanni Paolo Sellitto, Helder Aranha, Tanja Pavleska: Securing critical infrastructures with a cybersecurity digital twin. Softw. Syst. Model. 22(2): 689-707 (2023)
OCCASIONE D’USO DATA IN GG/MM/AA Phase 3: Simulations • Excerpt from the digital twin • Two attack scenario: • SCADA compromised by a credential leak without MFA • Maintainer laptop with Industroyer • Segregation at firewall level is easy, but what is the impact? • Costs, maintenance, unfeasible • Air gapping solutions? • Other techniques bypassing air gap exists, unfeasible • Adding an Intrusion Detection System nearby the SCADA? • Would not hinder availability • Detection procedures and automations shall be in place • With MAL and SecuriCAD we have been able to show the effects and the costs-effectiveness analysis to management
OCCASIONE D’USO DATA IN GG/MM/AA Countermeasures have been implemented • The results obtained from the simulations have been implemented in tunnels • Business Continuity Plans are created, designed, and simulated for their safety before changing the traffic regulations (BCP tests can’t be performed with live traffic) • The model is used for continuous improvement: when new attack techniques, or scenario arise, we perform detailed simulations – other product exists, but the model is systematically created from the system After the Simulations
OCCASIONE D’USO DATA IN GG/MM/AA 29 CONCLUSIONS Complexity of Critical Infrastructure Protection 29 What we have seen A methodology to use MAL as a model representing the CI Simulations over a road Tunnel

More Related Content

PPTX
Modelo Estratégico de Jay Haley
alondrabelem
 
DOC
consignas-para-el-test-de-la-familia-kinetica
Rosendo Arenas
 
PPT
Terapia de posibilidades
alomargio
 
PPT
Exposición sobre el WISC-IV - Psicometría - UTMACH - Psicología Clínica
Michael Urgilés
 
PPTX
El ámbito de la entrevista
Arturo Urbieta
 
PPT
Teoria humanista
Adriana Nachieli Morales Ballinas
 
PPT
Intervención en crisis
Graciela Martínez Gutiérrez
 
PPTX
4.1 Terapia Gestalt y 4.1.1. Revisión de algunos coceptos de la terapia Gestalt
Laura O. Eguia Magaña
 
Modelo Estratégico de Jay Haley
alondrabelem
 
consignas-para-el-test-de-la-familia-kinetica
Rosendo Arenas
 
Terapia de posibilidades
alomargio
 
Exposición sobre el WISC-IV - Psicometría - UTMACH - Psicología Clínica
Michael Urgilés
 
El ámbito de la entrevista
Arturo Urbieta
 
Teoria humanista
Adriana Nachieli Morales Ballinas
 
Intervención en crisis
Graciela Martínez Gutiérrez
 
4.1 Terapia Gestalt y 4.1.1. Revisión de algunos coceptos de la terapia Gestalt
Laura O. Eguia Magaña
 

Similar to Securing Critical Infrastructures with a cybersecurity digital twin (20)

PPTX
A Cybersecurity Digital Twin for Critical Infrastructure Protection
Massimiliano Masi
 
PDF
IT vs. OT: ICS Cyber Security in TSOs
Community Protection Forum
 
PDF
Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...
Marco Lisi
 
PDF
American Bar Assoc. ISC 2009
infracritical
 
PDF
Cyber Security Lecture at Rah Rah 7
Filip Maertens
 
PPTX
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
PDF
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Enrique Martin
 
PDF
Strengthening Critical Infrastructure Security.pdf
ssuserc1c354
 
PDF
The relation between internet of things, critical infrastructure and cyber se...
Ramiro Cid
 
PPTX
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Abhishek Goel
 
PDF
Cyber-Physical_Systems_yber Physical system (CPS) is a new generation of digi...
RohitGhulanavar2
 
PDF
Cybersecurity for modern industrial systems
Itex Solutions
 
PPTX
The importance of cie in the digital era
Ricardo de Almeida
 
PDF
Cyber security colombo meetup
Eguardian Global Services
 
PDF
Conférence ENGIE ACSS 2018
African Cyber Security Summit
 
PDF
Drobics trustworthy io-t-for-industrial-applications
Mario Drobics
 
PPTX
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Positive Hack Days
 
PPTX
CS5032 Lecture 20: Dependable infrastructure 2
John Rooksby
 
PDF
Cyber security of critical infrastructure
NIRAJSINGH339856
 
PPTX
ppt_cyber.pptx
NIRAJSINGH339856
 
A Cybersecurity Digital Twin for Critical Infrastructure Protection
Massimiliano Masi
 
IT vs. OT: ICS Cyber Security in TSOs
Community Protection Forum
 
Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...
Marco Lisi
 
American Bar Assoc. ISC 2009
infracritical
 
Cyber Security Lecture at Rah Rah 7
Filip Maertens
 
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Enrique Martin
 
Strengthening Critical Infrastructure Security.pdf
ssuserc1c354
 
The relation between internet of things, critical infrastructure and cyber se...
Ramiro Cid
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Abhishek Goel
 
Cyber-Physical_Systems_yber Physical system (CPS) is a new generation of digi...
RohitGhulanavar2
 
Cybersecurity for modern industrial systems
Itex Solutions
 
The importance of cie in the digital era
Ricardo de Almeida
 
Cyber security colombo meetup
Eguardian Global Services
 
Conférence ENGIE ACSS 2018
African Cyber Security Summit
 
Drobics trustworthy io-t-for-industrial-applications
Mario Drobics
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Positive Hack Days
 
CS5032 Lecture 20: Dependable infrastructure 2
John Rooksby
 
Cyber security of critical infrastructure
NIRAJSINGH339856
 
ppt_cyber.pptx
NIRAJSINGH339856
 
Ad

More from Massimiliano Masi (17)

PPTX
Cybersecurity Task Force at ASECAP Days 2023
Massimiliano Masi
 
PDF
Enabling a Zero Trust Architecture in Smart Grids through a Digital Twin
Massimiliano Masi
 
PDF
Security and Safety by Design in the Internet of Actors an Architectural Appr...
Massimiliano Masi
 
PDF
Achieving Interoperability Through IHE
Massimiliano Masi
 
PDF
Securing Mobile e-Health Environments by Design: A Holistic Architectural App...
Massimiliano Masi
 
PDF
Enabling Security-by-design in Smart Grids: An architecture-based approach
Massimiliano Masi
 
PPTX
Corso IFTS CyberSecurity Expert - Attacco di Armando e Operazione Black Tulip
Massimiliano Masi
 
PPTX
Corso IFTS CyberSecurity Expert - Creazione di una CA con OpenSSL
Massimiliano Masi
 
PPTX
Corso IFTS CyberSecurity Expert - Cifrai Asimmetrici
Massimiliano Masi
 
PPTX
Corso IFTS CyberSecurity Expert
Massimiliano Masi
 
PPTX
The need for interoperability in blockchain-based initiatives to facilitate c...
Massimiliano Masi
 
PDF
Blockchain Technology - Common Use-Cases
Massimiliano Masi
 
PDF
Automating Smart Grid Solution Architecture Design
Massimiliano Masi
 
PDF
Introduction to Blockchain Technologies
Massimiliano Masi
 
PPTX
eHealth 2018 http://www.ehealth20xx.at/program-blockchain/
Massimiliano Masi
 
PPTX
A governance model for ubiquitous medical devices accessing eHealth data: the...
Massimiliano Masi
 
PPTX
Addressing Security and Provide through IHE Profiles
Massimiliano Masi
 
Cybersecurity Task Force at ASECAP Days 2023
Massimiliano Masi
 
Enabling a Zero Trust Architecture in Smart Grids through a Digital Twin
Massimiliano Masi
 
Security and Safety by Design in the Internet of Actors an Architectural Appr...
Massimiliano Masi
 
Achieving Interoperability Through IHE
Massimiliano Masi
 
Securing Mobile e-Health Environments by Design: A Holistic Architectural App...
Massimiliano Masi
 
Enabling Security-by-design in Smart Grids: An architecture-based approach
Massimiliano Masi
 
Corso IFTS CyberSecurity Expert - Attacco di Armando e Operazione Black Tulip
Massimiliano Masi
 
Corso IFTS CyberSecurity Expert - Creazione di una CA con OpenSSL
Massimiliano Masi
 
Corso IFTS CyberSecurity Expert - Cifrai Asimmetrici
Massimiliano Masi
 
Corso IFTS CyberSecurity Expert
Massimiliano Masi
 
The need for interoperability in blockchain-based initiatives to facilitate c...
Massimiliano Masi
 
Blockchain Technology - Common Use-Cases
Massimiliano Masi
 
Automating Smart Grid Solution Architecture Design
Massimiliano Masi
 
Introduction to Blockchain Technologies
Massimiliano Masi
 
eHealth 2018 http://www.ehealth20xx.at/program-blockchain/
Massimiliano Masi
 
A governance model for ubiquitous medical devices accessing eHealth data: the...
Massimiliano Masi
 
Addressing Security and Provide through IHE Profiles
Massimiliano Masi
 
Ad

Recently uploaded (20)

PDF
Life Cycle Analysis of Electric and Internal Combustion Engine Vehicles
SAMAA
 
PDF
MES Chapter 3 Combined UNIVERSITY OF VISVESHWARAYA
pradyumnagururaja311
 
PDF
book-slidefsdljflsk fdslkfjslf sflgs.pdf
amitJi4
 
PPTX
LESSON 3 Apply Safety Practices mmms.pptx
princeahlyohannesCas
 
PDF
150 caterpillar motor grader service repair manual EB4
Heavy Equipment Manual
 
PPT
Main/Core Business Application User Manual
zash11
 
PDF
6. Chapter Twenty_Managing Mass Communications Advertising Sales Promotions E...
zxq62883
 
PPTX
Applications of SAP S4HANA in Mechanical by Sidhant Vohra (SET23A24040166).pptx
majulanaswaram49
 
PDF
John Deere 460E II Articulated Dump Truck Service Manual.pdf
Service Repair Manual
 
PPTX
diesel comman rail diesel comman hhh rail
ssuser9569c6
 
PPTX
Constitutional Design PPT.pptxl from social science class IX
vikychandi1
 
PPTX
45-Days-of-Engineering-Excellence-132-kV-Grid-Substation-Training.pptx
DilshanKhan7
 
PPT
IOT UNIT –II-IT ppt (1).pptsssssddfdfdffdfd
soumithreddylfhs
 
PPTX
Moral Theology (PREhhhhhhhhhhhhhhhhhhhhhLIMS) (1).pptx
RianCauguiran
 
PDF
TM1611 John Deere 410E service Repair Manual.pdf
Service Repair Manual
 
PDF
harrier-ev-brochure___________________.pdf
vikasvarun3
 
PPTX
Cloud_Computing_ppt[1].pptx132EQ342RRRRR1
fanduday7
 
PDF
Governor Volvo EC55 Service Repair Manual.pdf
Service Repair Manual
 
PPTX
description of motor equipments and its process.pptx
FriendsPark1
 
PPTX
368455847-Relibility RJS-Relibility-PPT-1.pptx
smriti67469
 
Life Cycle Analysis of Electric and Internal Combustion Engine Vehicles
SAMAA
 
MES Chapter 3 Combined UNIVERSITY OF VISVESHWARAYA
pradyumnagururaja311
 
book-slidefsdljflsk fdslkfjslf sflgs.pdf
amitJi4
 
LESSON 3 Apply Safety Practices mmms.pptx
princeahlyohannesCas
 
150 caterpillar motor grader service repair manual EB4
Heavy Equipment Manual
 
Main/Core Business Application User Manual
zash11
 
6. Chapter Twenty_Managing Mass Communications Advertising Sales Promotions E...
zxq62883
 
Applications of SAP S4HANA in Mechanical by Sidhant Vohra (SET23A24040166).pptx
majulanaswaram49
 
John Deere 460E II Articulated Dump Truck Service Manual.pdf
Service Repair Manual
 
diesel comman rail diesel comman hhh rail
ssuser9569c6
 
Constitutional Design PPT.pptxl from social science class IX
vikychandi1
 
45-Days-of-Engineering-Excellence-132-kV-Grid-Substation-Training.pptx
DilshanKhan7
 
IOT UNIT –II-IT ppt (1).pptsssssddfdfdffdfd
soumithreddylfhs
 
Moral Theology (PREhhhhhhhhhhhhhhhhhhhhhLIMS) (1).pptx
RianCauguiran
 
TM1611 John Deere 410E service Repair Manual.pdf
Service Repair Manual
 
harrier-ev-brochure___________________.pdf
vikasvarun3
 
Cloud_Computing_ppt[1].pptx132EQ342RRRRR1
fanduday7
 
Governor Volvo EC55 Service Repair Manual.pdf
Service Repair Manual
 
description of motor equipments and its process.pptx
FriendsPark1
 
368455847-Relibility RJS-Relibility-PPT-1.pptx
smriti67469
 

Securing Critical Infrastructures with a cybersecurity digital twin

  • 1. OCCASIONE D’USO DATA IN GG/MM/AA 1 Securing Critical Infrastructures with a Cybersecurity Digital Twin Massimiliano Masi - <mmasi@autostrade.it> IEEE CBI 2023, Prague 22/06/2023
  • 2. OCCASIONE D’USO DATA IN GG/MM/AA 1. What are critical infrastructures A. The definitions – and the legal context B. Examples: the Intelligent Transport Systems. 2. The problem: OT Security A. Difference between IT/OT Security 1. The use of EA A. A digital twin for cybersecurity: the cybersecurity view B. A systematic creation of the DT starting from the RAMI 4.0 2. A couple of real use cases: a Road Tunnel and C-ITS PROPOSED AGENDA
  • 3. OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures seen from the law The law (2008/114/CE/) defines ‘critical infrastructure’ means an asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions; Examples are (they all have a EA) • Healthcare facilities, and their IT infrastructure • The entire financial sector • Energy, from transmission to distribution • Transportation: road, maritime, aviation, and water supply Critical Infrastructures
  • 4. OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: a Computer Science perspective Usually, critical infrastructures utilizes hardware and software components which are specifically devised for the operations In Healthcare • Medical Equipment under the Medical Device Regulation • Picture Archiving and Communication Systems (PACS) In Energy Supply • Programmable Logic Controllers (PLC) to monitor and actuate energy management • Intelligent Electronic Devices (IED) enabling use cases such as the Virtual Power Plant Critical Infrastructures
  • 5. OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: Cyber-and-Physical Systems A virtual power plant, an water management facility, or truck platooning system, are examples of remote-controlled cyber-and-physical systems. A control room, usually sends commands to actuate the controlled devices to modify the physical world, and receives information from sensors sensing from the real world. In Road Transportation • A red light might affect the traffic regulations In Energy Supply • Sensors may return values from a PV used by a software to decide the day-ahead electricity consumption Critical Infrastructures
  • 6. OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: Cyber-and-Physical Attacks Critical Infrastructures Cybersecurity attacks may be originated from the digital infrastructures to impact on the digital infrastructures itself, or even impact the physical world. And VICEVERSA.
  • 7. OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: Cyber-and-Physical Systems When an attack is performed towards a Critical Infrastructure it may affect our lives. • Trains might not be circulating (economic loss) • Hospitals are not able to treat patients (potential casualties) • Water can be poisoned (potential casualties) • Fuel might not be available (unavailability of vehicles) • Goods might not be circulating (economic loss, and eventual casualties) Think availability of critical infrastructures in case of disasters (natural, human, or war) Campi flegrei • A volcano is sleeping over a population of millions of inhabitants Critical Infrastructures
  • 8. OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: Cyber-and-Physical Systems Critical Infrastructures Protection (CIP) is in most case the mastering of many interdependent subsystems composed by Industrial Automation and Control Systems (IACS – introducing the IEC 62443-x-y jargon) • According with EU JRC, IACS are complex systems composed by all the components (PLCs, SCADA, HMI, Data Loggers) that are integrated into critical infrastructures and industrial production environments. Threats, Countermeasures, risk analyses are different than in IT Cybersercurity Testing Business Continuity Plans is impossible: there is no test tunnel or substation, or water pipe! Critical Infrastructures
  • 9. OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: Cyber-and-Physical Systems Critical Infrastructures
  • 10. OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: interconnected Systems are all interconnected: unavailability of the power grid may have an interruption on the traffic, as tunnels shall be closed after 1 hour of lack of power, which may create congestion in a smart city and patients can’t be hospitalised… This is at european level! Reasons of such cascading effects? Critical Infrastructures
  • 11. OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures: We need EA! Critical Infrastructures
  • 12. OCCASIONE D’USO DATA IN GG/MM/AA Critical Infrastructures are complex systems of systems • All interconnected, different data domains • No test infrastructures, usually the system is tailored to the specific use case • (Luckily) CI owners are required to test business continuity and incident response plans. • Need to include also physical attacks that can influence the digital world and viceversa. How to solve? The Problem
  • 13. OCCASIONE D’USO DATA IN GG/MM/AA Securing OT systems is different than Typical IT • Availability over Integrity and Confidentiality • The phases: (rare) Security By Design, Securing Legacy, and Attack Simulations • Systems are there to stay: they expose vulnerabilities solved in IT decades ago • PLCs are different than Computers, the programming languages does not have the modern measures (buffer overflows are normal) • The traffic of the communication network should be exactly the one expected by the devices. Pings of Death are possible • Attacker can be APTs, or disgruntled employees, skilled on the IACS functioning Typical Countermeasures • Network segregation and segmentation, DMZ, no ZTNA as today • Attacker is Dolev-Yao, omnipotent • And many other myths https://gca.isa.org/blog/common-ics-cybersecurity-myths-lessons- learned OT (and I-IoT) Security
  • 14. OCCASIONE D’USO DATA IN GG/MM/AA THE ROLE OF A MOTORWAY OPERATOR THE CONTEXT Road Operators are considered critical infrastructures in some countries. • Service Disruptions impact other critical infrastructure [ENISA] • Service is delivered through IT/OT/IoT infrastructure: Variable Message Signs, C-ITS, Red lights. Such data is used for Traffic Management Plans • Road operators are interconnected indirectly through National Access Points and directly to exchange Real Time Traffic Information (RTTI) and Safety Related Traffic Information (SRTI) • It is also a typical company, with IT systems: endpoints, ERP, social networking PECULIARITIES [ENISA] Good Practices on Interdependencies between OES and DSPs, Nov. 2018 IMPACTS 14 • Usually operates Optic Fiber-based network equipment, geographically distributed • Energy supply, Diesel Engines, Radio Equipment, Charging Stations • Network congestion could cause pressure on other adjacent infrastructures (Hospitals, Smart Cities, Good delivery), and causes vehicle crashes • Malfunctioning on a Road Tunnel IoT/OT equipment can cause injuries and deaths
  • 15. OCCASIONE D’USO DATA IN GG/MM/AA DATA FROM DIFFERENT SECURITY DOMAINS THE CONTEXT Typical data journey • Read from a sensor on the road (IoT). Data is semantically and syntactically different (e.g., CCTV, LoraWAN). • Sensors and actuators in Tunnels. Data is exchanged using OT protocols from IoT devices, actuating tunnel pumps in case of fire. • Data arrives in a Data Center or in a Cloud VPC. Risks related to cloud have to be considered • Data is elaborated in a Traffic Control Center:Traffic Management Plans, SRTI, RTTI, send Hazardous Location Notification • C-ITS data arrives at 10hz per vehicle over a public network (DSRC) According with IEC 62443, those may have different Security Level Target (SL-T) • This means different countermeasures on integrity, confidentiality • How to trust data from C-ITS? Security Policy only requires a “ISO 27001 certification” 15
  • 16. OCCASIONE D’USO DATA IN GG/MM/AA RAMI, 27001, 62443 THE CONTEXT Use of IEC 62443 • Mapping all the abstract architectural assets to the RAMI 4.0 framework • Use Business and Functional as target for the high-level risk analysis • Use Communication as hint for zone and conduit • Use integration and assets to select the items for the low-level risk analysis • Perform security testing The 27001 protection rings • Multi-compliance: security zones share 27001 and 62443 requirements • Use of the NIST Cybersecurity Framework as a mapping tool • IEC 62443-2-1 and the related TR, should be updated 16
  • 17. OCCASIONE D’USO DATA IN GG/MM/AA Many definitions and many publications • In this context it is adopted the definition from Grieves, Manufacturing Excellence Through Virtual Factory Replication (2015) • We consider a virtual description of a physical product that is accurate to both micro-and macro- level. • Digital twins exhibit fidelity, a high number of parameters transferred between the physical and the virtual entity, high accuracy and a satisfying level of abstraction. • In the past physical models have been widely used in engineering and architecture to help the design and facilitate physical testing of buildings, plants, machines and systems. • Digital twin can be either inline, where an actuation on the twin has an immediate effect on the system, or asynchronous, where an actuation on the twin is actuated at a second stage DIGITAL TWIN
  • 18. OCCASIONE D’USO DATA IN GG/MM/AA Many definitions and many publications • Other meanings are as digital shadows, when not communicating or interacting with their physical counterpart, or models • The use of a Digital Twin in Cybersecurity is not new. Publications and PoC exists to demonstrate its usage for Security Operation Centre DIGITAL TWIN We are using a methodology that systematically gets the description of the IACS from its Reference Architecture and builds its digital twin. On that, we evaluate countermeasures, and we test Business Continuity Plans. Results will be then, asynchronously, implemented site by site
  • 19. OCCASIONE D’USO DATA IN GG/MM/AA It is divided in 3 steps • It leverages the concept of Reference Architecture and Solution Architecture to produce the architecture models needed to design the cybersecurity Digital Twin • It starts with a model or by mapping the system into a Reference Architecture. • We introduce a cybersecurity view with the following viewpoint • Overview: enabling the assessment of BCPs and security posture of IACS • Concerns: decrease the cyber-threat risk to acceptable levels • Anti-Concerns: ROI Analysis • Typical Stakeholders: business decision makers and cybersecurity experts • Mode Kind • Choose a Reference Architecture Framework • Translating the View into a Digital Twin • Identify Attack Scenarios The Methodology
  • 20. OCCASIONE D’USO DATA IN GG/MM/AA Generating a Cybersecurity View • Choose an Architecture Framework (e.g., RAMI 4.0, SGAM, TOGAF). It is worth noting that the methodology is parametric, as long as mapping exists • For legacy systems, a mapping is required from the system to the EA conceptual space • The mapping may be guided by existing frameworks, such as the NIST CSF for CIP. • Once the system is in the conceptual space, the view is created by selecting the architectural elements to be protected, by Business Impact Analyses, Risk Analysis, regulations Step 1
  • 21. OCCASIONE D’USO DATA IN GG/MM/AA Deriving the Cybersecurity Digital Twin • The elements in the EA Conceptual space in the Cybersecurity View are translated into Meta Attack Language (MAL) Step 2
  • 22. OCCASIONE D’USO DATA IN GG/MM/AA Security simulations and countermeasure identification • Once the system is represented in MAL, SecuriCAD has been used to perform simulations • Simulations are performed using a twin concept, which includes specific threats related to the IACS (e.g, water poisoning, or tunnel light system availability) • Simulations enable reasonings also on the Techniques, Tactics, and Procedures from the MITRE ATT&CK matrix for ICS Step 3
  • 23. OCCASIONE D’USO DATA IN GG/MM/AA The methodology in Practice: a Road Tunnel
  • 24. OCCASIONE D’USO DATA IN GG/MM/AA Target for (cyber)terrorist attacks • By nature, a tunnel connects two sites physically separated by geographic obstacles (mountain, rivers, sea) • Hence a malfunctioning tunnel leads to economic loss and pressure over other infrastructures lying on both sides of the entrance. • Road Authorities are required to perform risk analysis and business continuity plans Road Tunnels
  • 25. OCCASIONE D’USO DATA IN GG/MM/AA Building a reference architecture of the road tunnel and generating a Cybersecurity View • The system under analysis already exist, and no EA conceptual models are available • We mapped all the components of a single tunnel (around 200) into RAMI 4.0 to create the EA space • The cybersecurity mappings have been performed following the NIST CSF CIP v1.1. • ID.AM-3 – data flows are mapped -> all the traffic from all the switches has been sniffed and the entire network map has been created. Results of elements in the RAMI 4.0 Communication layer • ID.AM-2 - Software platforms and applications within the organization are inventoried -> Results are elements in the RAMI 4.0 Asset layer Phase 1
  • 26. OCCASIONE D’USO DATA IN GG/MM/AA Phase 2: deriving the cybersecurity digital twin From: Massimiliano Masi, Giovanni Paolo Sellitto, Helder Aranha, Tanja Pavleska: Securing critical infrastructures with a cybersecurity digital twin. Softw. Syst. Model. 22(2): 689-707 (2023)
  • 27. OCCASIONE D’USO DATA IN GG/MM/AA Phase 3: Simulations • Excerpt from the digital twin • Two attack scenario: • SCADA compromised by a credential leak without MFA • Maintainer laptop with Industroyer • Segregation at firewall level is easy, but what is the impact? • Costs, maintenance, unfeasible • Air gapping solutions? • Other techniques bypassing air gap exists, unfeasible • Adding an Intrusion Detection System nearby the SCADA? • Would not hinder availability • Detection procedures and automations shall be in place • With MAL and SecuriCAD we have been able to show the effects and the costs-effectiveness analysis to management
  • 28. OCCASIONE D’USO DATA IN GG/MM/AA Countermeasures have been implemented • The results obtained from the simulations have been implemented in tunnels • Business Continuity Plans are created, designed, and simulated for their safety before changing the traffic regulations (BCP tests can’t be performed with live traffic) • The model is used for continuous improvement: when new attack techniques, or scenario arise, we perform detailed simulations – other product exists, but the model is systematically created from the system After the Simulations
  • 29. OCCASIONE D’USO DATA IN GG/MM/AA 29 CONCLUSIONS Complexity of Critical Infrastructure Protection 29 What we have seen A methodology to use MAL as a model representing the CI Simulations over a road Tunnel

Editor's Notes

  • #2: TITOLO | Carattere Univers | Grandezza carattere 36 | GRASSETTO SOTTOTITOLO | Carattere Univers | Grandezza carattere 20 | GRASSETTO In alto a destra inserire sempre con Carattere Univers 14 | GRASSETTO | COLORE BIANCO Occasione d’uso (es. CDA) Struttura o Direzione scrivente Data con gg/mm/aa