Quantum Key Distribution for Critical Infrastructures: Towards Cyber-Physical Security for Hydropower and Dams

Hydropower facilities are often remotely monitored or controlled from a centralized remote control room. Additionally, major component manufacturers monitor the performance of installed components, increasingly via public communication infrastructures. While these communications enable efficiencies and increased reliability, they also expand the cyber-attack surface. Communications may use the internet to remote control a facility's control systems, or it may involve sending control commands over a network from a control room to a machine. The content could be encrypted and decrypted using a public key to protect the communicated information. These cryptographic encoding and decoding schemes become vulnerable as more advances are made in computer technologies, such as quantum computing. In contrast, quantum key distribution (QKD) and other quantum cryptographic protocols are not based upon a computational problem, and offer an alternative to symmetric cryptography in some scenarios. Although the underlying mechanism of quantum cryptogrpahic protocols such as QKD ensure that any attempt by an adversary to observe the quantum part of the protocol will result in a detectable signature as an increased error rate, potentially even preventing key generation, it serves as a warning for further investigation. In QKD, when the error rate is low enough and enough photons have been detected, a shared private key can be generated known only to the sender and receiver. We describe how this novel technology and its several modalities could benefit the critical infrastructures of dams or hydropower facilities. The presented discussions may be viewed as a precursor to a quantum cybersecurity roadmap for the identification of relevant threats and mitigation.

Detecting Cyber Attacks In-Vehicle Diagnostics Using an Intelligent Multistage Framework

The advanced technology of vehicles makes them vulnerable to external exploitation. The current trend of research is to impose security measures to protect vehicles from different aspects. One of the main problems that counter Intrusion Detection Systems (IDSs) is the necessity to have a low false acceptance rate (FA) with high detection accuracy without major changes in the vehicle network infrastructure. Furthermore, the location of IDSs can be controversial due to the limitations and concerns of Electronic Control Units (ECUs). Thus, we propose a novel framework of multistage to detect abnormality in vehicle diagnostic data based on specifications of diagnostics and stacking ensemble for various machine learning models. The proposed framework is verified against the KIA SOUL and Seat Leon 2018 datasets. Our IDS is evaluated against point anomaly attacks and period anomaly attacks that have not been used in its training. The results show the superiority of the framework and its robustness with high accuracy of 99.21%, a low false acceptance rate of 0.003%, and a good detection rate (DR) of 99.63% for Seat Leon 2018, and an accuracy of 99.22%, a low false acceptance rate of 0.005%, and good detection rate of 98.59% for KIA SOUL.

Predicting Cybersecurity Threats in Critical Infrastructure for Industry 4.0: A Proactive Approach Based on Attacker Motivations

In Industry 4.0, manufacturing and critical systems require high levels of flexibility and resilience for dynamic outcomes. Industrial Control Systems (ICS), specifically Supervisory Control and Data Acquisition (SCADA) systems, are commonly used for operation and control of Critical Infrastructure (CI). However, due to the lack of security controls, standards, and proactive security measures in the design of these systems, they have security risks and vulnerabilities. Therefore, efficient and effective security solutions are needed to secure the conjunction between CI and I4.0 applications. This paper predicts potential cyberattacks and threats against CI systems by considering attacker motivations and using machine learning models. The approach presents a novel cybersecurity prediction technique that forecasts potential attack methods, depending on specific CI and attacker motivations. The proposed model's accuracy in terms of False Positive Rate (FPR) reached 66% with the trained and test datasets. This proactive approach predicts potential attack methods based on specific CI and attacker motivations, and doubling the trained data sets will improve the accuracy of the proposed model in the future.

Bayesian Estimation of Oscillator Parameters: Toward Anomaly Detection and Cyber-Physical System Security

Cyber-physical system security presents unique challenges to conventional measurement science and technology. Anomaly detection in software-assisted physical systems, such as those employed in additive manufacturing or in DNA synthesis, is often hampered by the limited available parameter space of the underlying mechanism that is transducing the anomaly. As a result, the formulation of anomaly detection for such systems often leads to inverse or ill-posed problems, requiring statistical treatments. Here, we present Bayesian inference of unknown parameters associated with a generic actuator considered as a representative vital element of a cyber-physical system. Via a series of experimental input-output measurements, a transfer function for the actuator is obtained numerically, which serves as our model for the proposed method. Linear, nonlinear, and delayed dynamics may be assumed for the actuator response. By devising a code-based malicious signal, we study the efficacy of Bayesian inference for its potential to produce a detection, including uncertainty quantification, with a remarkably small number of input data points. Our approach should be adaptable to a variety of real-time cyber-physical anomaly detection scenarios.

False Data Injection Detection for Phasor Measurement Units

Cyber-threats are becoming a big concern due to the potential severe consequences of such threats is false data injection (FDI) attacks where the measures data is manipulated such that the detection is unfeasible using traditional approaches. This work focuses on detecting FDIs for phasor measurement units where compromising one unit is sufficient for launching such attacks. In the proposed approach, moving averages and correlation are used along with machine learning algorithms to detect such attacks. The proposed approach is tested and validated using the IEEE 14-bus and the IEEE 30-bus test systems. The proposed performance was sufficient for detecting the location and attack instances under different scenarios and circumstances.

Verification and validation of an automated robot inspection cell for automotive body-in-white: a use case for the VALU3S ECSEL project

Verification and validation (V&V) of systems, and system of systems, in an industrial context has never been as important as today. The recent developments in automated cyber-physical systems, digital twin environments, and Industry 4.0 applications require effective and comprehensive V&V mechanisms. Verification and Validation of Automated Systems' Safety and Security (VALU3S), a Horizon 2020 Electronic Components and Systems for European Leadership Joint Undertaking (ECSEL-JU) project started in May 2020, aims to create and evaluate a multi-domain V&V framework that facilitates evaluation of automated systems from component level to system level, with the aim of reducing the time and effort needed to evaluate these systems. VALU3S focuses on V&V for the requirements of safety, cybersecurity, and privacy (SCP). This paper mainly focuses on the elaboration of one of the 13 use cases of VALU3S to identify the SCP issues in an automated robot inspection cell that is being actively used for the quality control assessment of automotive body-in-white. The joint study here embarks on a collaborative approach that puts the V&V methods and workflows for the robotic arms safety trajectory planning and execution, fault injection techniques, cyber-physical security vulnerability assessment, anomaly detection, and SCP countermeasures required for remote control and inspection. The paper also presents cross-links with ECSEL-JU goals and the current advancements in the market and scientific and technological state-of-play.

Cybersecurity in Power Grids: Challenges and Opportunities

Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, and (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, as well as identify further opportunities to strengthen cybersecurity in interconnected power grids.

Assessing the Role of Cyberbiosecurity in Agriculture: A Case Study

Agriculture has adopted the use of smart technology to help meet growing food demands. This increased automation and associated connectivity increases the risk of farms being targeted by cyber-attacks. Increasing frequency of cybersecurity breaches in many industries illustrates the need for securing our food supply chain. The uniqueness of biological data, the complexity of integration across the food and agricultural system, and the importance of this system to the U.S. bioeconomy and public welfare suggests an urgency as well as unique challenges that are not common across all industries. To identify and address the gaps in awareness and knowledge as well as encourage collaborations, Virginia Tech hosted a virtual workshop consisting of professionals from agriculture, cybersecurity, government, and academia. During the workshop, thought leaders and influencers discussed 1) common food and agricultural system challenges, scenarios, outcomes and risks to various sectors of the system; 2) cyberbiosecurity strategies for the system, gaps in workforce and training, and research and policy needs. The meeting sessions were transcribed and analyzed using qualitative methodology. The most common themes that emerged were challenges, solutions, viewpoints, common vocabulary. From the results of the analysis, it is evident that none of the participating groups had available cybersecurity training and resources. Participants were uncertain about future pathways for training, implementation, and outreach related to cyberbiosecurity. Recommendations include creating training and education, continued interdisciplinary collaboration, and recruiting government involvement to speed up better security practices related to cyberbiosecurity.

A Novel Technique to Detect False Data Injection Attacks on Phasor Measurement Units

The power industry is in the process of grid modernization with the introduction of phasor measurement units (PMUs), advanced metering infrastructure (AMI), and other technologies. Although these technologies enable more reliable and efficient operation, the risk of cyber threats has increased, as evidenced by the recent blackouts in Ukraine and New York. One of these threats is false data injection attacks (FDIAs). Most of the FDIA literature focuses on the vulnerability of DC estimators and AC estimators to such attacks. This paper investigates FDIAs for PMU-based state estimation, where the PMUs are comparable. Several states can be manipulated by compromising one PMU through the channels of that PMU. A Phase Locking Value (PLV) technique was developed to detect FDIAs. The proposed approach is tested on the IEEE 14-bus and the IEEE 30-bus test systems under different scenarios using a Monte Carlo simulation where the PLV demonstrated an efficient performance.

Physical-Model-Checking to Detect Switching-Related Attacks in Power Systems

Recent public disclosures on attacks targeting the power industry showed that savvy attackers are now capable of occulting themselves from conventional rule-based network intrusion detection systems (IDS), bringing about serious threats. In order to leverage the work of rule-based IDS, this paper presents an artificially intelligent physical-model-checking intrusion detection framework capable of detecting tampered-with control commands from control centers of power grids. Unlike the work presented in the literature, the work in this paper utilizes artificial intelligence (AI) to learn the load flow characteristics of the power system and benefits from the fast responses of the AI to decode and understand contents of network packets. The output of the AI is processed through an expert system to verify that incoming control commands do not violate the physical system operational constraints and do not put the power system in an insecure state. The proposed content-aware IDS is tested in simulation on a 14-bus IEEE benchmark system. Experimental verification on a small power system, with an IEC 61850 network architecture is also carried out. The results showed the accuracy of the proposed framework in successfully detecting malicious and/or erroneous control commands.

Cyberbiosecurity: An Emerging New Discipline to Help Safeguard the Bioeconomy

Cyberbiosecurity is being proposed as a formal new enterprise which encompasses cybersecurity, cyber-physical security and biosecurity as applied to biological and biomedical-based systems. In recent years, an array of important meetings and public discussions, commentaries and publications have occurred that highlight numerous vulnerabilities. While necessary first steps, they do not provide a systematized structure for effectively promoting communication, education and training, elucidation and prioritization for analysis, research, development, test and evaluation and implementation of scientific, technological, standards of practice, policy, or even regulatory or legal considerations for protecting the bioeconomy. Further, experts in biosecurity and cybersecurity are generally not aware of each other's domains, expertise, perspectives, priorities, or where mutually supported opportunities exist for which positive outcomes could result. Creating, promoting and advancing a new discipline can assist with formal, beneficial and continuing engagements. Recent key activities and publications that inform the creation of Cyberbiosecurity are briefly reviewed, as is the expansion of Cyberbiosecurity to include biomanufacturing which is supported by a rigorous analysis of a biomanufacturing facility. Recommendations are provided to initialize Cyberbiosecurity and place it on a trajectory to establish a structured and sustainable discipline, forum and enterprise.