Dennis Gammel

Toward a cyber-physical topology language: applications to NERC CIP audit

Our Cyber-Physical Topology Language (CPTL) provides a language that utilities can use to programmatically analyze current and future cyber-physical architectures. The motivation for our research emerged from the importance and limitations of several audit scenarios: account management, vulnerability assessment, and configuration management. Those scenarios occur in the context of the North American Electric Reliability Corporations Critical Infrastructure Protection (NERC CIP) audits. The NERC CIP standards define security controls by which utilities must be audited. Although the standards were designed to make power control networks less vulnerable to cyber attack and to decrease the chance of outages, the audit process is manual and costly. In order to save utilities and auditors time and money, we used the limitations of those audit scenarios in formally specifying and implementing CPTL, which consists of both a representation of cyber-physical assets and operations upon that representation. First, CPTL uses graph theory to represent a network of cyber-physical assets; we currently implement this representation in GraphML. Second, CPTL defines operations upon that representation. In this paper, we introduce operators to process attributes by expanding and contracting components of a network, and implement these operations using the Boost Graph Library (BGL). In order to demonstrate the potential for CPTL to save auditors and utilities time and money, we provide a detailed example of how CPTL could help with vulnerability assessment and discuss additional applications beyond the audit scenarios mentioned above. We describe current approaches to those scenarios and argue that CPTL improves upon both the state-of-the-art and current practice. In fact, we intend CPTL to enable a broad range of new research on realistic cyber-physical architectures by giving utilities, auditors, managers, and researchers a common language with which to communicate and analyze those architectures.

Ukraine cyber-induced power outage: Analysis and practical mitigation strategies

On December 23, 2015, a “temporary malfunction of the power supply” in three provinces in Ukraine resulted in power outages that lasted up to six hours and affected 225,000 customers. Following the event, an investigation identified evidence that several regional Ukraine power control systems had been compromised by cyber attacks. This was the first publicly documented successful cyber attack on an electric utilitys control system. Both asset owners and government officials around the world now are asking, “What happened and could a similar cyber attack happen in our control systems?” This paper provides an analysis of the Ukraine cyber attack, including how the malicious actors gained access to the control system, what methods the malicious actors used to explore and map the control system, a detailed description of the December 23, 2015 attacks, and methods used by the malicious actors to erase their activities and make remediation more difficult. We then present a detailed description of securing utility power system control systems based on best practices, including control system network design, whitelisting techniques, monitoring and logging, and personnel education. The paper concludes with a discussion of mitigation methods and recommendations that would have protected the Ukraine control system and alerted personnel in advance of the cyber attack.

Cybersecurity best practices for creating resilient control systems

Control systems manage the automated systems that run our world. The security of these systems is critical, but most modern best practice guidelines focus on enterprise security, similar to that of traditional information technology and security. This paper provides eight basic guidelines to increase cybersecurity in control systems.