Rafał Leszczyna

Approach to security assessment of critical infrastructures’ information systems

This study presents an approach to the security assessment of the information systems of critical infrastructures. The approach is based on the faithful reconstruction of the evaluated information system in a computer security laboratory followed by simulations of possible threats against the system. The evidence collected during the experiments, stored and organised using a proprietary system InSAW, may later be used for the creation of trust cases which provide valuable information for the end users of the infrastructure. Another new proposal is MAlSim - mobile agent-based simulator of malicious software (viruses, worms, etc). To the best of the authors- knowledge, such a simulator has not been proposed before. The present approach was applied to the verification of the security of industrial control systems and power plants. In the study, one of the experiments related to the security study of an information system of a power plant, a simulation of zero-day worm attack, is described.

Security evaluation of IT systems underlying critical networked infrastructures

Critical infrastructures have become highly dependent on information and communication technology (ICT). The drawback of this situation is that the consequences of disturbances of the underlying ICT networks may be serious as cascading effects can occur. This raises a high demand for security assurance, with a high importance assigned to security evaluations. In this paper we present an experiment-centric approach for the characterisation and assessment of security threats to information systems of industrial critical infrastructures. The description of the approach is followed with a presentation of the supporting hardware and software architecture.

Security information sharing for smart grids: Developing the right data model

The smart grid raises new security concerns which require novel solutions. It is commonly agreed that to protect the grid the effective collaboration and information sharing between the relevant stakeholders is prerequisite. Developing a security information sharing platform for the smart grid is a new research direction which poses several challenges related to the highly distributed and heterogeneous character of the grid. In this paper an approach to developing a data model for security information sharing platform for the smart grid which responds to these questions is presented together with the results of its application.

Approaching secure industrial control systems

This study presents a systematic approach to secure industrial control systems based on establishing a business case followed by the development of a security programme. To support these two fundamental activities the authors propose a new method for security cost estimation and a security assessment scheme. In this study they explain the cost evaluation technique and illustrate with a case study concerning the assessment of the cost of information security assurance activities in a division of a Polish manufacturer of passenger and commercial tyres. They further present the steps of their security assessment scheme and demonstrate how they integrate with the overall approach for protecting industrial control systems.

Agents in Simulation of Cyberattacks to Evaluate Security of Critical Infrastructures

In the last years critical infrastructures have become highly dependent on the information technologies and exposed to cyberattacks. Because the effects of the attacks can be detrimental, it is crucial to comprehensively asses the security of the infrastructures’ information systems. This chapter describes MAlSim – the simulator of malicious software based on software agents, developed for the needs of a testbed for critical infrastructures security. The authors explain the choice of agent paradigm for the development of the toolkit, present main design decisions, overview changes to the project introduced during the implementation, and provide the details of the completed project followed by a brief description of the application of MAlSim to security evaluation of a power plant. The chapter concludes with the discussion of the perspectives for the future of agent technology based on the experiences which came during the course of the project.

Evaluation of open source SIEM for situation awareness platform in the smart grid environment

The smart grid as a large-scale system of systems has an exceptionally large surface exposed to cyber-attacks, including highly evolved and sophisticated threats such as Advanced Persistent Threats (APT) or Botnets. When addressing this situation the usual cyber security technologies are prerequisite, but not sufficient. The smart grid requires developing and deploying an extensive ICT infrastructure that supports significantly increased situational awareness and enables detailed and precise command and control. The paper presents one of the studies related to the development and deployment of the Situation Awareness Platform for the smart grid, namely the evaluation of open source Security Information and Event Management systems. These systems are the key components of the platform.

Tool support for detecting defects in object-oriented models

Object-oriented models are commonly used in software projects. They may be affected, however, by various defects introduced easily due to e.g. wrong understanding of modelled reality, making wrong assumptions or editorial mistakes. The defects should be identified and corrected as early as possible, preferably before the model is used as the basis for the subsequent representations of the system. To assure the effectiveness of the defect detection process we need both, better analysis methods and effective tool support. The paper introduces a new analytical method called UML-HAZOP and presents a tool supporting the application of this method.

Security requirements and controls for incident information sharing in the polish power system

Among the strategies of protecting information assets of the power system, sharing of information about current cybersecurity incidents between energy operators appears to be a prerequisite. Exchange of information leads to the effective detection of attacks and exploited vulnerabilities as well as the identification of countermeasures. This paper presents the results of continuation of our works on developing a secure and efficient information sharing platform for the power system, namely the security requirements for the platform together with the approach of their elicitation as well as security controls which respond to them.

Security information sharing for the polish power system

The Polish Power System is becoming increasingly more dependent on Information and Communication Technologies which results in its exposure to cyberattacks, including the evolved and highly sophisticated threats such as Advanced Persistent Threats or Distributed Denial of Service attacks. The most exposed components are SCADA systems in substations and Distributed Control Systems in power plants. When addressing this situation the usual cyber security technologies are prerequisite, but not sufficient. With the rapidly evolving cyber threat landscape the use of partnerships and information sharing has become critical. However due to several anonymity concerns the relevant stakeholders may become reluctant to exchange sensitive information about security incidents. In the paper a multi-agent architecture is presented for the Polish Power System which addresses the anonymity concerns.

Standards on cyber security assessment of smart grid

Abstract Security evaluation of communication systems in smart grid poses a great challenge to the developers and operators. In recent years, many new smart grid standards were proposed, which paradoxically results in the difficulty in finding a relevant publication in this plethora of literature. This paper presents the results of a systematic analysis which aimed at addressing this issue by identifying standards that present sound security assessment guidance. This should help practitioners in choosing the standards that are applicable to their area. Additionally the contents extracted from the standards can serve as a useful guidance on security assessments of smart grid components.