Abstract
An important question facing critical infrastructure owners and operators is how their assets could be made to fail by the various threat actors. Designing, enumerating and analyzing failure scenarios helps explore the assumptions made on the operational side, the value of current mitigations and the need for certain types of protection mechanisms. This chapter describes the formulation of 55 failure scenarios in the natural gas distribution infrastructure. These failure scenarios highlight a range of potential threats across the natural gas infrastructure, from transmission to distribution and home metering. The chapter also describes a multi-pronged approach used to develop failure scenarios for the gas sector and compares them against the scenarios developed for the electric sector. The focus is on the concepts underlying the failure scenarios and their use, the threat model they encompass, and the assumptions, lessons learned and caveats underpinning their creation.
Chapter PDF
Similar content being viewed by others
References
O. Alexander, ICS ATT&CK, presented at the Thirty-Third Annual Computer Security Applications Conference, 2017
P. Ammann, D. Wijesekera and S. Kaushik, Scalable, graph-based network vulnerability analysis, Proceedings of the Ninth ACM Conference on Computer and Communications Security, pp. 217–224, 2002
Automation Federation, LOGIIC: Improving Cybersecurity in the Oil and Natural Gas Sector, Research Triangle Park, North Carolina (www.automationfederation.org/Logiic/Logiic), 2019
Cyber Resilient Energy Delivery Consortium, Information Trust Institute, University of Illinois at Urbana-Champaign, Urbana, Illinois (cred-c.org), 2019
Federal Energy Regulatory Commission, Critical Energy/Electric Infrastructure Information (CEII), Washington, DC (www.ferc.gov/legal/ceii-foia/ceii.asp), 2019
P. Hawrylak, M. Haney, M. Papa and J. Hale, Using hybrid attack graphs to model cyber-physical attacks in the smart grid, Proceedings of the Fifth International Symposium on Resilient Control Systems, pp. 161–164, 2012
E. Hutchins, M. Cloppert and R. Amin, Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains, Proceedings of the Sixth International Conference on Information Warfare and Security, pp. 113–125, 2011
M. Locasto, Helping students 0wn their own code, IEEE Security and Privacy, vol. 7(3), pp. 53–56, 2009
M. Locasto and M. Little, A failure-based discipline of trustworthy information systems, IEEE Security and Privacy, vol. 9(4), pp. 71–75, 2011
MITRE Corporation, ATT&CK Matrix for Enterprise, Bedford, Massachusetts (attack.mitre.org), 2019
National Electric Sector Cybersecurity Organization Resource, Electric Sector Failure Scenarios and Impact Analyses – Version 3.0, Washington, DC (smartgrid.epri.com/doc/NESCOR%20Failure%20Scenarios%20v3%2012-11-15.pdf), 2015
National Transportation Safety Board, Pacific Gas and Electric Company Natural Gas Transmission Pipeline Rupture and Fire, San Bruno, California, September 9, 2010, Pipeline Accident Report NTSB/PAR-11/01, Washington, DC, 2011
Office of Electricity, Liberty Eclipse Exercise Summary Report, U.S. Department of Energy, Washington, DC (www.energy.gov/oe/articles/liberty-eclipse-exercise-summary-report), 2017
Pipeline and Hazardous Materials Safety Administration, Natural Gas Pipeline Systems, U.S. Department of Transportation, Washington, DC (primis.phmsa.dot.gov/comm/naturalgaspipelinesystems.htm), 2019
Pipeline and Hazardous Materials Safety Administration, Pipeline Failure Investigation Reports, U.S. Department of Transportation, Washington, DC (www.phmsa.dot.gov/safety-reports/pipeline-failure- investigation-reports), 2019
O. Sheyner, J. Haines, S. Jha, R. Lippmann and J. Wing, Automated generation and analysis of attack graphs, Proceedings of the IEEE Symposium on Security and Privacy, pp. 273–284, 2002
B. Strom, A. Applebaum, D. Miller, K. Nickels, A. Pennington and C. Thomas, MITRE ATT&CK: Design and Philosophy, MITRE Product MP 18-0944-11, MITRE Corporation, McLean, Virginia, 2018
Transportation Safety Board of Canada, Pipeline Transportation Safety Investigations and Reports, Gatineau, Canada (www.bst-tsb.gc.ca/eng/rapports-reports/pipeline/index.asp), 2019
Transportation Security Administration, Pipeline Security and Incident Recovery Protocol Plan, Pentagon City, Virginia, 2010
Transportation Security Administration, Pipeline Security Smart Practice Observations, Pentagon City, Virginia, 2011
Transportation Security Administration, Pipeline Security Guidelines, Pentagon City, Virginia, 2018
Transportation Security Administration, Sensitive Security Information, Pentagon City, Virginia (www.tsa.gov/for-industry/sensitive-security-information), 2019
Transportation Security Administration, Surface Transportation, Pentagon City, Virginia (www.tsa.gov/for-industry/surface-transport ation), 2019
Trustworthy Cyber Infrastructure for the Power Grid, Information Trust Institute, University of Illinois at Urbana-Champaign, Urbana, Illinois (tcipg.org), 2019
U.S. Department of Homeland Security, LOGIIC: Linking the Oil and Gas Industry to Improve Cybersecurity, Science and Technology Directorate, Washington, DC (www.dhs.gov/science-and-technology/logiic#), 2016
U.S. Department of Homeland Security, Protected Critical Infrastructure Information (PCII) Program, Washington, DC (www.dhs.gov/pcii-program), 2019
L. Wang, T. Islam, T. Long, A. Singhal and S. Jajodia, An attack graph-based probabilistic security metric, in Data and Applications Security XXII, V. Atluri (Ed.), Springer, Berlin Heidelberg, Germany, pp. 283–296, 2008
Waterfall Security Solutions, The Top 20 Cyber Attacks on Industrial Control Systems, Rosh Ha’ayin, Israel (waterfall-security.com/20-attacks), 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 IFIP International Federation for Information Processing
About this paper
Cite this paper
Locasto, M., Balenson, D. (2019). A Comparative Analysis Approach for Deriving Failure Scenarios in the Natural Gas Distribution Infrastructure. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XIII. ICCIP 2019. IFIP Advances in Information and Communication Technology, vol 570. Springer, Cham. https://doi.org/10.1007/978-3-030-34647-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-34647-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34646-1
Online ISBN: 978-3-030-34647-8
eBook Packages: Computer ScienceComputer Science (R0)