Abstract
A river zonal dispatcher is a system that sends collected environmental data to a national dispatcher and sends warnings in case of danger (such as flooding of river basins). If the system fails to function normally, warnings may cease, putting lives and property in serious peril. We have examined the security of a river zonal dispatcher using the ADVISE modeling formalism in the Möbius modeling tool. This work both illustrates the usefulness of ADVISE in choosing among alternative approaches to system security and provides a quantitative evaluation of the dispatcher itself. In doing so, it shows whether intrusion detection systems (IDSes) make a difference in the behavior of an adversary, and which path of attack is most attractive to particular types of adversaries.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gao, W., Morris, T., Reaves, B., Richey, D.: On SCADA control system command and response injection and intrusion detection. In: Proceedings of the 2010 eCrime Researchers Summit (eCrime), pp. 1–9, October 2010
LeMay, E., Ford, M., Keefe, K., Sanders, W., Muehrcke, C.: Model-based security metrics using ADversary VIew Security Evaluation (ADVISE). In: Proceedings of the 2011 Eighth International Conference on Quantitative Evaluation of Systems (QEST), pp. 191–200, September 2011
LeMay, E.: Adversary-driven state-based system security evaluation. Ph.D. thesis, University of Illinois at Urbana-Champaign, Urbana, IL (2011). http://www.perform.illinois.edu/Papers/USAN_papers/11LEM02.pdf
Meyer, J.F., Movaghar, A., Sanders, W.H.: Stochastic activity networks: structure, behavior, and application. In: Proceedings of the International Conference on Timed Petri Nets, Torino, Italy, pp. 106–115, July 1985
Modbus: Modbus application protocol specification v1.1b3, April 2012. http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b3.pdf
Morris, T.H., Gao, W.: Industrial control system cyber attacks. In: Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research 2013, ICS-CSR 2013, pp. 22–29. BCS, UK (2013)
Stoian, I., Ignat, S., Capatina, D., Ghiran, O.: Security and intrusion detection on critical SCADA systems for water management. In: Proceedings of the 2014 IEEE International Conference on Automation, Quality and Testing, Robotics, pp. 1–6, May 2014
Tenable Network Security Inc.: Modicon Modbus/TCP programming function code access (2016). https://www.tenable.com/plugins/index.php?view=single&id=23819
U.S. Department of Homeland Security: Dams sector-specific plan: an annex to the national infrastructure protection plan (2010). http://www.dhs.gov/xlibrary/assets/nipp-ssp-dams-2010.pdf
U.S. Department of Homeland Security: Dams Sector (2015). http://www.dhs.gov/dams-sector
U.S. Department of Homeland Security: National infrastructure protection plan: dams sector, August 2015. https://www.dhs.gov/xlibrary/assets/nipp_snapshot_dams.pdf
U.S. Environmental Protection Agency: Cyber security 101 for water utilities, July 2012. https://nepis.epa.gov/Exe/ZyPURL.cgi?Dockey=P100KL4T.TXT
Zhu, B., Joseph, A., Sastry, S.: A taxonomy of cyber attacks on SCADA systems. In: Proceedings of the 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing, pp. 380–388 (2011)
Acknowledgments
The work described here was performed, in part, with funding from the Department of Homeland Security under contract HSHQDC-13-C-B0014, “Practical Metrics for Enterprise Security Engineering.” The authors would also like to thank Jenny Applequist for her editorial efforts.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Wright, R.J., Keefe, K., Feddersen, B., Sanders, W.H. (2017). A Case Study Assessing the Effects of Cyber Attacks on a River Zonal Dispatcher. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds) Critical Information Infrastructures Security. CRITIS 2016. Lecture Notes in Computer Science(), vol 10242. Springer, Cham. https://doi.org/10.1007/978-3-319-71368-7_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-71368-7_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71367-0
Online ISBN: 978-3-319-71368-7
eBook Packages: Computer ScienceComputer Science (R0)