research-article

Evaluating Resilience of Gas Pipeline Systems Under Cyber-Physical Attacks: A Function-Based Methodology

Authors:

Yatin Wadhawan,

Clifford NeumanAuthors Info & Claims

CPS-SPC '16: Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy

Pages 71 - 80

https://doi.org/10.1145/2994487.2994488

Published: 28 October 2016 Publication History

Abstract

In this research paper, we present a function-based methodology to evaluate the resilience of gas pipeline systems under two different cyber-physical attack scenarios. The first attack scenario is the pressure integrity attack on the natural gas high-pressure transmission pipeline. Through simulations, we have analyzed the cyber attacks that propagate from cyber to the gas pipeline physical domain, the time before which the SCADA system should respond to such attacks, and finally, an attack which prevents the response of the system. We have used the combined results of simulations of a wireless mesh network for remote terminal units and of a gas pipeline simulation to measure the shortest Time to Criticality (TTC) parameter; the time for an event to reach the failure state. The second attack scenario describes how a failure of a cyber node controlling power grid functionality propagates from cyber to power to gas pipeline systems. We formulate this problem using a graph-theoretic approach and quantify the resilience of the networks by percentage of connected nodes and the length of the shortest path between them. The results show that parameters such as TTC, power distribution capacity of the power grid nodes and percentage of the type of cyber nodes compromised, regulate the efficiency and resilience of the power and gas networks. The analysis of such attack scenarios helps the gas pipeline system administrators design attack remediation algorithms and improve the response of the system to an attack.

References

[1]

Hasan, A.: Security of Cross-Country Oil and Gas Pipelines: A Risk-Based Model. Journal of Pipeline Systems Engineering and Practice, 04016006. (2016)

[2]

Jian Zhang, Li Yang, and Haode Liao.: A Security Architecture Model of Oil and Gas SCADA Network Based on Multi-Agent. International Journal of Security and Its Applications, Vol. 10, No. 1, pp.449--46. (2016)

[3]

Wu, B., Tang, A., and Wu, J.: Modeling cascading failures in interdependent infrastructures under terrorist attacks. Reliability Engineering & System Safety, 147, 1--8. (2016)

[4]

Wadhawan, Y., and Neuman, C.: Evaluating Resilience of Oil and Gas Cyber Physical Systems: A Roadmap. Annual Computer Security Application Conference (ACSAC) Industrial Control System Security (ICSS) Workshop. (2015)

[5]

AlMajali, A., Rice, E., Viswanathan, A., Tan, K., and Neuman, C.: A systems approach to analyzing cyber-physical threats in the Smart Grid. In Smart Grid Communications (SmartGridComm), IEEE International Conference on pp. 456--46 (2013)

[6]

Radio Propagation Model used in Ns-2 http://kom.aau.dk/group/05gr1120/ref/Channel.pdf

[7]

How Hackers take down a Natural gas pipeline. (2009) http://www.popularmechanics.com/military/a12303/4307528/

[8]

Pipeline Control Valves, Southern California Gas Company. https://www.socalgas.com/documents/news-room/fact-sheets/PipelineValves.pdf

[9]

Zhu, Q., Rieger, C., and Başar, T.: A hierarchical security architecture for cyber-physical systems. (ISRCS), 4th IEEE International Symposium on In Resilient Control Systems (pp. 15--20). (2011)

[10]

Rinaldi, S., Peerenboom, J. & Kelly, T.: Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Systems Magazine, 21(6): 11--25. (2001).

[11]

Neuman, C., and Tan, K.: Mediating cyber and physical threat propagation in secure smart grid architectures. In Smart Grid Communications (SmartGridComm), IEEE International Conference on (pp. 238--243). (2011)

[12]

Yan, Y., Qian, Y., Sharif, H., & Tipper, D.: A survey on cyber security for smart grid communications. Communications Surveys & Tutorials, IEEE,14(4), 998--1010. (2012).

[13]

J. Stamp, A. McIntyre and B. Ricardson.: Reliability Impacts from Cyber attack on Electric Power Systems. Power Systems Conference and Exposition. IEEE/PES. (2009)

[14]

Huang, Y. L., Cárdenas, A. A., Amin, S., Lin, Z. S., Tsai, H. Y., & Sastry, S.: Understanding the physical and economic consequences of attacks on control systems. International Journal of Critical Infrastructure Protection, 2(3), 73--83. (2009

[15]

Laprie, J. C., Kanoun, K., and Kaâniche, M.: Modelling interdependencies between the electricity and information infrastructures. In Computer Safety, Reliability, and Security, pp. 54--67. Springer Berlin Heidelberg. (2007)

Digital Library

[16]

Masera, M., & Fovino, I. N.: A service-oriented approach for assessing infrastructure security. In Critical Infrastructure Protection (pp. 367--379). Springer 2007, US.

[17]

Communications Module for Electricity Meters. (2013) http://www.silverspringnet.com/pdfs/SilverSpring-Datasheet-Communications-Modules.pdf

[18]

Tripwire Study: Cyber Attackers Successfully Targeting Oil and Gas Industry, (2016) http://www.tripwire.com/company/news/press-release/tripwire-study-cyber-attackers-successfully-targeting-oil-and-gas-industry/

[19]

Lan, Q., Zou, Y., & Feng, C.: Cascading Failure of Power Grid Under Three Attack Strategies. Chinese Journal of Computational Physics, 29(6), 943--948 (2012)

[20]

Latora, V. & Marchiori, M.: Efficient behavior of small-world networks. Physical Review Letters, 87(19): 198701. (2001).

[21]

Here's how the Porter Ranch gas leak could lead to power outages. (2015) http://www.scpr.org/news/2016/03/24/58622/here-s-how-the-porter-ranch-gas-leak-could-lead-to/

[22]

Pipeline Pressure Limits. http://www.hse.gov.uk/pipelines/resources/pipelinepressure.htm

[23]

Report: Oil and Gas cyber security risks continue in 2015. http://www.rigzone.com/news/oil_gas/a/136434/Report_Oil_Gas_Cybersecurity_Risks_to_Continue_in_2015

[24]

Analysis of the Cyber Attack on the Ukrainian Power Grid, March 2016. http://www.nerc.com/pa/CI/ESISAC/Documents/E- ISAC_SANS_Ukraine_DUC_18Mar2016.pdf

[25]

Jawhar, I., Mohamed, N. and Shuaib, K. A framework for pipeline infrastructure monitoring using wireless sensor networks. In Wireless Telecommunications Symposium, (2007). WTS 2007 (pp. 1--7). IEEE.

Cited By

Pengili MRaszewski S(2024)Transnational Cyber Governance for Risk Management in the Gas Sector: Exploring the Potential of G7 CooperationGases10.3390/gases40400194:4(327-350)Online publication date: 23-Oct-2024
https://doi.org/10.3390/gases4040019
Huang MLi TLi BZhang NHuang H(2023)Fast Attack Detection Method for Imbalanced Data in Industrial Cyber-Physical SystemsJournal of Artificial Intelligence and Soft Computing Research10.2478/jaiscr-2023-001713:4(229-245)Online publication date: 30-Oct-2023
https://doi.org/10.2478/jaiscr-2023-0017
Song LLin DLiu Y(2023)A mechanism to detect load redistribution attacks in interdependent gas and power systems based on deep learningMultiscale and Multidisciplinary Modeling, Experiments and Design10.1007/s41939-023-00251-z7:2(947-960)Online publication date: 14-Oct-2023
https://doi.org/10.1007/s41939-023-00251-z
Show More Cited By

Index Terms

Evaluating Resilience of Gas Pipeline Systems Under Cyber-Physical Attacks: A Function-Based Methodology
1. Security and privacy
  1. Systems security

Recommendations

Defending Cyber-Physical Attacks on Oil Pipeline Systems: A Game-Theoretic Approach
PrAISe '16: Proceedings of the 1st International Workshop on AI for Privacy and Security

The security of critical infrastructures such as oil and gas cyber-physical systems is a significant concern in today's world where malicious activities are frequent like never before. On one side we have cyber criminals who compromise cyber ...
Resilience of Process Control Systems to Cyber-Physical Attacks
NordSec 2013: Proceedings of the 18th Nordic Conference on Secure IT Systems - Volume 8208

In this work we investigate the matter of "secure control" --- a novel research direction capturing security objectives specific to Industrial Control Systems ICS. We provide an empirical analysis of the well known Tennessee Eastman process control ...
Cyber In-security of Industrial Control Systems: A Societal Challenge
SAFECOMP 2015: Proceedings of the 34th International Conference on Computer Safety, Reliability, and Security - Volume 9337

Our society and its citizens increasingly depend on the undisturbed functioning of critical infrastructures CI, their products and services. Many of the CI services as well as other organizations use Industrial Control Systems ICS to monitor and control ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CPS-SPC '16: Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy

October 2016

144 pages

ISBN:9781450345682

DOI:10.1145/2994487

Conference Chairs:
Mathias Payer
Purdue University, USA
,
Stefan Mangard
IAIK TU Graz, Austria
,
General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
Technische Universität Darmstadt, Germany
,
Program Chairs:
Alvaro Cárdenas
UT Dallas, USA
,
Rakesh B. Bobba
Oregon State University, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Northrop Grumman Information Systems

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 28, 2016

Vienna, Austria

Acceptance Rates

CPS-SPC '16 Paper Acceptance Rate 12 of 26 submissions, 46%;

Overall Acceptance Rate 53 of 66 submissions, 80%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
414
Total Downloads

Downloads (Last 12 months)22
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pengili MRaszewski S(2024)Transnational Cyber Governance for Risk Management in the Gas Sector: Exploring the Potential of G7 CooperationGases10.3390/gases40400194:4(327-350)Online publication date: 23-Oct-2024
https://doi.org/10.3390/gases4040019
Huang MLi TLi BZhang NHuang H(2023)Fast Attack Detection Method for Imbalanced Data in Industrial Cyber-Physical SystemsJournal of Artificial Intelligence and Soft Computing Research10.2478/jaiscr-2023-001713:4(229-245)Online publication date: 30-Oct-2023
https://doi.org/10.2478/jaiscr-2023-0017
Song LLin DLiu Y(2023)A mechanism to detect load redistribution attacks in interdependent gas and power systems based on deep learningMultiscale and Multidisciplinary Modeling, Experiments and Design10.1007/s41939-023-00251-z7:2(947-960)Online publication date: 14-Oct-2023
https://doi.org/10.1007/s41939-023-00251-z
Xu BZhang MLiu ZZhan XLiu HZhou S(2021)A Method for Modeling and Evaluation of The Security of IES2021 IEEE Sustainable Power and Energy Conference (iSPEC)10.1109/iSPEC53008.2021.9735834(1003-1011)Online publication date: 23-Dec-2021
https://doi.org/10.1109/iSPEC53008.2021.9735834
Marino AZio E(2021)A framework for the resilience analysis of complex natural gas pipeline networks from a cyber-physical system perspectiveComputers & Industrial Engineering10.1016/j.cie.2021.107727162(107727)Online publication date: Dec-2021
https://doi.org/10.1016/j.cie.2021.107727
Colabianchi SCostantino FDi Gravio GNonino FPatriarca R(2021)Discussing resilience in the context of cyber physical systemsComputers & Industrial Engineering10.1016/j.cie.2021.107534160(107534)Online publication date: Oct-2021
https://doi.org/10.1016/j.cie.2021.107534
Wang ZZhao BBlum R(2021)An Overview of Cybersecurity for Natural Gas Networks: Attacks, Attack Assessment, and Attack DetectionSecurity in Cyber-Physical Systems10.1007/978-3-030-67361-1_9(255-285)Online publication date: 6-Mar-2021
https://doi.org/10.1007/978-3-030-67361-1_9
Fan JTong X(2021) Tri‐level defense strategy for electricity‐gas integrated systems against load redistribution attacks International Transactions on Electrical Energy Systems10.1002/2050-7038.13062Online publication date: 22-Aug-2021
https://doi.org/10.1002/2050-7038.13062
Wadhawan YNeuman CAlMajali A(2020)IGNORE: A Policy Server to Prevent Cyber-Attacks from Propagating to the Physical DomainApplied Sciences10.3390/app1018623610:18(6236)Online publication date: 8-Sep-2020
https://doi.org/10.3390/app10186236
Dell’Isola MFicco GLavalle LMoretti LTofani AZuena F(2020)A resilience assessment simulation tool for distribution gas networksJournal of Natural Gas Science and Engineering10.1016/j.jngse.2020.103680(103680)Online publication date: Oct-2020
https://doi.org/10.1016/j.jngse.2020.103680
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten