Research On Key Technologies For Dynamic Cybersecurity Protection Of Industrial Critical Infrastructures

Industrial critical infrastructures(ICIs)are the foundation of national security,economy development and public safety,which include urban water system,petroleum transportation,power transmission and so on.Nowadays,the widely adoption of information and communication technologies(ICT)improves the ICIs operation efficiency,but also makes ICIs being more vulnerable to cyber threats.Once cyberattacks are initiated on ICIs,they not only can cause safety incidents and production incidents,which might injure the people and pollute the environment,but also can disturb the demand-supply balance of the product or services in ICIs network that has serious impact on social stability and market economy.Therefore,the cybersecurity protection is proposed to keep system running efficiently and safety,which has great theoretical meaning and realistic meaning.In this dissertation,with investigation of the system structure characteristics,operation features,environment properties and protection demands,a hierarchical modeling,closed-loop controlling cybersecurity protection approach for ICIs is proposed,which can prevent the cyberattacks propagation,and mitigate the negative impact of cyberattacks.Specific research contents and the results obtained are as follows.Currently,the popular risk assessment focus on cyberattacks propagation in cyber-space,and seldom analyze the production reduction and safety incidents which are caused by cyberattacks.Accordingly,this paper proposed an extended multi-level flow model(EMFM)based dynamic risk assessment approach for stations.In this approach,tradition multi-level flow model(MFM)is extended by redefining the functions and flows in a quantitative way,which can model the material flowing and safety incident triggering mechanism in production process graphically.On the basis,a Bayesian network is built to analyze the cyberattacks propagation over time,which is used to infer the probabilities of cyberattacks strategies.Besides,the consequences of cyberattacks in production process are assessed based on the EMFM model quantitatively.Therefore,the cyber risk of cyberattacks are obtained by the probabilities and consequences of cyberattacks strategies.The difficulty of impact assessment for ICIs is how to analyze the cyberattacks propagation in stations and the incidents spreading through physical network simultaneously.To tackle this problem,a Hierarchical Flow-Model(HFM)based impact assessment approach for ICIs is presented.In this approach,a novel modeling method named HFM is proposed to abstract the operation process of a station into a combination of control flow and material flow from device-function perspective,which can assess the cyberattacks impact on station quantitatively.In addition,the cyber dependence and the physical dependence in ICIs are analyzed and described by using the HFM model of station and the hierarchical graph of physical network,which helps to analyze the incidents spreading process in a graphical way.On the basis,the negative impact on ICIs caused by cyberattacks propagation and incident spreading can be assessed quantitatively.Traditional response strategy making approaches not only need to focus on the cyberattack propagation through multi-layers in ICIs,but also need to consider the cooperative work between station strategy maker and system strategy maker.To tackle this problem,a hierarchical colored petri net(HCPN)based cyberattacks response strategy making approach for ICIs is presented.In this approach,the relationships among cyberattacks,security measures,devices,functions and station capacity are analyzed and described by the colored petri net in a hierarchical way,which provides an accurate description for cyberattack propagation through multi-layers.Besides,the candidate security strategies for stations and the candidate scheduling strategies for system are made based on the assets values and the stations congestions respectively,the interaction of above two strategies can help response makers to generate the optimal security control strategy for ICIs.At last,a summary of this thesis is presented,and the future work is also discussed.