Simulation of Possible Assault Vectors in an Attack ... - Science Direct
Recommend Documents
the experience gained in the master program of Project Management in ... of skills, we can identify the following four categories of modules in the courses on.
Erik de Vink, Marc Voorhoeve, and Hans Zantema for interesting discussions and reading preliminary versions of this paper. Their comments have been.
Rodi[2]. The final form of Reynolds stress is. _____. _____. _____. i j. i j s. i j b uu uu uu ... The Eq. (4) is one such model, a so called explicit algebraic scalar flux ...
re energy perfo he energy level aded to very lo. 9 increase to 97 luding paths in w of severe attack solution consid ocol, applied in d solution also e e the battery ...
Temperature margin and minimum ... Keywords: superconducting magnet; stability; temperature margin; minimum ..... [1] http://www.gsi.de/fair/reports/btr.html.
implemented in the database and scenarios of work were prepared, to check correctness ... the Virtual Reality it is necessary to ensure that all his actions will be directly transferred ... objects taking part in a simulation (e.g. physical model of
LI Huia, LIU De-Junb*, MA Zhong-huac, GAO Xin-shengd a,b,c,dCollege of Geophysics and Information Engineering, China University of Petroleum-Beijing, ...
The energy from the sun can be harnessed in the form of either heat, like solar thermal, or electricity like photovoltaic (PV) and is termed as clean energy.
laser shock can increase the compressive residual stresses. However, it is not effective ... below the surface than those from shot peening. LSP is well suited for ...
surface hardening treatment for austenitic stainless steel proposed By Lewis [1]. ..... D.B. Lewis, A. Leyland, P.R. Stevenson P R, J. Cawley, A. Matthew, ...
dynamic models of intratubular flow is a hyperbolic partial differential equation (PDE) .... simplified equation is to move initial data u(x, 0) to the right at constant speed a. ... information is propagating by using a backward space difference and
Hill's potential function can be expressed in terms of rectangular Cartesian stress ..... that Porter and Ralph[25] reported a high activation energy of 790 kJ/mol for ...
promoter in a manner as observed for the endogenous PHOS gene, whereas in the repressed state cut expression remained low. Using these vectors, it should ...
of epidemic methicillin-resistant Staphylococcus aureus. J Hosp Infect. 1990 ... to be the cause of premature dropsy and death among sifters and measurers of ...
Microbiology, Mansfield Road, Oxford, OX1 3SR, UK. ' Present .... Mills, 1975). 2.7. Plasmid .... and v72GUS DNA (lane 21, respectively, and, as expected, the ...
(undergraduate students) reported being sexually .... utilization of effective assault prevention strategies or university and with the actual nature of assault ...
and adapting the routing algorithm for both inter-cluster and intra-cluster traffic. c 2016 The Authors. Published by Elsevier B.V.. Peer-review under responsibility ...
Products are often not known by potential users, the benefits are not clear, installation ... user interaction approaches, effective data analytics tools and all of this ...
Polish TV stations included âcensorshipâ on their screens in. December 2016 to .... saw's voting rights in the Europ
Page 1 ... bFaculty of Engineering, King Mongkut¶s University of Technology Thonburi, ... Keywords: Direct Torque Contorl; Induction Motor Drives; Constant V/F technique. 1. ... mechanical and electrical angular rotor speed respectively. * s ... The
tively known as âscript kiddiesâ attempting random break-in attempts against them, using the same tools downloaded from the Internet. 1.3 The Tools for Battling ...
This paper will focus on the security threats posed to social networking sites and gain an understanding of these risks by using a security approach known as ...
Fake Digital Biometric . ..... Cryptography and Digital Signatures. .... method of spoofing iris scanners is to replay a high resolution digital image of the iris.
Simulation of Possible Assault Vectors in an Attack ... - Science Direct
which holds drinking water for a city, population 100 000. The water tank is considered ... motion detectors and connected to the Access Control System (ACS).
TRANSCOM 2017: International scientific conference on sustainable, modern and safe transport
Simulation of possible assault vectors in an attack using a real-life waterworks object as a use case Anton Šisera*, Tomáš Lovečekb , Ladislav Marišb a
Faculty of Security Engineering/Department of Security Management, University of Žilina, 010 01 Žilina, Slovakia b Faculty of Security Engineering/Department of Security Research, University of Žilina, 010 01 Žilina, Slovakia
1. Introduction This article is focused on the analysis of requirements for achieving the minimum security level of a water tank which holds drinking water for a city, population 100 000. The water tank is considered as an element of critical infrastructure (CI) according to sectoral and cross-sectoral criteria in accordance with the law on critical infrastructure [1]. Its breach or destruction would negatively impact on the quality of the population life and could damage the environment. The security specialist is therefore obligated to implement technologies to secure it; to introduce a security plan in which he will perform the risk assessment; to identify threats and consequences of a breach of any kind. The operator is also responsible for choosing the main security measures to protect the CI
*
Ing. Anton Šiser, Tel.: +421415136666, E-mail address: [email protected]
(http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer-review under responsibility of the scientific committee of TRANSCOM 2017: International scientific conference on sustainable, modern and safe transport
doi:10.1016/j.proeng.2017.06.137
795
Anton Šiser et al. / Procedia Engineering 192 (2017) 794 – 799
element; such as elements of passive barriers, security alarm systems, ICT security, organizational measures and professional training of the staff. 2. The minimum security level set up The Slovak legislation currently does not address what the minimum security level is set for waterworks objects; security of such objects is under the jurisdiction of the Ministry of Environment of the Slovak Republic. In 2014, a methodological guide (MG) [6] no. 29014/2014-1000-531901 on security measures to protect elements of critical infrastructure in the energy and industry sectors was released; protection of similar elements of the critical infrastructure in other sectors can be based on this regulation. It states that in cases of critical infrastructure elements, it is possible to define a controlled zone, secured zone, protected zone and a top protected zone. Based on the characteristics of the operation, the entire area of a water tank can be defined as a top protected zone. This status is shown on Figure 1a, a 1b.
Person entrance
Car entrance
Top protected zone
Car entrance
Fig. 1 a) Example of CI security zones according to methodological guidance b) Selected zone for the water tank
2.1. Passive barrier requirements Objects included in the top protected zone must be secured by hard fencing equipped with top-mounted protection against being climbed over or motion detectors. All entrance and driveways must be secured with a lock, motion detectors and connected to the Access Control System (ACS). The construction of the building itself must not in any way decrease the level of the building’s security. The doors must be of solid build with the option of using a security locking system or an electronic lock. 2.2. Requirements for the installed security alarm systems The camera surveillance system (CCTV) must allow to monitoring the perimeter and selected technical units for identification of all incoming persons. The surroundings of the fence must be adjusted in a way that allows the camera surveillance system to be used effectively alongside patrolling activities. It is equipped with a backup power unit and an external light source, comply with electromagnetic and weather-related requirements. The object must be equipped with motion detectors and magnetically sealed doors. These elements are connected to optical-acoustic signaling system and the continuously manned control station. Regulation as a methodological guidance does not set requirements for the level of security and therefore relevant technical norms are to be met. In case of Intruder and Hold-up Alarm Systems (IHAS), the EN 50131-1 norm considers the activity of the intruder which can prepare a detailed plan of breach, has a complete set of tools, including tools to replace parts of the IHAS. For the CCTV at
1
Based on the CIPnES project conclusions - Critical Infrastructure Protection in Energy, DG Home Affairs programme CIPS The Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks
796
Anton Šiser et al. / Procedia Engineering 192 (2017) 794 – 799
the 4th level of security, the type and importance of an object must be defined. The category includes all companies and areas with high attraction rate; activity of these companies significantly influences the values or confidential information. Based on MG, the water tank must have an ACS installed, which is specified by the EN 60839-11-1 norm in 4 categories based on the level of security. For level 4 security, the typology of objects directly mentions elements of critical infrastructure. This category also considers a intruder with extensive knowledge of the technology used and necessary financial resources at his disposal. In case of IAS, it is necessary and sufficient for individual elements of the system to be certified for the given security level by their producer, which guarantees the required functionality as well as threshold values of all parameters. Individual components of the CCTV and ACS systems must comply with the relevant norms. For example CCTV system must2 backup data, recording on disk arrays (such as RAID5), send error message to the user within 30 seconds, check the connection between elements of the system under 10 seconds and detect unauthorized access to the system. The classification of IHAS into levels influences the parameters of the elements and their location within the object. Based on methodological guide, there are requirements on passive barriers regarding to the perimeter and shell of the object. Technical norms do not cover all categories of the passive barrier elements; therefore, structures have to be designed to fulfill the minimum security requirements in relation to the functionality of the security alarm system3. Several requirements for minimum security of the water tank can be extrapolated from the aforementioned characteristics. The CCTV system must2 comply with the demands placed on the 4th security level focused on monitoring the perimeter and identification of entry points. The IHAS are also selected based on the requirements of the 4th security level. Their function is to detect perimeter breaches, movement and opening of doors and transmit this information to the local optical-acoustic signalization. In case of ACS4 systems, same level of security applies. The main task of the ACS is control to passing through entrance passive barriers. All installed security alarm systems must be equipped with backup power units, IP code protection or an antivandal structure while being connected to a centralized security system monitored at all times. The integrated security alarm system must comply with all requirements. 5 Perimeter protection must be formed by a solid fence with top-mounted barriers and a lockable gate. Regarding the security of the building’s shell, the object must be secured by solid doors equipped with security locking mechanism and an electronic lock. Apart from technical solutions, the security system also must implement organizational measures and guards security measures. 3. Location of protection system elements After establishing the minimum security level which defines which security measures are to be implemented, what functionality and threshold parameters they have, it is necessary to decide on the location of individual systems and their elements. In some cases, the location of protective elements is determined by the requirements for the minimum security. In case of elements pertaining to critical infrastructure, it is necessary to use the technical system norm for the IHAS in our case those that pertain to the level 4 category. Based on this recommendation, all peripheral doors, windows and other shell-related to passive barriers should be secured by active elements allowing for signalization if unjustifiably opened or breached. Structures such as walls, ceilings, roofs and floors must be equipped with security elements able to detect a breach. The building’s equipment itself must then be secured with elements of areal and object protection. A location of security cameras of the CCTV system is determined by the requirements for their ability to identify persons and monitor an area. CCTV system must monitor the entire perimeter of the object including selected technological units and must allow for identification of person or vehicles at entry points and driveways. When placing security cameras, it is helpful to use one of the software tools which can visualize the coverage of an area on a 2D map and differentiate between their individual abilities and functions (e.g. monitoring, detection, identification) (Fig. 2a).
2
EN 3131-1 Alarm systems. Intrusion systems. Part 1: System requirements The measures efficiency coefficient must be greater than 1 4 In case of ACS the requirements of the MG (item v)) are in conflict with the requirements of the ACS norm of the 4 th level of security (combination of PIN number with identification or biometrics), 5 P CLC/TS 50398 Alarm systems. Combined and integrated alarm systems. General requirements 3
Anton Šiser et al. / Procedia Engineering 192 (2017) 794 – 799
Fig. 2 a) Placement of cameras used for identification b) Shot from a camera at the entrance to the water tank building which fulfils the requirement for identification of persons or a vehicles licence plate number
This can be achieved by placing the camera at a selected specific spot within a given area and then setting up its parameters afterwards (such as resolution and size of the CCD chip, focal length, angle of the camera, etc.) so that it covers the required area and fulfills its required function at the same time. For example, for identification purposes, the parameters of the optical scanner and camera’s lens must be set to comply with the minimum requirement for the captured scene of 4 mm per pixel6. (figure 2b) Another approach is to select a specific product on the market with a predetermined set of parameters and is placed so that it covers the required monitored area and fulfill the required function. In case of an ACS, the location of individual protective elements is determined by the requirements for minimal protection level. A system that is effectively designed must allow controlled and regulated movement of authorized persons from/into the object. The passive barriers location is determined by structural arrangement of the object itself (e.g. object’s perimeter, structure, rooms, passive barriers such as windows and doors), but passive resistance must be designed so that it fulfills the requirements for minimal security level in relation to the overall functionality of the system. 4. Modeling and simulation of minimum security level in relation to the system functionality Per Council Decision on identifying and selecting European critical infrastructures and the need to improve their protection, it is necessary to take into account relevant threat scenarios in order to assess weak points (vulnerabilities) and potential influence of a breach or destruction of critical infrastructure [3]. According to the law regarding to critical infrastructure, the security specialist shall prepare a security plan including risk of threat, breach or destruction assessment for each part of the element, their weak points, presumed consequences of their breach or destruction on the functionality, integrity and continuity of the element’s function. [1] Neither European nor national legally binding regulations specify the process of assessing or evaluating the risk of breach or destruction of individual elements of the critical infrastructure. A functioning security system fulfills the basic condition that from the moment of detection, the time of an attack, including the overall time of breaching all passive elements of protection and transition of the intruder is greater than the reaction time of the response unit. The risk in this case is the probability of a threat of the water tank breach, consequence of which would be the poisoning of a high number of people or a long-term lack of access to clean water for a large number of people. Scenario 1 is based on the presence of an external intruder using freely available tools to breach the passive barriers. The tactics of the intruder’s approach is in penetration from the outer perimeter towards the chlorine room by breaching the passive barriers of the structure. After reaching his target, the intruder contaminates the water with chemical substance. In such case, we expect the response unit’s reaction time to be 8 minutes from when the intruder is first detected. In scenario 2, the intruder has at his disposal tools freely available for breaching the passive barriers; using a parachute glider, he lands in the vicinity of chamber no.1. By breaching standard passive barriers, intruder reaches the chlorine room, where, similarly to scenario 1, he contaminates the water with chemical substance. The reaction time of a response team is 8 minutes from the point where the intruder is detected at first. To evaluate the minimum security level of a water tank in relation to the functionality of the proposed security
6
EN 50132- Alarm systems. CCTV surveillance systems for use in security applications. Part 7: Application guidelines
797
798
Anton Šiser et al. / Procedia Engineering 192 (2017) 794 – 799
system, it is helpful to use one of the tools for quantitative evaluation of the security system’s level. These tools are based on the access delay of the passive barriers, detection probability of the IHAS and reaction times of the response unit. One of the possible tools for such analysis is the SATANO software (Security Assessment of Terrorist Attack in a Network of Objects); it allows projecting various scenarios onto a 2D map and using simulations. It also evaluates the functionality of a given system and uncovers potential weak points of the security system. Figures 3, 4, 5, and 6 show the evaluations of the level of the water tank’s protection in scenarios 1 and 2. Figure 3 shows that in case of scenario 1, the proposed security system succeeds in its function (measures efficiency coefficient is 1.034) while in case of scenario 2, the system has to be modified to achieve the “measures efficiency coefficient” value equal to 1 or greater (0.785 currently). The critical path of the intruder is traced, using the SATANO software, and shown on Figures 4 and 5. Figure 6 shows the timeline of the intruder’s progress in scenarios 1 and 2 where the blue part represents time before the intruder is detected, red represents time after first detection and green represents time after the object being protected is secured by guards. Information systems can be a powerful tool that can support decision making process [7] in all areas.
Scenario 1
Scenario 2
SWAT: 480 s
SWAT: 480 s
Fig. 3 Evaluation of scenarios 1 and 2 using quantitative output parameters
Fig. 4 Graphical representation of intruder’s path in scenario 1
Fig. 5 Graphical representation of intruder’s path in scenario 2
Anton Šiser et al. / Procedia Engineering 192 (2017) 794 – 799
Fig. 6 Intruder’s timeline in scenarios 1 and 2 (blue – pre-detection time, red – post-detection time, green – time reserve of the response unit)
5. Parameter proposal, technical solution, and operational conditions of a security system The proposal of technical solution (e.g. wire or wireless, analogue or digital, PIR, MW or ODS), parameters (e.g. resolution, radius) and operational conditions (e.g. indoor or outdoor) of the security system elements must be based on the minimum security level, the purpose of the individual security measures or location of the security measures. After establishing parameters, technical solutions and operational conditions, it’s possible to find specific producers or vendors on the market which offer a product that fulfils all our defined conditions. In case such a product does not exist on the market or is not economically available, it is necessary to create these conditions by combining several products or placing the security measures in a way that does not change the minimum security level or the purpose of the security measures. 6. Conclusion The article presents a “use case” of protecting a selected water tank which is defined as an element of critical infrastructure. The designed security system – a purposeful way of arranging security measures - will prevent an unauthorised person, acting deliberately, to achieve their goal, which may mean theft, damage or destruction of the protected asset. It is necessary to realize that the designed security system, consisting of security alarm systems, mechanical barriers and physical protection is effective only in relation to a certain type of possible scenarios of an attack, which are categorized as deliberate anthropogenic threats. In case of other types of attacks occur or there is a combination of threats, such as cybernetic attacks, attacks using social engineering or attacks using unconventional means and tools, it is necessary to prepare and apply a different type and character of security measures. Acknowledgements This work was funded by the institutional grant project number 201601 – Verification of evaluation models of security systems using scenarios on real object with software support. References [1] Act number 45/2011, Critical Infrastructure protection, Slovak Republic, Available at: http://www.zakonypreludi.sk/zz/2011-45 [2] Concept of critical infrastructure in Slovak republic and possibilties of protection, Accessed on 7 June 2008, Available at: http://www.economy.gov.sk/pk/2130-2006- 1000/ma. W. Strunk Jr., E.B. White, The Elements of Style, third ed., Macmillan, New York, 1979. [3] Council Decision 2008/114/EC, Euratom, Council decision of 12 February 2008, as part of establishing Statutes for the Euratom Supply Agency, Available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:041:0015:0020 :EN:PDF [4] Green paper on a european programme for critical infrastructure protection, Accessed on 8 June 2008, Available at: http://eurlex.europa.eu/LexUriServ/site/en/com/2005/com2005_0576en01. pdf. [5] Holla, K., et al. (2016): Results of survey among SEVESO establishments in the Slovak Republic, In: J. Chem. Health Safety (2016): Vol. 23 : Iss. 2, p. 9-17, ISSN: 1871-5532. [6] Methodological guide no. 29014/2014-1000-53190G.R., Concept of critical infrastructure protection in the sector of energy and industry, Ministry of Economy, Slovak republic, Available at: http://www.privatiz.gov.sk/metodicke-usmernenie-c-29014-2014-1000-53190-mh-sr-obezpecnostnych-opatreniach-na-ochranu-prvkov-ki-v-sektoroch-energetika-a-priemysel-z-10122014--pdf-/146966s. [7] Ristvej, J. – Zagorecki, A. (2011) : Information Systems for Crisis Management - Current applications and future directions, Communications – Scientific Letters of the University of Žilina, Vol. 13, Iss. 2, 2011, p. 59-63, ISSN: 1335-4205.
