Situational Awareness and Security - Part 1

 

 
SoS Newsletter Logo

Situational Awareness & Security

Part 1

 

Situational awareness is an important human factor for cyber security. The works cited here cover specific problems.  In April 2014, IEEE published a Special Issue on Signal Processing for Situational Awareness from Networked Sensors and Social Media.  That material is available at: http://ieeexplore.ieee.org/xpl/tocresult.jsp?isnumber=6757015&punumber=78    The publications cited here are from other sources.  

 

Voigt, S.; Schoepfer, E.; Fourie, C.; Mager, A., "Towards Semi-Automated Satellite Mapping For Humanitarian Situational Awareness," Global Humanitarian Technology Conference (GHTC), 2014 IEEE, pp.412,416, 10-13 Oct. 2014. doi: 10.1109/GHTC.2014.6970315 Very high resolution satellite imagery used to be a rare commodity, with infrequent satellite pass-over times over a specific area-of-interest obviating many useful applications. Today, more and more such satellite systems are available, with visual analysis and interpretation of imagery still important to derive relevant features and changes from satellite data. In order to allow efficient, robust and routine image analysis for humanitarian purposes, semi-automated feature extraction is of increasing importance for operational emergency mapping tasks. In the frame of the European Earth Observation program COPERNICUS and related research activities under the European Union's Seventh Framework Program, substantial scientific developments and mapping services are dedicated to satellite based humanitarian mapping and monitoring. In this paper, recent results in methodological research and development of routine services in satellite mapping for humanitarian situational awareness are reviewed and discussed. Ethical aspects of sensitivity and security of humanitarian mapping are deliberated. Furthermore methods for monitoring and analysis of refugee/internally displaced persons camps in humanitarian settings are assessed. Advantages and limitations of object-based image analysis, sample supervised segmentation and feature extraction are presented and discussed.

Keywords: feature extraction; geophysical techniques; image segmentation; satellite communication; COPERNICUS; European Earth observation program; European Union seventh framework program; displaced persons camps; humanitarian mapping; humanitarian settings; humanitarian situational awareness; mapping services; object-based image analysis; operational emergency mapping tasks; refugee camps; routine image analysis; satellite data; satellite imagery; satellite pass-over times; satellite systems; semiautomated feature extraction; semiautomated satellite mapping; supervised segmentation; visual analysis; Image analysis; Image segmentation; Monitoring; Optical imaging; Robustness; Satellites; Visualization; humanitarian situational awareness; monitoring; satellite mapping  (ID#: 15-3808)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6970315&isnumber=6970242

 

Del Rosso, A.; Liang Min; Chaoyang Jing, "High Performance Computation Tools For Real-Time Security Assessment," PES General Meeting | Conference & Exposition, 2014 IEEE, pp. 1, 1, 27-31 July 2014. doi: 10.1109/PESGM.2014.6939091 This paper presents an overview of the research project “High-Performance Hybrid Simulation/Measurement-Based Tools for Proactive Operator Decision-Support”, performed under the auspices of the U.S. Department of Energy grant DE-OE0000628. The objective of this project is to develop software tools to provide enhanced real-time situational awareness to support the decision making and system control actions of transmission operators. The integrated tool will combine high-performance dynamic simulation with synchrophasor measurement data to assess in real time system dynamic performance and operation security risk. The project includes: (i) The development of high-performance dynamic simulation software; (ii) the development of new computationally effective measurement-based tools to estimate operating margins of a power system in real time using measurement data from synchrophasors and SCADA; (iii) the development a hybrid framework integrating measurement-based and simulation-based approaches, and (iv) the use of cutting-edge visualization technology to display various system quantities and to visually process the results of the hybrid measurement-base/simulation-based security-assessment tool. Parallelization and high performance computing are utilized to enable ultrafast transient stability analysis that can be used in a real-time environment to quickly perform “what-if” simulations involving system dynamics phenomena. EPRI's Extended Transient Midterm Simulation Program (ETMSP) is modified and enhanced for this work. The contingency analysis is scaled for large-scale contingency analysis using MPI-based parallelization. Simulations of thousands of contingencies on a high performance computing machine are performed, and results show that parallelization over contingencies with MPI provides good scalability and computational gains. Different ways to reduce the I/O bottleneck have been also exprored. Thread-parallelization of the spa- se linear solve is explored also through use of the SuperLU_MT library. Based on performance profiling results for the implicit method, the majority of CPU time is spent on the integration steps. Hence, in order to further improve the ETMSP performance, a variable time step control scheme for the original trapezoidal integration method has been developed and implemented. The Adams-Bashforth-Moulton predictor-corrector method was introduced and designed for ETMSP. Test results show superior performance with this method.

Keywords: SCADA systems; computer software; data visualisation; decision making; integration; phasor measurement; power engineering computing; power system security; power system transient stability; power transmission control; predictor-corrector methods; Adams-Bashforth-Moulton predictor-corrector method; CPU time; DE-OE0000628;EPRI; ETMSP performance; MPI-based parallelization; SCADA; SuperLU_MT library; U.S. Department of Energy grant; computation tools; computing machine; contingency analysis; decision making; dynamic simulation software; extended transient midterm simulation program; hybrid measurement-based-simulation-based security-assessment tool; hybrid simulation-measurement-based tools; operation security risk; power system; proactive operator decision-support; security assessment; software tools; sparse linear solver; synchrophasor measurement data; system control actions; thread-parallelization transient stability analysis ;transmission operators; trapezoidal integration method; variable time step control scheme; visualization technology; Computational modeling; Hybrid power systems; Power measurement; Power system dynamics; Real-time systems; Software measurement; Time measurement  (ID#: 15-3809)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6939091&isnumber=6938773

 

Bhandari, P.; Gujral, M.S., "Ontology Based Approach For Perception Of Network Security State," Engineering and Computational Sciences (RAECS), 2014 Recent Advances in, pp.1,6, 6-8 March 2014. doi: 10.1109/RAECS.2014.6799584 This paper presents an ontological approach to perceive the current security status of the network. Computer network is a dynamic entity whose state changes with the introduction of new services, installation of new network operating system, and addition of new hardware components, creation of new user roles and by attacks from various actors instigated by aggressors. Various security mechanisms employed in the network does not give the complete picture of security of complete network. In this paper we have proposed taxonomy and ontology which may be used to infer impact of various events happening in the network on security status of the network. Vulnerability, Network and Attack are the main taxonomy classes in the ontology. Vulnerability class describes various types of vulnerabilities in the network which may in hardware components like storage devices, computing devices or networks devices. Attack class has many subclasses like Actor class which is entity executing the attack, Goal class describes goal of the attack, Attack mechanism class defines attack methodology, Scope class describes size and utility of the target, Automation level describes the automation level of the attack Evaluation of security status of the network is required for network security situational awareness. Network class has network operating system, users, roles, hardware components and services as its subclasses. Based on this taxonomy ontology has been developed to perceive network security status. Finally a framework, which uses this ontology as knowledgebase has been proposed.

Keywords: computer network security; network operating systems; ontologies (artificial intelligence);computer network security; network operating system; ontology; taxonomy classes; Automation; Computer networks; Hardware; Manuals; Ontologies; Security; Taxonomy; Network Security Status; Network Situational awareness; Ontology; Taxonomy  (ID#: 15-3810)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6799584&isnumber=6799496

 

Refaei, M.T.; Bush, J., "Secure Reliable Group Communication for Tactical Networks," Military Communications Conference (MILCOM), 2014 IEEE, pp. 1195, 1200, 6-8 Oct. 2014. doi: 10.1109/MILCOM.2014.200 Tactical communication networks lack infrastructure and are highly dynamic, resource-constrained, and commonly targeted by adversaries. Designing efficient and secure applications for this environment is extremely challenging. An increasing reliance on group-oriented, tactical applications such as chat, situational awareness, and real-time video has generated renewed interest in IP multicast delivery. However, a lack of developer tools, software libraries, and standard paradigms to achieve secure and reliable multicast impedes the potential of group-oriented communication and often leads to inefficient communication models. In this paper, we propose an architecture for secure and reliable group-oriented communication. The architecture utilizes NSA Suite B cryptography and may be appropriate for handling sensitive and DoD classified data up to SECRET. Our proposed architecture is unique in that it requires no infrastructure, follows NSA CSfC guidance for layered security, and leverages NORM for multicast data reliability. We introduce each component of the architecture and describe a Linux-based software prototype.

Keywords: computer network reliability; computer network security; cryptography; military communication; military computing; NSA Suite B cryptography; SECRET; group oriented communication; reliable group communication; secure group communication; tactical communication; tactical networks; Authentication; Computer architecture; Encryption; Protocols; Reliability; multicast; norm; suite-b  (ID#: 15-3811)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6956920&isnumber=6956719

 

Amin, S.; Clark, T.; Offutt, R.; Serenko, K., "Design of a Cyber Security Framework for ADS-B Based Surveillance Systems," Systems and Information Engineering Design Symposium (SIEDS), 2014, pp. 304, 309, 25-25 April 2014. doi: 10.1109/SIEDS.2014.6829910 The need for increased surveillance due to increase in flight volume in remote or oceanic regions outside the range of traditional radar coverage has been fulfilled by the advent of space-based Automatic Dependent Surveillance - Broadcast (ADS-B) Surveillance systems. ADS-B systems have the capability of providing air traffic controllers with highly accurate real-time flight data. ADS-B is dependent on digital communications between aircraft and ground stations of the air route traffic control center (ARTCC); however these communications are not secured. Anyone with the appropriate capabilities and equipment can interrogate the signal and transmit their own false data; this is known as spoofing. The possibility of this type of attacks decreases the situational awareness of United States airspace. The purpose of this project is to design a secure transmission framework that prevents ADS-B signals from being spoofed. Three alternative methods of securing ADS-B signals are evaluated: hashing, symmetric encryption, and asymmetric encryption. Security strength of the design alternatives is determined from research. Feasibility criteria are determined by comparative analysis of alternatives. Economic implications and possible collision risk is determined from simulations that model the United State airspace over the Gulf of Mexico and part of the airspace under attack respectively. The ultimate goal of the project is to show that if ADS-B signals can be secured, the situational awareness can improve and the ARTCC can use information from this surveillance system to decrease the separation between aircraft and ultimately maximize the use of the United States airspace.

Keywords: aircraft; cryptography; digital communication; radar; security of data; surveillance; ADS-B based surveillance systems; ADS-B signals; ADS-B surveillance systems; ARTCC; United State airspace; United States airspace; air route traffic control center; air traffic controllers; aircraft; asymmetric encryption; collision risk; cyber security framework design; digital communications; economic implications; ground stations; hashing; radar coverage; real-time flight data; secure transmission framework design; space-based automatic dependent surveillance-broadcast; Air traffic control; Aircraft; Atmospheric modeling; Encryption; FAA; Radar;  Surveillance  (ID#: 15-3812)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6829910&isnumber=6829868

 

Kotenko, I.; Novikova, E., "Visualization of Security Metrics for Cyber Situation Awareness," Availability, Reliability and Security (ARES), 2014 Ninth International Conference on, pp.506,513, 8-12 Sept. 2014. doi: 10.1109/ARES.2014.75 One of the important direction of research in situational awareness is implementation of visual analytics techniques which can be efficiently applied when working with big security data in critical operational domains. The paper considers a visual analytics technique for displaying a set of security metrics used to assess overall network security status and evaluate the efficiency of protection mechanisms. The technique can assist in solving such security tasks which are important for security information and event management (SIEM) systems. The approach suggested is suitable for displaying security metrics of large networks and support historical analysis of the data. To demonstrate and evaluate the usefulness of the proposed technique we implemented a use case corresponding to the Olympic Games scenario.

Keywords: Big Data; computer network security; data analysis; data visualisation; Olympic Games scenario; SIEM systems; big data security; cyber situation awareness; network security status; security information and event management systems; security metric visualization; visual analytics technique;Abstracts;Availability;Layout;Measurement;Security;Visualization; cyber situation awareness; high level metrics visualization; network security level assessment; security information visualization  (ID#: 15-3813)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6980325&isnumber=6980232

 

Han Huang; Jun Zhang; Guanglong Xie, "Research on the Future Functions And Modality Of Smart Grid And Its Key Technologies," Electricity Distribution (CICED), 2014 China International Conference on,  pp.1241,1245, 23-26 Sept. 2014. doi: 10.1109/CICED.2014.6991905 Power network is important part of national comprehensive energy resources transmission system in the way of energy security promise and the economy society running. Meanwhile, because of many industries involved, the development of grid can push national innovation ability. Nowadays, it makes the inner of smart grid flourish that material science, computer technique and information and communication technology go forward. This paper researches the function and modality of smart grid on energy, geography and technology dimensions. The analysis on the technology dimension is addressed on two aspects which are network control and interaction with customer. The mapping relationship between functions fo smart grid and eight key technologies, which are Large-capacity flexible transmission technology, DC power distribution technology, Distributed power generation technology, Large-scale energy storage technology, Real-time tracking simulation technology, Intelligent electricity application technology, The big data analysis and cloud computing technology, Wide-area situational awareness technology, is given. The research emphasis of the key technologies is proposed.

Keywords: Big Data; cloud computing; distributed power generation ;energy security; energy storage; flexible AC transmission systems; power engineering computing; smart power grids; DC power distribution technology ;Large-scale energy storage technology; big data analysis; cloud computing technology; distributed power generation; energy resource transmission system; energy security; geography dimension; intelligent electricity application technology; large-capacity flexible transmission technology; power network control ;real-time tracking simulation technology; smart grid modality; wide-area situational awareness technology; Abstracts; Batteries; Electricity ;Integrated circuit interconnections; Natural gas; Reliability; Smart grids; development; function and state; key technology; smart grid  (ID#: 15-3814)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6991905&isnumber=6991649

 

Jandel, M.; Svenson, P.; Johansson, R., "Fusing Restricted Information," Information Fusion (FUSION), 2014 17th International Conference on, pp. 1, 9, 7-10 July 2014 Information fusion deals with the integration and merging of data and information from multiple (heterogeneous) sources. In many cases, the information that needs to be fused has security classification. The result of the fusion process is then by necessity restricted with the strictest information security classification of the inputs. This has severe drawbacks and limits the possible dissemination of the fusion results. It leads to decreased situational awareness: the organization knows information that would enable a better situation picture, but since parts of the information is restricted, it is not possible to distribute the most correct situational information. In this paper, we take steps towards defining fusion and data mining processes that can be used even when all the underlying data that was used cannot be disseminated. The method we propose here could be used to produce a classifier where all the sensitive information has been removed and where it can be shown that an antagonist cannot even in principle obtain knowledge about the classified information by using the classifier or situation picture.

Keywords: data integration; data mining; merging; security of data; sensor fusion; data integration; data merging; data mining processes; information security classification; restricted information fusion; Databases; Fuses; Information filters; Security; Sensitivity; classification; data mining; privacy preserving data mining; secrecy preserving fusion  (ID#: 15-3815)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6916020&isnumber=6915967

 

Craig, R.; Spyridopoulos, T.; Tryfonas, T.; May, J., "Soft Systems Methodology In Net-Centric Cyber Defence System Development," Systems, Man and Cybernetics (SMC), 2014 IEEE International Conference on, pp.672,677, 5-8 Oct. 2014. doi: 10.1109/SMC.2014.6973986 Complexity is ever increasing within our information environment and organisations, as interdependent dynamic relationships within sociotechnical systems result in high variety and uncertainty from a lack of information or control. A net-centric approach is a strategy to improve information value, to enable stakeholders to extend their reach to additional data sources, share Situational Awareness (SA), synchronise effort and optimise resource use to deliver maximum (or proportionate) effect in support of goals. This paper takes a systems perspective to understand the dynamics within a net-centric information system. This paper presents the first stages of the Soft Systems Methodology (SSM), to develop a conceptual model of the human activity system and develop a system dynamics model to represent system behaviour, that will inform future research into a net-centric approach with information security. Our model supports the net-centric hypothesis that participation within a information sharing community extends information reach, improves organisation SA allowing proactive action to mitigate vulnerabilities and reduce overall risk within the community. The system dynamics model provides organisations with tools to better understand the value of a net-centric approach, a framework to determine their own maturity and evaluate strategic relationships with collaborative communities.

Keywords: information systems; security of data; SA; SSM; collaborative communities; complexity; data sources; human activity system; information environment; information reach; information security; information sharing community; information value; interdependent dynamic relationships; net-centric approach; net-centric cyber defence system development; net-centric hypothesis; net-centric information system; situational awareness; sociotechnical systems; soft systems methodology; system behaviour; system dynamics model; Collaboration; Communities; Information security; Modeling; Command and Control; Distributed Information Systems; Net-Centric; Situational Awareness; System Dynamics  (ID#: 15-3816)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6973986&isnumber=6973862

 

Major, S.; Fekovic, E., "Securing Intelligent Substations: Real-Time Situational Awareness," Energy Conference (ENERGYCON), 2014 IEEE International, pp.711,715, 13-16 May 2014. doi: 10.1109/ENERGYCON.2014.6850504 A system implementing real-time situational awareness through discovery, prevention, detection, response, audit, and management capabilities is seen as central to facilitating the protection of critical infrastructure systems. The effectiveness of providing such awareness technologies for electrical distribution companies is being evaluated in a series of field trials: (i) Substation Intrusion Detection / Prevention System (IDPS) and (ii) Security Information and Event Management (SIEM) System. These trials will help create a realistic case study on the effectiveness of such technologies with the view of forming a framework for critical infrastructure cyber security defense systems of the future.

Keywords: power engineering computing; security of data; substation automation; IDPS; SIEM system; critical infrastructure cyber security defense system; critical infrastructure system; electrical distribution companies; intelligent substation; real-time situational awareness; security information and event management system; substation intrusion detection-prevention system; Computer security; Monitoring; Protocols; Real-time systems; Substations; Critical Infrastructure; Cyber Security;DNP3;IDPS;IDS;IEC61850;IPS; SIEM  (ID#: 15-3817)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6850504&isnumber=6850389

 

Kaci, A.; Kamwa, I.; Dessaint, L.A.; Guillon, S., "Synchrophasor Data Baselining and Mining for Online Monitoring of Dynamic Security Limits," Power Systems, IEEE Transactions on, vol.29, no .6, pp. 2681, 2695, Nov. 2014. doi: 10.1109/TPWRS.2014.2312418 When the system is in normal state, actual SCADA measurements of power transfers across critical interfaces are continuously compared with limits determined offline and stored in look-up tables or nomograms in order to assess whether the network is secure or insecure and inform the dispatcher to take preventive action in the latter case. However, synchrophasors could change this paradigm by enabling new features, the phase-angle differences, which are well-known measures of system stress, with the added potential to increase system visibility. The paper develops a systematic approach to baseline the phase-angles versus actual transfer limits across system interfaces and enable synchrophasor-based situational awareness (SBSA). Statistical methods are first used to determine seasonal exceedance levels of angle shifts that can allow real-time scoring and detection of atypical conditions. Next, key buses suitable for SBSA are identified using correlation and partitioning around medoid (PAM) clustering. It is shown that angle shifts of this subset of 15% of the network backbone buses can be effectively used as features in ensemble decision tree-based forecasting of seasonal security margins across critical interfaces.

Keywords: SCADA systems; data mining; pattern clustering; phasor measurement; power engineering computing; power system security; table lookup; PAM clustering; SBSA; SCADA measurements; angle shifts; critical interfaces; dynamic security limits; look-up tables; medoid clustering; network backbone buses; nomograms ;online monitoring; phase-angle differences; power transfer measurement; seasonal security margins; synchrophasor data baselining; synchrophasor-based situational awareness; system interfaces; system stress; system visibility; Data mining; Monitoring; Phasor measurement units; Power system reliability; Power system stability; Security; Stability criteria; Baselining; clustering; data mining; dynamic security assessment (DSA);partitioning around medoids (PAM); phasor measurement unit (PMU);random forest (RF);security monitoring; synchrophasor; system reliability  (ID#: 15-3818)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6782395&isnumber=6926883

 

Hussain, A.; Faber, T.; Braden, R.; Benzel, T.; Yardley, T.; Jones, J.; Nicol, D.M.; Sanders, W.H.; Edgar, T.W.; Carroll, T.E.; Manz, D.O.; Tinnel, L., "Enabling Collaborative Research for Security and Resiliency of Energy Cyber Physical Systems," Distributed Computing in Sensor Systems (DCOSS), 2014 IEEE International Conference on, pp.358,360, 26-28 May 2014. doi: 10.1109/DCOSS.2014.36 The University of Illinois at Urbana Champaign (Illinois), Pacific Northwest National Labs (PNNL), and the University of Southern California Information Sciences Institute (USC-ISI) consortium is working toward providing tools and expertise to enable collaborative research to improve security and resiliency of cyber physical systems. In this extended abstract we discuss the challenges and the solution space. We demonstrate the feasibility of some of the proposed components through a wide-area situational awareness experiment for the power grid across the three sites.

Keywords: fault tolerant computing; power engineering computing; power grids; security of data; collaborative research; cyber physical system resiliency; cyber physical system security; energy cyber physical systems; power grid; wide-area situational awareness experiment; Collaboration; Communities; Computer security; Data models; Phasor measurement units; Power systems; cyber physical systems; energy; experimentation  (ID#: 15-3819)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6846190&isnumber=6846129

 

Prosser, B.; Dawes, N.; Fulp, E.W.; McKinnon, A.D.; Fink, G.A., "Using Set-Based Heading to Improve Mobile Agent Movement," Self-Adaptive and Self-Organizing Systems (SASO), 2014 IEEE Eighth International Conference on,  pp.120,128, 8-12 Sept. 2014. doi: 10.1109/SASO.2014.24 Cover time measures the time (or number of steps) required for a mobile agent to visit each node in a network (graph) at least once. A short cover time is important for search or foraging applications that require mobile agents to quickly inspect or monitor nodes in a network, such as providing situational awareness or security. Speed can be achieved if details about the graph are known or if the agent maintains a history of visited nodes, however, these requirements may not be feasible for agents with limited resources, they are difficult in dynamic graph topologies, and they do not easily scale to large networks. This paper introduces a set-based form of heading (directional bias) that allows an agent to more efficiently explore any connected graph, static or dynamic. When deciding the next node to visit, agents are discouraged from visiting nodes that neighbor both their previous and current locations. Modifying a traditional movement method, e.g., random walk, with this concept encourages an agent to move toward nodes that are less likely to have been previously visited, reducing cover time. Simulation results with grid, scale-free, and minimum distance graphs demonstrate heading can consistently reduce cover time as compared to non-heading movement techniques.

Keywords: mobile agents; network theory (graphs);random processes; security of data; cover time; dynamic graph topology; foraging application; minimum distance graph; mobile agent movement; movement method; network (graph); nonheading movement technique; random walk; scale-free graph ;set-based heading; situational awareness; situational security; Electronic mail; Geography; History; Mobile agents; Security; Time measurement; Topology; cover time; heading; mobile agents; random walk  (ID#: 15-3820)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7001007&isnumber=7000942

Note:



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.