Critical Infrastructures Protection

Critical Information Infrastructure Protection

The protection of Critical (Information) Infrastructures (CII/CI) is becoming one of the most cutting-edge research areas in recent years. Private and public entities are joining efforts to offer attractive solutions so as to face threatening situations that can alter business continuity of a system and the deliberation of essential services to end-users (citizens, industries, governments, etc.). However, this is not a trivial task since these types of systems are more and more dependent on ICT for the management of services and critical information. This dependence involves that topics related to security and protection should be considered, in which situational awareness, prevention and response should be priority aspects within such a protection. Namely, any fault, anomaly, physical or cyber-attack could can put the operational performance, security and safety of a system at risk, where the effect may propagate itself towards other critical infrastructures, with high probability of hampering their functionalities and services due to existing interdependency relationships.

Since 2006, NICS Lab. has been working on all of these topics with important progresses within the area, resulting in the development of a Marie-Curie postdoctoral fellowship (CAIN) on topics related to Smart Grids, a doctoral thesis “Interconnected Sensor Networks for Critical Information Infrastructure Protection”, the organization of International events (CRITIS) [1], edition of books on CIP [2], intensive collaboration with International organizations (e.g., NIST), and participating in diverse types of research projects (see figure). Thanks to the support of these projects, NICs has had the chance to work with energy companies, such as Telvent or Endesa, and collaborate with other Universities working on the CIP field. 


One of the main research areas developed by NICS is wide-area situational awareness [3], which includes prevention through early warning systems, intrusion detection and response to cyber-attacks, anomalies, incidents or faults. However, we are also aware that security topics are also keys to prevent specific events related to deficiencies and vulnerabilities registered in the underlying system. Some common exposures to vulnerabilities in control systems are for example: incomplete or inefficient security policies and access control, deficient protection in the perimeter where security systems (e.g. firewalls or intrusion detection systems) are based on inaccurate rules/patterns, interoperability issues and conflicts, abuse and use of weak security credentials based on username-password with high visibility and low update using insecure cryptosystems, vulnerable TCP/IP-based protocols, implementation bugs, non-segregation of functions, interferences or industrial noise, strong dependence on third-parties’ components, and so on [4]. On the other hand, the modernization of energy systems through a smarter control and collaboration of diverse stakeholders for a more efficient power production and distribution have encouraged us to consider, not only topics of protection, but also topics related to privacy of user's information can be available to human operators to improve the real demand or efficiently control the production levels. This is thanks to the new Automated Metering Infrastructures (AMI) that allow a bidirectional communication between the user premise (containing smart meters) and control systems, where critical information is generally transferred to wide area networks [5]. In order to model these complex systems, NICS also consider topics related to controllability to model the most critical parts of a system (such as, generators, smart meters, sensors, state estimators, etc.) and understand the effects that a threat can have over the control of the entire system [6].

Protection through wide-area situational awareness (WASA)

Within the WASA context, we highlight the relevance of the pervasive technology of WSN to constantly protect critical infrastructures in general [7][8], and the technology of cloud computing by offering massive storage and support when automation substations are isolated and uncontrolled [9]. In fact, NICS has recently built a methodological framework that include both technologies as priorities for WASA [3]. This methodology, applicable for any critical environment, aims to prevent the occurrence of anomalies or cyber-attacks inside a critical infrastructure and its control system, considering high-level services (possibly with automatic capacities) to provide fast response, maintenance and accounting. For this effectiveness, the methodology is focused on a hybrid perspective, where human operators are fundamentals inside the field, and on context-awareness to facilitate the use of high-level functionalities such as machine learning. However, the fact of depending on pervasive technologies for context-awareness also involves considering security to level of key management to protect the routing of critical information [10]. These aspects have been of great interest to the  CRISIS project where topics related to key management systems for conventional and industrial sensor networks (see the following figure) have broadly been questioned in [11]. Note that FACIES also works within the concept of WASA by dealing with topics related to intrusion detection [12], anomaly detection and stealth attacks.


As noted in the second figure, NICS also works with industrial sensor networks. To understand the applicability of this technology in SCADA systems, a set of requirements and protocols has been analysed in-depth during the development of ARES. In particular, we have researched the role of this technology and its communication protocols, such as ZigBee (PRO and ZigBee Smart Energy), WirelessHART and ISA100.11a [10] in the monitoring tasks, showing its capacities to offer an alternative support to the control. However, the adaptation of this technology may bring about numerous security problems, vulnerabilities and threats, where most of them are mainly caused by insiders [13]. In addition, we concluded that ISA100.11a is the one of the most suitable industrial communication protocols to be applied in industrial scenarios by providing security mechanisms and prioritization. Moreover, part of these studies also have allowed us to extend our work [11] to consider new (symmetric/asymetric) key management schemes related to industry. As a result of this investigation, a web tool called senseKey [14] has been provided to suggest the most appropriate key management schemes for particular critical environments [15].

Secure monitoring of critical infrastructures

Given that control systems (e.g., SCADA systems) are more and more dependent on ICT for supervision and data acquisition, in which TCP/IP connections and wireless communication are being adopted, for improving monitoring tasks, securization of networks and equipment [16][17][18][19]. Through ATENEA and eCID, we have been able to identify critical sections, offer security solutions and evaluate threats taking into account security policies (e.g. NIST 800-53, NERC-CIP 002-009) and problems associated to technologies and communications (e.g. the Internet, wireless communication, RFID, WSNs, etc.), access control, communication protocols (e.g. DNP3, Modbus-TCP, IEC-104, ICCP), and other related security issue [20]. Given that wireless technologies are quite demanded for local monitoring, we have analyzed the connectivity benefits and problems when sensor nodes have to connect by themselves from remote substations to the SCADA Centre [21]. However, the fact of considering these elements as part of IoT [21][22] entails to analyze aspects of security, and a tradeoff between security and operational performance. Moreover, a way of evaluating this trade-off would be through a study of dependencies between SCADA elements, technologies and security mechanisms such as the ones carried out in [23]. This study is a result of the work performed in PISCIS, where different SCADA systems have to interact with each other. This degree of interaction increases the probabilities of dependency and interdependence relationships.

With respect to models, we have proposed some dynamic and automatic solutions to comply with the WASA concept and improve the control. For example, we have proposed in [24] a semi-automatic alarm management model based on reputation to assign critical alarms according to human operators' experience, availability and workload. Likewise the functional capabilities of the ISA100.11a standard has allowed us to model preventive and reactive systems with ability to anticipate, detect, warn and respond to incidents or threats. For example, we have built several early warning systems based on forensic techniques [25] and on reputation [26]. For the construction of these solutions, we have considered the prevention methodologies given in PROTECT-IC, and thereby overcoming some of the lacks of security identified during the development of this project.

As part of the secure monitoring of other critical infrastructures, we are working on the following research areas within CIP:

  • Security in Smart Grid systems

Thanks to CAIN, TIGRIS and SECRET, NICS is addressing some interesting research activities within the control and security field for Smart Grid environments. In particular, we have modeled and simulated solutions for control and protection of particular subdomains of the Smart Grids, such as power (generation, transmission and distribution) substations. Most of these solutions mainly share some technologies such as the use of the WSNs and cloud computing, and the ISA100.11a standard for the alarm management and prioritization. This is the case of the PDR mechanism [27], which is composed of a set of modules for prevention and response. This work, resulted of a direct collaboration with the NIST, deals with offering a rapid and anticipated response by analysing, from a probabilistic standpoint, the frequency of alarms received in a short time period. Similarly, the work developed in [28] deals with topics of prevention and response but using a hierarchical configuration where the cluster heads of WSNs serve as judges in charge of controlling the degree of accuracy of the observation subsystem. In this way, if nodes and sensors acting as judges get into a consensus between them, a second judge (the gateway, in our case) is in charge of evaluating the degree of accuracy taken by both the observation system and the cluster heads. This double security not only increases the protection in the field, but also the reliability of such a protection. As an extension of this work, [29] deals with the same proposal but considering the cloud technology for state recovery and the F-Measure technique to evaluate the level of false positive/negative performed by a forecast scheme proposed in this paper, which is based on transition probabilities. Moreover, taking account the capacities of the F-Measure technique, we have recently proposed and implemented in [30] a diagnostic mechanism to detect infrastructural anomalies, threats and anomalous behaviour in Smart Grid domains, offering support for the industry.

Most of these solutions follow the hybrid perspective defined in [3], where human operators are able to interact with the critical infrastructure at all times. However, it is necessary to control the degree of interactivity of human operators. Any inappropriate interaction or activity within the system may put the security or operational performance at risk, which is often caused by human errors (incidents, faults, ignorance, lack of training...) or malicious threat. For this reason, we have designed in [31] a smart control system with the capacity to dynamically manage incidents according to a set of factors, such as experience, execution time and resolution degree of a problem.

Note that the last study is a result of the work developed in SECRET, which is performed within the Smart Grid field. Through this project, we have learned from new vulnerabilities and cyber-attacks associated to not only energy substations, but also to user's premises where user's information is managed by smart meters. Our goal here consisted in identifying new vulnerabilities and threats, security gaps and privacy issues [5][32], as well as to provide some attractive solutions to overcome some security problems. In contrast, our role in TIGRIS focuses on designing a secure platform with the ability to integrate different Smart Grid components (AMIs, substations (DERs, microgrids, etc.), control systems, user premises and market), in which a set of stakeholders (operators, users, providers, etc.), communication infrastructures (the Internet and cloud computing), technologies (servers, RTUs, sensors, smart meters, handheld devices, etc.) and security mechanisms have to coexist to carry out a common proposal: to efficiently produce power according to the real demand.

In order to model these complex systems and show the control relation of the elements that comprises a Smart Grid (e.g., control of actuators, smart meters, state estimators, sensors, RTUs, etc.), aspects of controllability are currently being considered within CAIN. Our goal is to analyse the behaviour of power networks under adversarial influences [33][6] in order to provide restoration strategies of dominance structures. This is possible through graph theory that helps represent networks from a theoretical point of view.

 Security in water supply and treatment systems

Within the context of FACIES, NICS are currently working on topics related to prevention [3] and the development of a methodology for intrusion and anomaly detection. However, this is not a trivial task, since it is not easy to specify and limit the boundaries between a normal situation and an abnormal/critical situation, in which a set of research challenges are arising within our investigations. For example, although any solution mentioned above can be exported to this type of scenario, the goal here is to deal with finding the way to rapidly and efficiently identify, warn and respond against stealth attacks, and in this way to avoid or mitigate any possible threatening situation [23]. A stealth attack consists in quietly operating a set of techniques to drive a set of malicious actions that compromise critical nodes with a low visibility. An example of precisely this type of threat was the Stuxnet worm in 2010. It was considered the first malware designed specifically for writing, reading and localizing critical sections in the PLCs of Siemens without leaving activity evidences. Note that these types of threats must be extensively analysed for TIGRIS, but considering the Smart Grid context.


  1. J. Lopez, and B. M. H"ammerli Eds., "Critical Information Infrastructures Security, Second International Workshop, CRITIS 2007, Málaga, Spain, October 3-5, 2007. Revised Papers",
    CRITIS, vol. 5141, Springer, 2007. DOI More..
  2. J. Lopez, R.. Setola, and S.. Wolthusen Eds., "Advances in Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense",
    LNCS, vol. 6715, Springer, 2012. More..
  3. C. Alcaraz, and J. Lopez, "Wide-Area Situational Awareness for Critical Infrastructure Protection",
    IEEE Computer, vol. 46, no. 4, IEEE Computer Society, pp. 30-37, 2013. DOI (I.F.: 1.438)More..


    Combining a wide-area situational awareness (WASA) methodological framework with a set of requirements for awareness construction can help in the development and commissioning of future WASA cyberdefense solutions


    Impact Factor: 1.438
    Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

  4. C. Alcaraz, and S.. Zeadally, "Critical Control System Protection in the 21st Century: Threats and Solutions",
    IEEE Computer, vol. 46, no. 10, IEEE Computer Society, pp. 74 - 83, 2013. DOI (I.F.: 1.438)More..


    Information systems, networks, and technologies have become an integral part of modern critical control systems that manage many of today’s critical infrastructures. The continuous operation, maintenance, and protection of critical infrastructures have become a high national priority for governments around the world because our society heavily depends on them for most of our daily activities (travel, power usage, banking transactions, telecommunications, etc) and safety. It is therefore critical that these infrastructures have to be protected from potential accidental incidents or cyberattacks. We present the fundamental architectural components of critical control systems which manage most critical infrastructures. We identify some of the vulnerabilities and threats to modern critical control systems followed by protection solutions that can be deployed to mitigate attacks exploiting these vulnerabilities.

    Impact Factor: 1.438
    Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

  5. S.. Zeadally, A.. Pathan, C. Alcaraz, and M.. Badra, "Towards Privacy Protection in Smart Grid",
    Wireless Personal Communications, vol. 73, Springer, pp. 23-50, Nov 2013, 2012. DOI (I.F.: 0.428)More..


    The smart grid is an electronically controlled electrical grid that connects power generation, transmission, distribution, and consumers using information communication technologies. One of the key characteristics of the smart grid is its support for bi-directional information flow between the consumer of electricity and the utility provider. This two-way interaction allows electricity to be generated in real-time based on consumers’ demands and power requests. As a result, consumer privacy becomes an important concern when collecting energy usage data with the deployment and adoption of smart grid technologies. To protect such sensitive information it is imperative that privacy protection mechanisms be used to protect the privacy of smart grid users. We present an analysis of recently proposed smart grid privacy solutions and identify their strengths and weaknesses in terms of their implementation complexity, efficiency, robustness, and simplicity.


    Impact Factor: 0.428
    Journal Citation Reports® Science Edition (Thomson Reuters, 2012)

  6. C. Alcaraz, E. Etcheves Miciolino, and S. Wolthusen, "Multi-Round Attacks on Structural Controllability Properties for Non-Complete Random Graphs",
    The 16th Information Security Conference (ISC), vol. 7807, Springer, pp. 140–151, 09/2015. DOI More..


     The notion of controllability, informally the ability to force a system into a desired state in a finite time or number of steps, is most closely associated with control systems such as those used to maintain power networks and other critical infrastructures, but has wider relevance in distributed systems. It is clearly highly desirable to understand under which conditions attackers may be able to disrupt legitimate control, or to force overriding controllability themselves. Following recent results by Liu et al., there has been considerable interest also in graph-theoretical interpretation of Kalman controllability originally introduced by Lin, structural controllability. This permits the identification of sets of driver nodes with the desired state-forcing property, but determining such nodes is aW[2]-hard problem. To extract these nodes and represent the control relation, here we apply the POWER DOMINATING SET problem and investigate the effects of targeted iterative multiple-vertex removal. We report the impact that different attack strategies with multiple edge and vertex removal will have, based on underlying non-complete graphs, with an emphasis on power-law random graphs with different degree sequences.

  7. J. Lopez, C. Alcaraz, and R. Roman, "On the Protection and Technologies of Critical Information Infrastructures.",
    On Foundations of Security Analysis and Design IV, FOSAD 2006/2007, Springer, LNCS 4677, pp. 160-182, 2007. DOI More..


    Critical Infrastructures are complex and highly interconnected systems that are crucial for the well-being of the society. Any type of failure can cause significant damage, affecting one or more sectors due to their inherent interdependency. Not only the infrastructures are critical, but also the information infrastructures that manage, control and supervise them. Due to the seriousness of the consequences, the protection of these critical (information) infrastructures must have the highest priority. It is the purpose of this book chapter to review and discuss about these infrastructures, to explain their elements, and to highlight their research and development issues. This chapter will also discuss the role of Wireless Sensor Network (WSN) technology in the protection of these infrastructures.

  8. R. Roman, C. Alcaraz, and J. Lopez, "The Role of Wireless Sensor Networks in the Area of Critical Information Infrastructure",
    Information Security Technical Report, vol. 12, no. 1, Elsevier, pp. 24-31, 2007. DOI More..


    Critical Infrastructures, such as energy, banking, and transport, are an essential pillar to the well-being of the national and international economy, security and quality of life. These infrastructures are dependent on a spectrum of highly interconnected information infrastructures for their smooth, reliable and continuous operation. The field of protecting such Critical Information Infrastructures, or CIIP, faces numerous challenges, such as managing the secure interaction between peers, assuring the resilience and robustness of the overall system, and deploying warning and alert systems, amongst others. In this tapestry of CIIP, Wireless Sensor Networks can be used as an invaluable tool due to their intelligent distributed control capabilities, alongside with their capability to work under severe conditions. In this paper, we justify why Wireless Sensor Networks technology is suitable for providing security for these scenarios, describing both their advantages and research issues and their role in the overall scheme of protecting the Critical Information Infrastructures.

  9. C. Alcaraz, I. Agudo, D. Nuñez, and J. Lopez, "Managing Incidents in Smart Grids à la Cloud",
    IEEE CloudCom 2011, IEEE Computer Society, pp. 527-531, Nov-Dec 2011. DOI More..


    During the last decade, the Cloud Computing paradigm has emerged as a panacea for many problems in traditional IT infrastructures. Much has been said about the potential of Cloud Computing in the Smart Grid context, but unfortunately it is still relegated to a second layer when it comes to critical systems. Although the advantages of outsourcing those kind of applications to the cloud is clear, data confidentiality and operational privacy stand as mayor drawbacks. In this paper, we try to give some hints on which security mechanisms and more specific, which cryptographic schemes, will help a better integration of Smart Grids and Clouds. We propose the use of Virtual SCADA in the Cloud (VS-Cloud) as a mean to improve reliability and efficiency whilst maintaining the same protection level as in traditional SCADA architectures.


  10. C. Alcaraz, and J. Lopez, "A Security Analysis for Wireless Sensor Mesh Networks in Highly Critical Systems",
    IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, vol. 40, no. 4, IEEE, pp. 419-428, July, 2010. DOI (I.F.: 2.105)More..


    Nowadays, critical control systems are a fundamental component contributing to the overall performance of critical infrastructures in our society, most of which belong to the industrial sector. These complex systems include in their design different types of information and communication technology systems, such as wireless (mesh) sensor networks, to carry out control processes in real time. This fact has meant that several communication standards, such as Zigbee PRO, WirelessHART, and ISA100.11a, have been specified to ensure coexistence, reliability, and security in their communications. The main purpose of this paper has been to review these three standards and analyze their security. We have identified a set of threats and potential attacks in their routing protocols, and we consequently provide recommendations and countermeasures to help Industry protect its infrastructures.

    Impact Factor: 2.105
    Journal Citation Reports® Science Edition (Thomson Reuters, 2010)

  11. C. Alcaraz, and R. Roman, "Applying Key Infrastructures for Sensor Networks in {CIP/CIIP} Scenarios",
    1st International Workshop on Critical Information Infrastructures Security (CRITIS’06), LNCS 4347, Springer Berlin / Heidelberg, pp. 166-178, 2006. DOI More..


    It is commonly agreed that Wireless Sensor Networks (WSN) is one of the technologies that better fulfills features like the ones required by Critical (Information) Infrastructures. However, a sensor network is highly vulnerable against any external or internal attacks, thus network designers must know which are the tools that they can use in order to avoid such problems. In this paper we describe in detail a procedure (the KMS Guidelines), developed under our CRISIS project, that allows network designers to choose a certain Key Management System, or at least to know which protocol need to improve in order to satisfy the network requirements.

  12. L. Cazorla, C. Alcaraz, and J. Lopez, "Towards Automatic Critical Infrastructure Protection through Machine Learning",
    8th International Conference on Critical Information Infrastructures Security, vol. 8328, Springer, pp. 197-203, 2013. DOI More..


    Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology

  13. Citekey alcaraz2009a not found
  14. R. Roman, J. Lopez, C. Alcaraz, and H. Hwa Chen, "SenseKey - Simplifying the Selection of Key Management Schemes for Sensor Networks",
    5th International Symposium on Security and Multimodality in Pervasive Environments (SMPE’11), IEEE, March, 2011. DOI More..


    Key Management Schemes (KMS) are a very important security mechanism for Wireless Sensor Networks (WSN), as they are used to manage the credentials (i.e. secret keys) that are needed by the security primitives. There is a large number of available KMS protocols in the literature, but it is not clear what should network designers do to choose the most suitable protocol for the needs of their applications. In this paper, we consider that given a certain set of application requirements, the network designer can check which properties comply with those requirements and select the KMS protocols that contains those particular properties. Therefore, we study the relationship between requirements and properties, and we provide a web tool, the SenseKey tool, that can be used to automatically obtain an optimal set of KMS protocols.

  15. C. Alcaraz, J. Lopez, R. Roman, and H-H. Chen, "Selecting key management schemes for WSN applications",
    Computers & Security, vol. 31, no. 38, Elsevier, pp. 956–966, Nov 2012. DOI (I.F.: 1.158)More..


    Key management in wireless sensor networks (WSN) is an active research topic. Due to the fact that a large number of key management schemes (KMS) have been proposed in the literature, it is not easy for a sensor network designer to know exactly which KMS best fits in a particular WSN application. In this article, we offer a comprehensive review on how the application requirements and the properties of various key management schemes influence each other. Based on this review, we show that the KMS plays a critical role in determining the security performance of a WSN network with given application requirements. We also develop a method that allows the network designers to select the most suitable KMS for a specific WSN network setting. In addition, the article also addresses the issues on the current state-of-the-art research on the KMS for homogeneous (i.e. non-hierarchical) networks to provide solutions for establishing link-layer keys in various WSN applications and scenarios.

    Impact Factor: 1.158
    Journal Citation Reports® Science Edition (Thomson Reuters, 2012)

  16. Citekey alcaraz2011achapterbook not found
  17. C. Alcaraz, R. Roman, P. Najera, and J. Lopez, "Acceso seguro a redes de sensores en SCADA a través de Internet",
    XI Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2010), pp. 337-342, September, 2010. More..


    Las Infraestructuras Críticas (ICs) son monitorizadas por sistemas altamente complejos, conocidos como sistemas SCADA (Sistemas de Control y Adquisición de Datos), cuyo principal soporte se encuentra en las subestaciones, las cuales miden de primera instancia el estado real de tales ICs. Para mejorar este control, la industria está actualmente demandando la integración en el modelo tradicional de dos avances tecnológicos: Internet y las redes de sensores inalámbricas. Sin embargo, su incorporación requiere analizar los requisitos de seguridad que surgen en dicho contexto, así como diversos aspectos correlacionados (ej. mantenimiento, rendimiento, seguridad y optimización) y, en base a estos, la estrategia de integración más adecuada para satisfacer dichos requisitos. Este artículo proporciona dicho análisis en profundidad con el fin de ofrecer un modelo de integración seguro adecuado para entornos críticos.

  18. C. Alcaraz, G. Fernandez, R. Roman, A. Balastegui, and J. Lopez, "Secure Management of SCADA Networks",
    Novatica, New Trends in Network Management, vol. 9, no. 6, Cepis UPGRADE, pp. 22-28, December, 2008. More..


    When a Supervisory Control and Data Acquisition (SCADA) system monitors and manages other complex infrastructures through the use of distributed technologies, it becomes a critical infrastructure by itself: A failure or disruption in any of its components could implicate a serious impact on the performance of the other infrastructures. The connection with other systems makes a SCADA system more vulnerable against attacks, generating new security problems. As a result, it is essential to perform diverse security analysis frequently in order to keep an updated knowledge and to provide recommendations and/or solutions to mitigate or avoid anomalous events. This will facilitate the existence of a suitable, reliable, and available control network.

  19. Citekey not found
  20. C. Alcaraz, G. Fernandez, R. Roman, A. Balastegui, and J. Lopez, "Gestión segura de redes SCADA",
    Nuevas tendencias en gestión de redes, Novática, no. 196, CEPIS, pp. 20-25, December, 2008. More..


    En el momento que se introduce en el mercado nuevas tecnologías basadas en entornos distribuidos comienzan a surgir en paralelo nuevos problemas de seguridad en los sistemas SCADA (Supervisory Control and Data Acquisition), los cuales monitorizan y gestionan otras infraestructuras de gran complejidad y escala. Un fallo o una interrupción en uno de sus componentes podría suponer un impacto negativo sobre la funcionalidad de otras infraestructuras, por lo que se hace necesario realizar frecuentes análisis de seguridad para así mantener actualizado el conocimiento y proveer recomendaciones y/o soluciones para mitigar o evitar futuras ocurrencias, garantizando una gestión de red fiable y siempre disponible.

  21. C. Alcaraz, R. Roman, P. Najera, and J. Lopez, "Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things",
    Ad Hoc Networks, vol. 11, Elsevier, pp. 1091–1104, 2013. DOI (I.F.: 1.943)More..


    The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.

    Impact Factor: 1.943
    Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

  22. R. Roman, J. Lopez, and C. Alcaraz, "Do Wireless Sensor Networks Need to be Completely Integrated into the Internet?",
    3rd CompanionAble Workshop - Future Internet of People, Things and Services (IoPTS) eco-Systems, xxxx, pp. xxxx, December, 2009. More..


    Wireless sensor networks are considered as an integral part of the Internet of Things paradigm. Not only they provide a virtual presence to elements of the real world, but also allow any computationalsystem to know about the physical state of those elements thanks to the use of embedded sensors. In order to belong to the Internet of Things, the elements of a sensor network can implement Internet protocols and services such as the TCP/IP stack and web services. Still, a question that must be raised at this point of time is whether all sensor network applications should be completely integrated into the Internet or not. The purpose of this paper is to analyze this question, reviewing the challenges and security requirements of Internet-enabled sensor networks.

  23. C. Alcaraz, and J. Lopez, "Analysis of Requirements for Critical Control Systems",
    International Journal of Critical Infrastructure Protection (IJCIP), vol. 5, Elsevier, pp. 137–145, 2012. DOI (I.F.: 0.63)More..


    The use of modern information and communications technologies in supervisory control and data acquisition (SCADA) systems used in the critical infrastructure has become an important topic of research. The modernization significantly enhances operational performance, but also introduces security issues and the associated risks. This paper formally analyzes how the introduction of new technologies can impact control systems and ultimately affect the performance of the critical infrastructure systems being controlled. Five control system requirements are identified with the goal of proposing new operational requirements that trade-off performance and security.

    Impact Factor: 0.63
    Journal Citation Reports® Science Edition (Thomson Reuters, 2012)

  24. C. Alcaraz, et al., "Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems",
    6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’09), Springer-Verlag, pp. 86-94, September, 2009. DOI More..


    SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.

  25. C. Alcaraz, A. Balastegui, and J. Lopez, "Early Warning System for Cascading Effect Control in Energy Control Systems",
    5th International conference on Critical Information Infrastructures Security (CRITIS’10), LNCS 6712, Springer, pp. 55-67, September, 2010. More..


    A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.

  26. C. Alcaraz, C. Fernandez-Gago, and J. Lopez, "An Early Warning System based on Reputation for Energy Control Systems",
    IEEE Transactions on Smart Grid, vol. 2, no. 4, IEEE, pp. 827-834, Nov 2011. DOI More..


    Most of energy control or SCADA (Supervisory Control and Data Acquisition) systems are very dependent on advanced technologies and on traditional security mechanisms for protecting the a system against anomalous events. Security mechanisms are not enough to be used in critical systems, since they can only detect anomalous events occurring at a certain moment in time. For this reason it becomes of paramount importance the usage of intelligent systems with capability for preventing anomalous situations and reacting against them on time. This type of systems are, for example, Early Warning Systems (EWS). In this paper, we propose an EWS based on Wireless Sensor Networks (WSNs) (under the ISA100.11a standard) and reputation for controling the network behaviour. The WSN are organized into clusters where a Cluster Head (CH) is designated. This CH will contain a Reputation Manager Module. The usability of this approach is also analyzed considering a Smart Grid scenario.} keywords = {Critical Information Infrastructures, Sensor Networks, Early Warning Systems, Reputation, SCADA Systems, Smart Grid.

  27. C. Alcaraz, and M. Sonmez, "PDR: A Prevention, Detection and Response Mechanism for Anomalies in Energy Control Systems",
    7th International Conference on Critical Information Infrastructures Security (CRITIS 2012), vol. 7722, pp. 22–33, 2013. More..


     Prevention, detection and response are nowadays considered to be three priority topics for protecting critical infrastructures, such as energy control systems. Despite attempts to address these current issues, there is still a particular lack of investigation in these areas, and in particular in dynamic and automatic proactive solutions. In this paper we propose a mechanism, which is called PDR, with the capability of anticipating anomalies, detecting anomalous behaviours and responding to them in a timely manner. PDR is based on a conglomeration of technologies and on a set of essential components with the purpose of offering situational awareness irrespective of where the system is located. In addition, the mechanism can also compute its functional capacities by evaluating its efficacy and precision in the prediction and detection of disturbances. With this, the entire system is able to know the real reliability of its services and its activity in remote substations at all times.

  28. C. Alcaraz, and J. Lopez, "Addressing Situational Awareness in Critical Domains of a Smart Grid",
    6th International Conference on Network and System Security (NSS 2012), LNCS 7645 7645, Springer-Verlag, pp. 58-71, November 2012. DOI More..


    Control and situational awareness are two very important aspects within critical control systems, since potential faults or anomalous behaviors could lead to serious consequences by hiding the real status of supervised critical infrastructures. Examples of these infrastructures are energy generation, transmission or distribution systems that belong to Smart Grid systems. Given the importance of these systems for social welfare and its economy, a situational awareness-based model, composed of a set of current technologies, is proposed in this paper. The model focuses on addressing and offering a set of minimum services for protection, such as prevention, detection, response, self-evaluation and maintenance, thereby providing a desirable protection in unplanned situations.


  29. C. Alcaraz, and J. Lopez, "WASAM: A Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids",
    Future Generation Computer Systems, vol. 30, Elsevier, pp. 146-154, 2014. DOI (I.F.: 2.786)More..


    Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of high-level functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.

    Impact Factor: 2.786
    Journal Citation Reports® Science Edition (Thomson Reuters, 2014)

  30. C. Alcaraz, and J. Lopez, "Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection",
    Computer Standards & Interfaces, vol. 36, issue 3, Elsevier, pp. 501-512, 2014. DOI (I.F.: 0.879)More..


     Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of  ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.

    Impact Factor: 0.879
    Journal Citation Reports® Science Edition (Thomson Reuters, 2014)

  31. J. Lopez, C. Alcaraz, and R. Roman, "Smart Control of Operational Threats in Control Substations",
    Computers & Security, vol. 38, Elsevier, pp. 14-27, OCT 2013. DOI (I.F.: 1.172)More..


    Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.

    Impact Factor: 1.172
    Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

  32. F.. Siddiqui, S.. Zeadally, C. Alcaraz, and S.. Galvao, "Smart Grid Privacy: Issues and Solutions",
    21st International Conference on Computer Communications and Networks (ICCCN), IEEE Computer Society, pp. 1-5, Jul 2012. DOI More..


    Migration to an electronically controlled electrical grid to transmit, distribute, and deliver power to consumers has helped enhance the reliability and efficiency of conventional electricity systems. At the same time, this digitally enabled technology called the Smart Grid has brought new challenges to businesses and consumers alike. A key component of such a grid is the smart-metering technology, which is used to collect energy consumption data from homes and transmitting it back to power distributors. A crucial concern is the privacy related to the collection and use of energy consumption data. We present an analysis of Smart Grid privacy issues and discuss recently proposed solutions that can protect the privacy of Smart Grid users.

  33. C. Alcaraz, E. Etcheves Miciolino, and S. Wolthusen, "Structural Controllability of Networks for Non-Interactive Adversarial Vertex Removal",
    8th International Conference on Critical Information Infrastructures Security, vol. 8328, Springer, pp. 120-132, 2013. DOI More..


    The problem of controllability of networks arises in a number of different domains, including in critical infrastructure systems where control must be maintained continuously. Recent work by Liu et al. has renewed interest in the seminal work by Lin on structural controllability, providing a graph-theoretical interpretation. This allows the identification of driver nodes capable of forcing the system into a desired state, which implies an obvious target for attackers wishing to disrupt the network control. Several methods for identifying driver nodes exist, but require undesirable computational complexity. In this paper, we therefore investigate the ability to regain or maintain controllability in the presence of adversaries able to remove vertices and implicit edges of the controllability graph. For this we rely on the POWER DOMINATING SET (PDS) formulation for identifying the control structure and study different attack strategies for multiple network models. As the construction of a PDS for a given graph is not unique, we further investigate different strategies for PDS construction, and provide a simulative evaluation.