Carlos Caldera scite author profile

Urban critical infrastructure such as electric grids, water networks, and transportation systems are prime targets for cyberattacks. These systems are composed of connected devices which we call the Industrial Internet of Things (IIoT). An attack on urban critical infrastructure IIoT would cause considerable disruption to society. Supervisory control and data acquisition (SCADA) systems are typically used to control IIoT for urban critical infrastructure. Despite the clear need to understand the cyber risk to urban critical infrastructure, there is no data-driven model for evaluating SCADA software risk for IIoT devices. In this paper, we compare non-SCADA and SCADA systems and establish, using cosine similarity tests, that SCADA as a software subclass holds unique risk attributes for IIoT. We then disprove the commonly accepted notion that the common vulnerability scoring system risk metrics of exploitability and impact are not correlated with attack for the SCADA subclass of software. A series of statistical models are developed to identify SCADA risk metrics that can be used to evaluate the risk that a SCADA-related vulnerability is exploited. Based on our findings, we build a customizable SCADA risk prioritization schema that can be used by the security community to better understand SCADA-specific risk. Considering the distinct properties of SCADA systems, a data-driven prioritization schema will help researchers identify security gaps specific to this software subclass that is essential to our society's operations.

show abstract

A Master Attack Methodology for an AI-Based Automated Attack Planner for Smart Cities

Falco

Viswanathan

Caldera

et al. 2018

IEEE Access

View full text Add to dashboard Cite

NeuroMesh

Falco

Fedorov

et al. 2019

View full text Add to dashboard Cite

Internet-of-Things (IoT) devices are ubiquitous and growing rapidly in number. However, IoT manufacturers have focused on the functionality and features of the devices and made security an afterthought. Since IoT devices have small memory capacities and lowpower processors, many security firms have not been able to develop anti-malware software for these devices. Current IoT security solutions are heavy and unreliable. We have developed a lightweight IoT security solution that uses hacker tools against the hackers-in essence, a vaccine for IoT. Our software provides managed security and intelligence to IoT devices using a "friendly" botnet operated through a proven, existing communication infrastructure for distributed systems-the Bitcoin blockchain.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Carlos Caldera

IIoT Cybersecurity Risk Modeling for SCADA Systems

A Master Attack Methodology for an AI-Based Automated Attack Planner for Smart Cities

NeuroMesh

Contact Info

Product

Resources

About