“This was a broad conference. Some sessions dealt with computer and information science, while others discussed applications, such as transport, energy and payment systems”, says Simin Nadjm-Tehrani, professor in the Department of Computer and Information Science at LiU.
Several speakers took up current events, such as the Yellow Vest protests in Paris, Russia’s annexation of Crimea, and the drone attack on an oil field in Saudi Arabia. LiU scientist Björn Johansson described the consequences that may arise if payment systems such as SWIFT, Swish and payment by bank and credit cards suddenly fail.
When asked about which participant presented research she considers to be particularly interesting, Simin Nadjm-Tehrani mentions opening speaker Awais Rashid, professor of cyber security at the University of Bristol. He has spent several years investigating how different groups manage attacks against important infrastructure.
“He created a game, or an exercise, in which twelve different groups – safety experts, IT specialists and managers from academia and industry – managed an attack against an electricity supply facility. The various groups were awarded points and competed against each other”, says Simin Nadjm-Tehrani.
The exercise was visualised using Lego bricks. The different bricks represented different types of cyber protection, such as firewalls, and physical entities, such as server halls.
“The participants were presented with a scenario. ‘You have been the subject of an attack. A control unit is out of function, and this part of the production is now at a stand still. How do you react?’ The participants were given a limited budget and could choose between different measures, such as purchasing a new intrusion detection system or installing CCTV.”
The exercise was run on several occasions. The different groups were awarded points, depending on the result.
“The experiment showed that the security experts achieved the poorest results. Managers did unexpectedly well. They didn’t have huge amounts of domain-specific or IT expertise, but could obtain the information needed to make the right decisions. The IT specialists achieved the best results”, says Simin Nadjm-Tehrani.
Another speaker who Simin Nadjm-Tehrani mentions is David Nicol from the University of Illinois at Urbana-Champaign. He presented methods to protect major facilities in which physical units are connected over networks to control systems. Examples are an electricity supply facility and a train traffic control centre.
“An attack against such a facility may target solely the IT components. In this case, however, it is similar to any attack against IT systems, and we know a lot about security in such cases. But how can we best protect against attacks that attempt to reach the physical units through the network?” asks Simin Nadjm-Tehrani.
David Nicol used graph theory to illustrate the possibilities of using the network to gain access to the physical units in a facility.
“It’s difficult to calculate the combinatory pathways to reach the various units, since a unit can be reached in many ways.”
This information, however, can help to decide how the facility can be defended most effectively.
“Should you invest most money into protecting the shortest route to a unit, or another route? Again, this is a difficult problem in combinational mathematics. David Nicol presented methods for how to determine orientation and determine which nodes are most appropriate, given certain initial parameters”, says Simin Nadjm-Tehrani.
A third speaker who Simin Nadjm-Tehrani mentions is Yves Rougier, a civil servant in the French Ministry for the Ecological and Inclusive Transition. He discussed communication in an emergency situation, presenting what is known as a “hybrid scenario” in which a bomb explodes in the Paris metro, while an attack on information transfer takes place at the same time, and a campaign of disinformation in social media.
As an example of a hybrid attack that actually took place, Yves Rougier described an event during the Yellow Vest demonstrations in Paris. The protestors initially wanted to stop the traffic.
“But they were too few for this, and had to come up with another plan. If you opened Google maps on these days it said that certain roads were closed, even though this was not the case. The Yellow Vest protestors had managed to paralyse the traffic using false information. They would have needed several large lorries to close these roads on the ground, but they realised that physical measures were not necessary. The attack instead took place on a social level”, says Simin Nadjm-Tehrani.
The apparent closure of central roads in Paris created major delays. In the scenario created by Yves Rougier, several severely injured people would have to be taken to hospital rapidly. He pointed out that if a bomb exploded in the metro system while the traffic was also disrupted, this would have huge consequences.
“A city must be able to analyse this type of threat in advance. It must have a plan ready to deal with such threats. For example, what measures can it take to ensure that that disinformation is not spread?”
One way, according to Yves Rougier, is that institutions and organisations, such as train operators, use social media in an informative and credible manner during everyday life and during minor events, such that they are always considered to be reliable.
“They must be so credible that people don’t even think about listening to anyone else: they go directly to the social media channels of these institutions”, says Simin Nadjm-Tehrani.
Translated by George Farrants