Rafał Leszczyna

Bio: Rafał Leszczyna is an academic researcher from Gdańsk University of Technology. The author has contributed to research in topics: Security information and event management & Smart grid. The author has an hindex of 11, co-authored 42 publications receiving 332 citations. Previous affiliations of Rafał Leszczyna include Institute for the Protection and Security of the Citizen & International Practical Shooting Confederation.

A review of standards with cybersecurity requirements for smart grid

Abstract: Assuring cybersecurity of the smart grid is indispensable for the reliable operation of this new form of the electricity network. Experts agree that standardised solutions and practices should be applied in the first place. In recent years many new standards for smart grids have been published, which paradoxically results in the difficulty of finding a relevant publication in this plethora of literature. This paper presents results of a study which aimed at addressing this issue by identifying all standards that define cybersecurity requirements applicable to smart grids. Based on a systematic literature review seventeen relevant standards were identified that are described in this paper with a focus on the requirements and characterised with respect to evaluation criteria. The relationships between the standards have been analysed to understand where the standards overlap or complement each other and where they are completely independent – as far as cybersecurity requirements are concerned. This together with the requirements-focused descriptions of the standards can serve as a useful guidance on cybersecurity requirements for smart grid components that should help practitioners in choosing the standards that are applicable to their area or a specific problem.

Standards on Cyber Security Assessment of Smart Grid

Abstract: Security evaluation of communication systems in smart grid poses a great challenge to the developers and operators. In recent years, many new smart grid standards were proposed, which paradoxically results in the difficulty in finding a relevant publication in this plethora of literature. This paper presents the results of a systematic analysis which aimed at addressing this issue by identifying standards that present sound security assessment guidance. This should help practitioners in choosing the standards that are applicable to their area. Additionally the contents extracted from the standards can serve as a useful guidance on security assessments of smart grid components.

Trust case: justifying trust in an IT solution

Abstract: In the paper we present an approach to the trust case development for DRIVE, the IT infrastructure supporting the processes of drugs distribution and application. The objectives of DRIVE included safer and cheaper drugs distribution and application. The trust case represents an argument supporting the trustworthiness of the DRIVE solution. It is decomposed into claims that postulate some trust related properties. Claims differ concerning their abstraction level and scope. To express a claim we need a language and a conceptual model. We used the Unified Modeling Language (UML) to represent claim models and the related context models of the trust case. To specify claims we introduced Claim Definition Language - CDL. The paper gives a detailed description of the above concepts and illustrates how they were applied in practice.

Review of cybersecurity assessment methods: Applicability perspective

Abstract: Cybersecurity assessments are crucial in building the assurance that vital cyberassets are effectively protected from threats. Multiple assessment methods have been proposed during the decades of the cybersecurity field. However, a systematic literature search described in this paper reveals that their reviews are practically missing. Thus, the primary objective of this research was to fulfil this gap by comprehensively identifying and analysing cybersecurity assessment methods described in the scientific literature. A structured research method and transparent criteria were applied for this purpose. As a result, thirty-two methods are presented in this paper. Particular attention is paid to the question of the methods’ applicability in realistic contexts and environments. In that regard, the challenges and limitations associated with the methods’ application as well as potential approaches to addressing them have been indicated. Besides, the paper systematises the terminology and indicates complementary studies which can be helpful during assessments. Finally, the areas that leave space for improvement and directions for further research and development are indicated. The intention is to support researchers and practitioners in choosing the method to be applied in their assessments and to indicate the areas that can be further explored.

Approach to security assessment of critical infrastructures' information systems

Abstract: This study presents an approach to the security assessment of the information systems of critical infrastructures. The approach is based on the faithful reconstruction of the evaluated information system in a computer security laboratory followed by simulations of possible threats against the system. The evidence collected during the experiments, stored and organised using a proprietary system InSAW, may later be used for the creation of trust cases which provide valuable information for the end users of the infrastructure. Another new proposal is MAlSim - mobile agent-based simulator of malicious software (viruses, worms, etc). To the best of the authors- knowledge, such a simulator has not been proposed before. The present approach was applied to the verification of the security of industrial control systems and power plants. In the study, one of the experiments related to the security study of an information system of a power plant, a simulation of zero-day worm attack, is described.

A Survey on Security for Mobile Devices

Abstract: Nowadays, mobile devices are an important part of our everyday lives since they enable us to access a large variety of ubiquitous services. In recent years, the availability of these ubiquitous and mobile services has significantly increased due to the different form of connectivity provided by mobile devices, such as GSM, GPRS, Bluetooth and Wi-Fi. In the same trend, the number and typologies of vulnerabilities exploiting these services and communication channels have increased as well. Therefore, smartphones may now represent an ideal target for malware writers. As the number of vulnerabilities and, hence, of attacks increase, there has been a corresponding rise of security solutions proposed by researchers. Due to the fact that this research field is immature and still unexplored in depth, with this paper we aim to provide a structured and comprehensive overview of the research on security solutions for mobile devices. This paper surveys the state of the art on threats, vulnerabilities and security solutions over the period 2004-2011, by focusing on high-level attacks, such those to user applications. We group existing approaches aimed at protecting mobile devices against these classes of attacks into different categories, based upon the detection principles, architectures, collected data and operating systems, especially focusing on IDS-based models and tools. With this categorization we aim to provide an easy and concise view of the underlying model adopted by each approach.

Cyber security challenges for IoT-based smart grid networks

Abstract: The energy needs of the 21st century are growing rapidly due to the population growth and considerable efforts are being made to make the electricity grid more intelligent in order to make it more responsive to the energy needs of the consumers and to provide improved efficiency and reliability of power systems. Internet of Things (IoT) has emerged as one of the enabling technologies for a smart grid network. As the IoT connected devices continue to grow at a rapid pace, one of the major challenges is security since the devices are online hence making the smart grid vulnerable to significant attacks. Since an IoT based smart grid would consist of potentially millions of nodes, it has the largest attack surface for an IoT focused cyber-attack. A cyber-attack on a smart grid would have devastating effects on reliability of widespread infrastructure given the potential cascade effects of shutting down the electricity grid since most of the devices in our homes, offices, hospitals and trains require electricity to run. Once a single device is compromised, then the whole grid becomes vulnerable to cyberattacks. Such attacks on electricity supply can grind entire cities to a halt thereby causing huge financial and economic losses. This makes security a critical factor to consider before large scale deployment of IoT based smart grid networks. In this paper we review and explore the major challenges and security issues stunting the growth of IoT-based smart grid networks.

A survey of cyber security management in industrial control systems

Abstract: Contemporary industrial control systems no longer operate in isolation, but use other networks (e.g., corporate networks and the Internet) to facilitate and improve business processes. The consequence of this development is the increased exposure to cyber threats. This paper surveys the latest methodologies and research for measuring and managing this risk. A dearth of industrial-control-system-specific security metrics has been identified as a barrier to implementing these methodologies. Consequently, an agenda for future research on industrial control system security metrics is outlined. The "functional assurance" concept is also introduced to deal with fail-safe and fail-secure industrial control system operations.

Integrating cyber attacks within fault trees

Abstract: In this paper, a new method for quantitative security risk assessment of complex systems is presented, combining fault-tree analysis, traditionally used in reliability analysis, with the recently introduced Attack-tree analysis, proposed for the study of malicious attack patterns. The combined use of fault trees and attack trees helps the analyst to effectively face the security challenges posed by the introduction of modern ICT technologies in the control systems of critical infrastructures. The proposed approach allows considering the interaction of malicious deliberate acts with random failures. Formal definitions of fault tree and attack tree are provided and a mathematical model for the calculation of system fault probabilities is presented.