Computational Methods in Applied Sciences Martti Lehto Pekka Neittaanmäki Editors Cyber Security Critical Infrastructure Protection Computational Methods in Applied Sciences Volume 56 SeriesEditor EugenioOñate,UniversitatPolitècnicadeCatalunya,Barcelona,Spain This series publishes monographs and carefully edited books inspired by the thematic conferences of ECCOMAS, the European Committee on Computational MethodsinAppliedSciences.Asaconsequence,thesevolumescoverthefieldsof MathematicalandComputationalMethodsandModellingandtheirapplicationsto major areas such as Fluid Dynamics, Structural Mechanics, Semiconductor Modelling, Electromagnetics and CAD/CAM. Multidisciplinary applications of these fields to critical societal and technological problems encountered in sectors like Aerospace, Car and Ship Industry, Electronics, Energy, Finance, Chemistry, Medicine, Biosciences, Environmental sciences are of particular interest.Theintentistoexchangeinformationandtopromotethetransferbetween the research community and industry consistent with the development and applicationsofcomputationalmethodsinscienceandtechnology. Bookproposalsarewelcomeat EugenioOñate InternationalCenterforNumericalMethodsinEngineering(CIMNE) TechnicalUniversityofCatalunya(UPC) EdificioC-1,CampusNorteUPCGranCapitán s/n08034Barcelona,Spain [email protected] www.cimne.com orcontactthepublisher,Dr.MayraCastro,[email protected] IndexedinSCOPUS,GoogleScholarandSpringerLink. Moreinformationaboutthisseriesathttps://link.springer.com/bookseries/6899 · Martti Lehto Pekka Neittaanmäki Editors Cyber Security Critical Infrastructure Protection Editors MarttiLehto PekkaNeittaanmäki FacultyofInformationTechnology FacultyofInformationTechnology UniversityofJyväskylä UniversityofJyväskylä Jyväskylä,Finland Jyväskylä,Finland ISSN1871-3033 ISSN2543-0203 (electronic) ComputationalMethodsinAppliedSciences ISBN978-3-030-91292-5 ISBN978-3-030-91293-2 (eBook) https://doi.org/10.1007/978-3-030-91293-2 ©TheEditor(s)(ifapplicable)andTheAuthor(s),underexclusivelicensetoSpringerNature SwitzerlandAG2022 Thisworkissubjecttocopyright.AllrightsaresolelyandexclusivelylicensedbythePublisher,whether thewholeorpartofthematerialisconcerned,specificallytherightsoftranslation,reprinting,reuse ofillustrations,recitation,broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,and transmissionorinformationstorageandretrieval,electronicadaptation,computersoftware,orbysimilar ordissimilarmethodologynowknownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbook arebelievedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsor theeditorsgiveawarranty,expressedorimplied,withrespecttothematerialcontainedhereinorforany errorsoromissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictional claimsinpublishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Foreword As much of the worldwide economy has moved into cyberspace, protecting and assuring information flows over these networks have become a priority. Most networkstodayrelyonthesuccessivediscoveryofvulnerabilitiesanddeploymentof patchestomaintainsecurity.Evenafterpatching,newvulnerabilitiesareoftenintro- ducedinsuccessivereleasesandmayevenbeintroducedbythepatchesthemselves. Theproposeddefensivecyberportfolioislargelyfocusedonchangingthisparadigm throughavarietyofmethodssuchasheterogeneity,formalmethodsproofs,secure code generation, and automation. Exploration of offensive methods is essential to expandandinformdefensivework. Manysourcesemergeasasignificantcyberthreatoneveryaspectofindividuals andstates.Thesizeandsophisticationofthenation’shackingcapabilitieshavegrown markedly over the last few years, and they have already penetrated well-defended networks while seized and destroyed sensitive data. We must anticipate that the cyberthreat may well begin to grow much more rapidly. The first requirement of developing a sound response is understanding the nature of the problem, which is theaimofthisvolume. Thestandardapproachforsecuring(critical)infrastructureoverthepast50years, classifiedas“wallsandgates,”hasfailed.Thereisnolongeranyreasontobelievethat asystemofbarriersbetweentrustedanduntrustedcomponentswithpolicy-mediated pass-throughswillbecomemoresuccessfulasthefutureunfolds.Withinthesecu- ritycontext,widelyusedtraditionalrule-baseddetectionmethodologies,including firewalls, signatures/patterns that govern IDS/IPS, and antivirus are irrelevant for the detection of new and sophisticated malware. Malware is masked as legitimate streams and penetrates every state-of-the-art commercial barrier on the market. In v vi Foreword thecurrenteraofdatadeluge,protectionagainstcyber-attacks/penetrationsbecomes morecriticalandrequiressophisticatedapproaches. July2021 Prof.AmirAverbuch SchoolofComputerScience TelAvivUniversity TelAviv,Israel Preface Inthecyberworld,themostimportantthreatfocusesoncriticalinfrastructure(CI). CIencompassesthestructuresandfunctionsthatarevitaltosociety’suninterrupted functioning.Itiscomprisedofphysicalfacilitiesandstructuresaswellaselectronic functionsandservices. The modern and efficient countermeasures against cyber-attacks need multidis- ciplinaryscientificcomputingmethodswhenwefocusonthebehaviorofanactor fromtactic,technique,andprocedure(TTP)perspectives.Atacticisthebroadest- leveldescriptionofthisbehavior,whiletechniquesgiveamoredetaileddescription ofbehaviorinthecontextofatactic,andproceduresarethenarrowest-level,highly detaileddescriptioninthecontextofatechnique.Computationalscienceisagreat tooltosolvecybersecuritychallenges. Inthiseditedvolume,wehavechosencontributorsthatwillsharetheirperspec- tives on cyber security in critical infrastructure from a broad perspective. This volumeisfocusedoncriticalinfrastructureprotection.Itiscomprisedofthelatest researchthatresearchersandscientistsfromdifferentcountrieshavediscovered.The selectedchaptersreflecttheessentialcontributionsoftheseresearchersandscientists who conducted a detailed analysis of the issues and challenges in cyberspace and provided novel solutions in various aspects. These research results will stimulate furtherresearchandstudiesinthecybersecuritycommunity. Thecontentofthisvolumeisorganizedintothreeparts.PartIisfocusedonthe digital society. It addresses critical infrastructure and different forms of digitaliza- tion,suchasstrategicfocusoncybersecurity,legalaspectsoncybersecurity,citi- zensindigitalsociety,andcybersecuritytraining.PartIIisfocusedonthecritical infrastructure protection in different areas of the critical infrastructure. It investi- gatesthepossibilityofusingnewtechnologiestoimprovecurrentcybercapability, aswellasnewchallengesbroughtaboutbynewtechnologies.PartIIIisfocusedon computationalmethodsandapplicationsincyberenvironment. Thepurposeofthisbookistobringtogetheracademicresearchersfromdifferent countries.Thisbookisaddressedtoresearchers,technologyexperts,anddecision- makersinthefieldsofcriticalinfrastructureprotection,rangingfromcriticalinfras- tructure environment and analysis to some areas like health care, electric power vii viii Preface system,maritime,aviation,andbuiltenvironment.Thisbookalsocontainsastrong societalviewsuchasinformationinfluenceandethicalconcerns.Thisbookpresents cybersecuritysolutionsfromatechnologyandcomputationalmethodsperspective. Thisbookisbasedoninvitedarticlescollectedfromseveralresearchprogramsand paperspresentedindifferentcybersecurityandcyberwarfareconferences. TheeditorswouldliketothankResearchAssistantMarja-LeenaRantalainenfor helping in the technical editing of the book. We would also express our gratitude to Ms. Mythili Settu, and Ms. Mayra Castro from Springer Nature for the project coordination and Prof. Eugenio Oñate, CIMNE Director and Editor of the series ComputationalMethodsinAppliedSciencesfortheirfairpatienceinreceivingthe materialofthisvolume. Jyväskylä,Finland MarttiLehto July2021 PekkaNeittaanmäki Contents PartI DigitalSociety 1 Cyber-AttacksAgainstCriticalInfrastructure ................... 3 MarttiLehto 1.1 Introduction ............................................ 3 1.2 CyberSecurityThreatsAgainstCriticalInfrastructure ........ 6 1.3 Cyber-AttacksAgainstCriticalInfrastructure ................ 13 1.4 CriticalInfrastructureProtection .......................... 34 1.5 Conclusion ............................................. 35 References .................................................... 36 2 KeyElementsofOn-LineCyberSecurityExerciseandSurvey ofLearningDuringtheOn-LineCyberSecurityExercise ......... 43 MikaKarjalainen,TeroKokkonen,andNikoTaari 2.1 Introduction ............................................ 43 2.2 PedagogicalFrameworkforLearninginOn-LineCyber SecurityExercises ....................................... 45 2.3 MethodsandData ....................................... 46 2.4 Results ................................................ 50 2.5 Conclusion ............................................. 54 References .................................................... 55 3 CyberLawandRegulation ..................................... 59 VirginiaA.Greiman 3.1 Introduction ............................................ 59 3.2 GovernanceoftheInternetandCyberspace ................. 60 3.3 CyberOperations ....................................... 65 3.4 ComputerCrimeLaw .................................... 67 3.5 RegulationsinCyberSpace ............................... 69 3.6 Summary .............................................. 75 References .................................................... 76 ix