Security Operations Center: A Framework for Automated Triage, Containment and Escalation

There have been a lot of research exertions and studies to improve the safety of critical infrastructures using the Security Operations Center (SOC). As part of efforts, the purpose of this research is to propose a framework to automate the SOC’s performance of triage, containment and escalation. The research leveraged on qualitative desk review to collect data for analysis, deduced strengths and weaknesses for the current SOC implementations and used that as a basis for proposing the framework. In view of the constant evolution of SOC operations and capabilities coupled with the huge volumes of data collected for analysis, an efficient framework for SOC operations is proposed. The qualitative analysis is used to deduce strengths and weaknesses for the current SOC implementations as a premise for proposing the framework. It consists of eight interactive stages that further leverage on a proposed algorithm for baselining, remediation and escalation. The result of this research is a proposed framework that serves as a unique contribution to enhancing the SOC’s ability to automatically perform triage, containment and escalation. Supplementary to similar and earlier work reviewed, the framework is proposed as the way forward to automatically enable SOC setups with the capacity to efficiently perform triage of security threats, vulnerabilities and incidents, effectively contain identified breaches and appropriately escalate for prompt and accurate solutions.

Hybrid Physics and Data-driven Contingency Filtering for Security Operation of Micro Energy-water Nexus

This paper investigates a novel engineering problem,i.e.,security-constrained multi-period operation of micro energywater nexuses.This problem is computationally challenging because of its high nonlinearity,nonconvexity,and large dimension.We propose a two-stage iterative algorithm employing a hybrid physics and data-driven contingency filtering(CF)method and convexification to solve it.The convexified master problem is solved in the first stage by considering the base case operation and binding contingencies set(BCS).The second stage updates BCS using physics-based data-driven methods,which include dynamic and filtered data sets.This method is faster than existing CF methods because it relies on offline optimization problems and contains a limited number of online optimization problems.We validate effectiveness of the proposed method using two different case studies:the IEEE 13-bus power system with the EPANET 8-node water system and the IEEE 33-bus power system with the Otsfeld 13-node water system.

Voltage Security Operation Region Calculation Based on Improved Particle Swarm Optimization and Recursive Least Square Hybrid Algorithm

Large-scale voltage collapse incidences, which result in power outages over large regions and extensive economic losses, are presently common occurrences worldwide. To avoid voltage collapse and operate more safely and reliably, it is necessary to analyze the voltage security operation region(VSOR) of power systems, which has become a topic of increasing interest lately. In this paper, a novel improved particle swarm optimization and recursive least square(IPSO-RLS) hybrid algorithm is proposed to determine the VSOR of a power system. Also, stability analysis on the proposed algorithm is carried out by analyzing the errors and convergence accuracy of the obtained results. Firstly, the voltage stability and VSOR-surface of a power system are analyzed in this paper. Secondly, the two algorithms,namely IPSO and RLS algorithms, are studied individually.Based on this understanding, a novel IPSO-RLS hybrid algorithm is proposed to optimize the active and reactive power,and the voltage allowed to identify the VSOR-surface accurately. Finally, the proposed algorithm is validated by using a simulation case study on three wind farm regions of actual Hami Power Grid of China in DIg SILENT/Power Factory software.The error and accuracy of the obtained simulation results are analyzed and compared with those of the particle swarm optimization(PSO), IPSO and IPSO-RLS hybrid algorithms.

Robustness Assessment of Wind Power Generation Considering Rigorous Security Constraints for Power System: A Hybrid RLO-IGDT Approach

Fossil fuel depletion and environmental pollution problems promote development of renewable energy(RE)glob-ally.With increasing penetration of RE,operation security and economy of power systems(PS)are greatly impacted by fluctuation and intermittence of renewable power.In this paper,information gap decision theory(IGDT)is adapted to handle uncertainty of wind power generation.Based on conventional IGDT method,linear regulation strategy(LRS)and robust linear optimization(RLO)method are integrated to reformulate the model for rigorously considering security constraints.Then a robustness assessment method based on hybrid RLO-IGDT approach is proposed for analyzing robustness and economic performance of PS.Moreover,a risk-averse linearization method is adapted to convert the proposed assessment model into a mixed integer linear programming(MILP)problem for convenient optimization without robustness loss.Finally,results of case studies validate superiority of proposed method in guaranteeing operation security rigorously and effectiveness in assessment of RSR for PS without overestimation.Index Terms-Hybrid RLO-IGDT approach,information gap decision theory(IGDT),operation security,robustness assessment,robustness security region(RSR).

Smart Meter Deployment Threat and Vulnerability Analysis and Response

Advanced intelligent or ＂smart＂ meters are being deployed in Asia. A result of deployment of smart meters, with associated equipment, is the electric power industry faced with new and changing threats, vulnerabilities and re-evaluate traditional approaches to cyber security. Protection against emerging cyber-security threats targeting smart meter infrastructures will increase risk to both the utility and customer if not addressed within initial rollouts. This paper will discuss the issues in SMI （smart meter infrastructures） deployments that pertain to cyber security. It will cover topics such as the threats to operations, infrastructure, network and people and organization and their associated risks. SMI deployments include not only the smart meter, but also the interfaces for home energy management systems as well as communication interfaces back to the utility. Utilities must recognize and anticipate the new threat landscape that can attack and compromise the meter and the associated field network collectors. They must also include threats to the WAN （wide-area-network） backhaul networks, smart meter headends, MDMS （meter data management systems） and their interfaces to CIS （customer information systems） and billing and OMS （outage management systems）. Lessons learned from SMI implementations from North America, Europe and recently, Japan, will be discussed. How white-box and black-box testing techniques are applied to determine the threat impact to the SMI. Finally, organizational change risk will be discussed and how utilities have responded to re-organizing and developing a security governance structure for the SMI and other smart grid applications.

Does Security of Land Operational Rights Matter for the Improvement of Agricultural Production Efficiency under the Collective Ownership in China?

Under the"separation of three rights"policy,the impact of security of land operationalrights on agricultural production efficiency has attracted much attention in recentyears.Data envelopment analysis and mediation effect analysis were applied to 888family farms run by new-type agricultural operators from Songjiang to identify themechanism of the effect of land operational rights security on agricultural productionefficiency through long-term investment.The results show that greater security of landoperational rights generally increased agricultural production efficiency.Approximately37.94 percent of the impact could be explained by long-term investment.The resultsalso indicate that significant heterogeneity exists in the effect of land operational rightssecurity on agricultural production efficiency at various levels of the family farms'efficiency distributions.lt is suggested that government should legalize land operationalrights and give them a status equal to those of households'contractual rights and landownership rights in China's future land tenure reform.

Real-time security margin control using deep reinforcement leamning

This paper develops a real-time control method based on deep reinforcement learning aimed to determine the optimal control actions to maintain a sufficient secure operating limit.The secure operating limit refers to the limit to the most stressed pre-contingency operating point of an electric power system that can withstand a set of credible contingencies without violating stability criteria.The developed deep reinforcement learning method uses a hybrid control scheme that is capable of simultaneously adjusting both discrete and continuous action variables.The performance is evaluated on a modified version of the Nordic32 test system.The results show that the developed deep reinforcement learning method quickly learns an effective control policy to ensure a sufficient secure operating limit for a range of different system scenarios.The performance is also compared to a control based on a rule-based look-up table and a deep reinforcement learning control adapted for discrete action spaces.The hybrid deep reinforcement learning control managed to achieve significantly better on all of the defined test sets,indicating that the possibility of adjusting both discrete and continuous action variables resulted in a more flexible and efficient control policy.

Distributed Robust Optimal Dispatch of Regional Integrated Energy Systems Based on ADMM Algorithm with Adaptive Step Size

This paper proposes a distributed robust optimal dispatch model to enhance information security and interaction among the operators in the regional integrated energy system(RIES).Our model regards the distribution network and each energy hub(EH)as independent operators and employs robust optimization to improve operational security caused by wind and photovoltaic(PV)power output uncertainties,with only deterministic information exchanged across boundaries.This paper also adopts the alternating direction method of multipliers(ADMM)algorithm to facilitate secure information interaction among multiple RIES operators,maximizing the benefit for each subject.Furthermore,the traditional ADMM algorithm with fixed step size is modified to be adaptive,addressing issues of redundant interactions caused by suboptimal initial step size settings.A case study validates the effectiveness of the proposed model,demonstrating the superiority of the ADMM algorithm with adaptive step size and the economic benefits of the distributed robust optimal dispatch model over the distributed stochastic optimal dispatch model.

A buffer overflow detection and defense method based on RiSC-V instruction set extension

Buffer overflow poses a serious threat to the memory security of modern operating systems.It overwrites the con-tents of other memory areas by breaking through the buffer capacity limit,destroys the system execution environ-ment,and provides implementation space for various system attacks such as program control flow hijacking.That makes it a wide range of harms.A variety of security technologies have been proposed to deal with system security problems including buffer overflow.For example,No eXecute(NX for short)is a memory management technology commonly used in Harvard architecture.It can refuse the execution of code which residing in a specific memory,and can effectively suppress the abnormal impact of buffer overflow on control flow.Therefore,in recent years,it has also been used in the field of system security,deriving a series of solutions based on NX technology,such as ExecShield,DEP,StackGuard,etc.However,these security solutions often rely too much on the processor archi-tecture so that the protection coverage is insufficient and the accuracy is limited.Especially in the emerging system architecture field represented by RiSC-V,there is still a lack of effective solutions for buffer overflow vulnerabilities.With the continuous rapid development of the system architecture,it is urgent to develop defense methods that are applicable to different system application environments and oriented to all executable memory spaces to meet the needs of system security development.Therefore,we propose BOP,A new system memory security design method based on RISC-V extended instructions,to build a RISC-V buffer overflow detection and defense system and deal with the buffer overflow threat in RIsC-V.According to this method,NX technology can be combined with program control flow analysis,and Nx bit mechanism can be used to manage the executability of memory space,so as to achieve a more granular detection and defense of buffer overflow attacks that may occur in RISC-V system environment.In addition,The memory management and control function of BOP is not only very suitable for solving the security problems in the existing single architecture system,but also widely applicable to the combina-tion of multiple heterogeneous systems.

Design of secure operating systems with high security levels

Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level （hereafter simply referred to as ANSHENG OS）, this paper addresses the following key issues in the design of secure operating systems with high security levels： security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models： confidentiality, integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated. Cover channel analysis （CCA） is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.

A potential application in quantum networks-Deterministic quantum operation sharing schemes with Bell states

In this paper, we propose certain different design ideas on a novel topic in quantum cryptography — quantum operation sharing(QOS). Following these unique ideas, three QOS schemes, the "HIEC"(The scheme whose messages are hidden in the entanglement correlation), "HIAO"(The scheme whose messages are hidden with the assistant operations) and "HIMB"(The scheme whose messages are hidden in the selected measurement basis), have been presented to share the single-qubit operations determinately on target states in a remote node. These schemes only require Bell states as quantum resources. Therefore, they can be directly applied in quantum networks, since Bell states are considered the basic quantum channels in quantum networks. Furthermore, after analyse on the security and resource consumptions, the task of QOS can be achieved securely and effectively in these schemes.