Protecting Critical Infrastructure for Disasters: NLP-Based Automated Information Retrieval to Generate Hypothetical Cyberattack Scenarios
Publication: Journal of Infrastructure Systems
Volume 30, Issue 3
Abstract
Cyberattacks disrupt systems, leaving critical infrastructure vulnerable to adversaries, especially during natural disasters. Furthermore, when both a cyberattack and a natural disaster occur concurrently, there are limited tools to ensure further damage beyond the physical is not experienced in crucial societal systems, such as emergency services, which need to operate during any type of hazard. Two prominent knowledge bases for adversary attacks in the cybersecurity community are the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Enterprise Matrix and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Existing processes to derive possible attack methodologies in general from such sources are largely manual and time-consuming. It is essential to automate the information retrieval process to improve efficiency and free up resources for identifying potential cyberattacks. It is also important to identify preventive measures with both human-made and natural hazards in mind. We propose an approach that incorporates Natural Language Processing (NLP) to automatically generate sets of attack paths from the technique descriptions in the Matrix, with both cyber-based and emergency management–based contexts, then map these techniques to the Framework to identify potential relationships between techniques and outlined protective actions. The approach generates outputs showing potential pathways an adversary can take to infiltrate a system, and its respective defense action based on similarity measures. The similarities between techniques and the Framework are evaluated with p-values to determine relevancy of pairings. The results of this study provide an approach to more quickly and effectively assess potential cyberattacks toward protecting critical infrastructure that can be utilized in broader vulnerability analyses, considering contextual data to represent both cyber and natural disaster events.
Get full access to this article
View all available purchase options and get full access to this article.
Data Availability Statement
Some data, models, or code that support the findings of this study are available from the corresponding author upon reasonable request. The data, models, and code used to create the hypothetical scenarios and pairings can be made available.
Acknowledgments
The preliminary works of this study was conducted in collaboration with Mike Nygaard, Deputy Associate Program Leader, Cyber Modeling & Simulation at Lawrence Livermore National Laboratory during an internship the first author had. This material is based upon work supported by the National Science Foundation under Grant No. 1837021. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation or the Lawrence Livermore National Laboratory.
References
Ahmad, R., I. Alsmadi, W. Alhamdani, and L. A. Tawalbeh. 2023. “Zero-day attack detection: A systematic literature review.” Artif. Intell. Rev. 56 (10): 10733–10811. https://doi.org/10.1007/s10462-023-10437-z.
Almuhammadi, S., and M. Alsaleh. 2017. “Information security maturity model for NIST cyber security framework.” Comput. Sci. Inf. Technol. 7 (3): 51–62.
Arboleda, C. A., D. M. Abraham, J.-P. P. Richard, and R. Lubitz. 2009. “Vulnerability assessment of health care facilities during disaster events.” J. Infrastruct. Syst. 15 (3): 149–161. https://doi.org/10.1061/(ASCE)1076-0342(2009)15:3(149).
Argaw, S. T., et al. 2020. “Cybersecurity of hospitals: Discussing the challenges and working towards mitigating the risks.” BMC Med. Inform. Decis. Making 20 (Dec): 1–10. https://doi.org/10.1186/s12911-020-01161-7.
Baycik, N. O., and T. C. Sharkey. 2019. “Interdiction-based approaches to identify damage in disrupted critical infrastructures with dependencies.” J. Infrastruct. Syst. 25 (2): 04019013. https://doi.org/10.1061/(ASCE)IS.1943-555X.0000487.
Belalcázar, A., M. Ron, J. Díaz, and L. Molinari. 2017. “Towards a strategic resilience of applications through the NIST cybersecurity framework and the strategic alignment model (SAM).” In Proc., 2017 Int. Conf. on Information Systems and Computer Science (INCISCOS), 181–187. New York: IEEE.
Bergal, J. 2021. “Natural disasters can set the stage for cyberattacks.” Accessed March 2, 2023. https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2021/10/25/natural-disasters-can-set-the-stage-for-cyberattacks.
Bolton, F. 2013. “Cybersecurity and emergency management: Encryption and the inability to communicate.” J. Homeland Security Emerg. Manage. 10 (1): 379–385. https://doi.org/10.1515/jhsem-2012-0038.
Chowdhury, S., and J. Zhu. 2023. “Investigation of critical factors for future-proofed transportation infrastructure planning using topic modeling and association rule mining.” J. Comput. Civ. Eng. 37 (1): 04022044. https://doi.org/10.1061/(ASCE)CP.1943-5487.0001059.
CISA (Cybersecurity & Infrastructure Security Agency). 2021. “Cyber-attack against Ukrainian critical infrastructure.” Accessed March 3, 2023. https://www.cisa.gov/news-events/ics-alerts/ir-alert-h-16-056-01.
CISA (Cybersecurity & Infrastructure Security Agency). 2023. “Critical infrastructure sectors.” Cybersecurity & Infrastructure Security Agency. Accessed July 12, 2023. https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors.
Datta, P., N. Lodinger, A. S. Namin, and K. S. Jones. 2020. “Cyber-attack consequence prediction.” Preprint, submitted December 1, 2020. http://arxiv.org/abs/2012.00648.
Dogru, H. B., S. Tilki, A. Jamil, and A. A. Hameed. 2021. “Deep learning-based classification of news texts using doc2vec model.” In Proc., 2021 1st Int. Conf. on Artificial Intelligence and Data Analytics (CAIDA), 91–96. New York: IEEE.
Ezell, B. C., J. V. Farr, and I. Wiese. 2000. “Infrastructure risk analysis model.” J. Infrastruct. Syst. 6 (3): 114–117. https://doi.org/10.1061/(ASCE)1076-0342(2000)6:3(114).
FEMA. 2009. “Cyber security guidance.” FEMA. Accessed July 13, 2023. https://www.fema.gov/pdf/government/grant/hsgp/fy09_hsgp_cyber.pdf.
FEMA. 2019. “Building a culture of cyber preparedness.” FEMA. Accessed July 13, 2023. https://www.fema.gov/blog/building-culture-cyber-preparedness.
FEMA. 2020. “10 tips to know: #BeCyberSmart to be cyber secure.” FEMA. Accessed July 13, 2023. https://www.fema.gov/press-release/20230503/10-tips-know-becybersmart-be-cyber-secure.
FEMA. 2022. “Fiscal year 2022 state and local cybersecurity grant program fact sheet.” FEMA. Accessed July 13, 2023. https://www.fema.gov/fact-sheet/fiscal-year-2022-state-and-local-cybersecurity-grant-program-fact-sheet.
FEMA. 2023. “Be prepared for a cyberattack.” FEMA | Preparedness Community. Accessed July 13, 2023. https://community.fema.gov/ProtectiveActions/s/article/Cyberattack.
Gensim. 2022. “models.doc2vec–Doc2vec paragraph embeddings.” Gensim topic modelling for humans. Accessed July 13, 2023. https://radimrehurek.com/gensim/models/doc2vec.html.
Georgescu, T. M. 2019. “Machine learning based system for semantic indexing documents related to cybersecurity.” Econ. Inf. 19 (1): 5–13. https://doi.org/10.12948/ei2019.01.01.
Gilbert, P. H., J. Isenberg, G. B. Baecher, L. T. Papay, L. G. Spielvogel, J. B. Woodard, and E. V. Badolato. 2003. “Infrastructure issues for cities–Countering terrorist threat.” J. Infrastruct. Syst. 9 (1): 44–54. https://doi.org/10.1061/(ASCE)1076-0342(2003)9:1(44).
Grigg, N. S. 2003. “Water utility security: Multiple hazards and multiple barriers.” J. Infrastruct. Syst. 9 (2): 81–88. https://doi.org/10.1061/(ASCE)1076-0342(2003)9:2(81).
Hamilton, M. C., J. H. Lambert, J. M. Keisler, F. H. Holcomb, and I. Linkov. 2013. “Research and development priorities for energy islanding of military and industrial installations.” J. Infrastruct. Syst. 19 (3): 297–305. https://doi.org/10.1061/(ASCE)IS.1943-555X.0000133.
Han, C. H., S. T. Park, and S. J. Lee. 2019. “The enhanced security control model for critical infrastructures with the blocking prioritization process to cyber threats in power system.” Int. J. Crit. Infrastruct. Prot. 24 (Mar): 1–13. https://doi.org/10.1016/j.ijcip.2018.10.009.
Haque, M. A., S. Shetty, C. A. Kamhoua, and K. Gold. 2023. “Adversarial technique validation & defense selection using attack graph & ATT&CK Matrix.” In Proc., 2023 Int. Conf. on Computing, Networking and Communications (ICNC), 181–187. New York: IEEE.
Hosseini Nourzad, S. H., and A. Pradhan. 2016. “Vulnerability of infrastructure systems: Macroscopic analysis of critical disruptions on road networks.” J. Infrastruct. Syst. 22 (1): 04015014. https://doi.org/10.1061/(ASCE)IS.1943-555X.0000266.
Husari, G., E. Al-Shaer, B. Chu, and R. F. Rahman. 2019. “Learning APT chains from cyber threat intelligence.” In Proc., 6th Annual Symp. on Hot Topics in the Science of Security, 1–2. New York: Association for Computing Machinery.
Jallan, Y., and B. Ashuri. 2020. “Text mining of the securities and exchange commission financial filings of publicly traded construction firms using deep learning to identify and assess risk.” J. Constr. Eng. Manage. 146 (12): 04020137. https://doi.org/10.1061/(ASCE)CO.1943-7862.0001932.
Janczewski, L., and A. Colarik, eds. 2007. Cyber warfare and cyber terrorism. Hershey, PA: IGI Global.
Jennex, M. E. 2007. “Modeling emergency response systems.” In Proc., 2007 40th Annual Hawaii Int. Conf. on System Sciences (HICSS’07), 1–8. New York: IEEE.
Ji, Z., N. Lee, R. Frieske, T. Yu, D. Su, Y. Xu, E. Ishii, Y. J. Bang, A. Madotto, and P. Fung. 2023. “Survey of hallucination in natural language generation.” ACM Comput. Surv. 55 (12): 1–38. https://doi.org/10.1145/3571730.
Johansen, C., and I. Tien. 2018. “Probabilistic multi-scale modeling of interdependencies between critical infrastructure systems for resilience.” Sustainable Resilient Infrastruct. 3 (1): 1–15. https://doi.org/10.1080/23789689.2017.1345253.
Jones, C. L., R. A. Bridges, K. M. Huffer, and J. R. Goodall. 2015. “Towards a relation extraction framework for cyber-security concepts.” In Proc., 10th Annual Cyber and Inf. Security Research Conf., 1–4. New York: Association for Computing Machinery.
Kuhl, M. E., M. Sudit, J. Kistner, and K. Costantini. 2007. “Cyber attack modeling and simulation for network security analysis.” In Proc., 2007 Winter Simulation Conf., 180–1188. New York: IEEE.
Kuppa, A., L. Aouad, and N. A. Le-Khac. 2021. “Linking cve’s to mitre att&ck techniques.” In Proc., 16th Int. Conf. on Availability, Reliability and Security, 1–12. New York: Association for Computing Machinery.
Kwon, R., T. D. Ashley, J. E. Castleberry, P. L. McKenzie, and S. N. G. Gourisetti. 2020. “Cyber threat dictionary using mitre attack matrix and nist cybersecurity framework mapping.” In Proc., IEEE Resilience Week (RWS 2020) Conf. New York: IEEE.
Lau, J. H., and T. Baldwin. 2016. “An empirical evaluation of doc2vec with practical insights into document embedding generation.” Preprint, submitted July 19, 2016. http://arxiv.org/abs/1607.05368.
Lee, R. M., M. J. Assante, and T. Conway. 2016. “Analysis of the cyber attack on the Ukrainian power grid.” Electr. Inf. Sharing Anal. Center 388 (1–29): 1–29.
Li, J., Q. Li, C. Liu, S. U. Khan, and N. Ghani. 2014. “Community-based collaborative information system for emergency management.” Comput. Oper. Res. 42 (Mar): 116–124. https://doi.org/10.1016/j.cor.2012.03.018.
Loukas, G., D. Gan, and T. Vuong. 2013. “A review of cyber threats and defence approaches in emergency management.” Future Internet 5 (2): 205–236. https://doi.org/10.3390/fi5020205.
NIST. 2023. “Quick start guide.” Accessed May 1, 2023. https://www.nist.gov/cyberframework/getting-started/quick-start-guide.
Office of the Press Secretary. 2013. “Executive order–Improving critical infrastructure cybersecurity.” Accessed April 30, 2023. https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity.
Pelofske, E., L. M. Liebrock, and V. Urias. 2023. “Cybersecurity Threat hunting and vulnerability analysis using a Neo4j graph database of open source intelligence.” Preprint, submitted January 27, 2023. http://arxiv.org/abs/2301.12013.
Phandi, P., A. Silva, and W. Lu. 2018. “SemEval-2018 task 8: Semantic extraction from CybersecUrity REports using natural language processing (SecureNLP).” In Proc., 12th Int. Workshop on Semantic Evaluation, 697–706. Kerrville, TX: Association for Computational Linguistics.
Pikus, I. M. 2003. “Critical infrastructure protection: Are we there yet?” J. Infrastruct. Syst. 9 (1): 1–5. https://doi.org/10.1061/(ASCE)1076-0342(2003)9:1(1).
Ponemon, I. 2016. Sixth annual benchmark study on privacy & security of healthcare data. Traverse City, MI: Ponemon Institute.
Purba, M. D., B. Chu, and E. Al-Shaer. 2020. “From word embedding to cyber-phrase embedding: Comparison of processing cybersecurity texts.” In Proc., 2020 IEEE Int. Conf. on Intelligence and Security Informatics (ISI), 1–6. New York: IEEE.
Python Package Index. 2023. “Beautifulsoup4 4.12.2.” PyPI. Accessed July 11, 2023. https://pypi.org/project/beautifulsoup4/.
Ranade, P., A. Piplai, A. Joshi, and T. Finin. 2021. “CyBERT: Contextualized embeddings for the cybersecurity domain.” In Proc., 2021 IEEE Int. Conf. on Big Data (Big Data), 3334–3342. New York: IEEE.
Ristanti, P. Y., A. P. Wibawa, and U. Pujianto. 2019. “Cosine similarity for title and abstract of economic journal classification.” In Proc., 2019 5th Int. Conf. on Science in Information Technology (ICSITech), 123–127. New York: IEEE.
Saeed, T. U., Y. Qiao, S. Chen, K. Gkritza, and S. Labi. 2017. “Methodology for probabilistic modeling of highway bridge infrastructure condition: Accounting for improvement effectiveness and incorporating random effects.” J. Infrastruct. Syst. 23 (4): 04017030. https://doi.org/10.1061/(ASCE)IS.1943-555X.0000389.
Salley, C., N. Mohammadi, and J. E. Taylor. 2021. “Semi-supervised machine learning framework for fusing georeferenced data from social media and community-driven applications.” In Proc., Computing in Civil Engineering 2021, 114–122. Reston, VA: ASCE.
scikit learn. 2023. “6.8. Pairwise metrics, affinities and kernels.” Scikit. Accessed July 11, 2023. https://scikit-learn.org/stable/modules/metrics.html#cosine-similarity.
Seba, A., N. Nouali-Taboudjemat, N. Badache, and H. Seba. 2019. “A review on security challenges of wireless communications in disaster emergency response and crisis management situations.” J. Netw. Comput. Appl. 126 (Mar): 150–161. https://doi.org/10.1016/j.jnca.2018.11.010.
Sejr, J. H., A. Zimek, and P. Schneider-Kamp. 2020. “Explainable detection of zero day web attacks.” In Proc., 2020 3rd Int. Conf. on Data Intelligence and Security (ICDIS), 71–78. New York: IEEE.
Strom, B. E., A. Applebaum, D. P. Miller, K. C. Nickels, A. G. Pennington, and C. B. Thomas. 2018. MITRE ATT&CK: Design and philosophy. Bedford, MA: The MITRE.
Sun, J., S. Wang, J. Zhang, and Q. Dong. 2023. “Attack–Defense game in interdependent networks: A functional perspective.” J. Infrastruct. Syst. 29 (3): 04023020. https://doi.org/10.1061/JITSE4.ISENG-2259.
Sutedi, A., E. Gunadhi, D. Heryanti, and R. Setiawan. 2021. “Data privacy in disaster situation: A review.” In Proc., 2021 Int. Conf. on ICT for Smart Society (ICISS), 1–4. New York: IEEE.
Syafrizal, M., S. R. Selamat, and N. A. Zakaria. 2020. “Analysis of cybersecurity standard and framework components.” Int. J. Commun. Networks Inf. Secur. 12 (3): 417–432. https://doi.org/10.17762/ijcnis.v12i3.4817.
Talib, R., M. K. Hanif, S. Ayesha, and F. Fatima. 2016. “Text mining: Techniques, applications and issues.” Int. J. Adv. Comput. Sci. Appl. 7 (11): 414–418. https://doi.org/10.14569/IJACSA.2016.071153.
Teodoro, N., L. Gonçalves, and C. Serrão. 2015. “NIST cybersecurity framework compliance: A generic model for dynamic assessment and predictive requirements.” In Proc., 2015 IEEE Trustcom/BigDataSE/ISPA, 418–425. New York: IEEE.
The MITRE. 2023. “Enterprise matrix.” MITRE | ATT&CK®. Accessed July 13, 2023. https://attack.mitre.org/matrices/enterprise/.
The SciPy Community. 2023. “scipy.stats.pearsonr.” scipy.stats.pearsonr-SciPy v1.11.1 Manual. Accessed July 12, 2023. https://docs.scipy.org/doc/scipy/reference/generated/scipy.stats.pearsonr.html.
Tien, I., and A. Der Kiureghian. 2017. “Reliability assessment of critical infrastructure using Bayesian networks.” J. Infrastruct. Syst. 23 (4): 04017025. https://doi.org/10.1061/(ASCE)IS.1943-555X.0000384.
Trong, H. M. D., D. T. Le, A. P. B. Veyseh, Nguyễn, T., and T. H. Nguyen. 2020. “Introducing a new dataset for event detection in cybersecurity texts.” In Proc., 2020 Conf. on Empirical Methods in Natural Language Processing (EMNLP), 5381–5390. Kerrville, TX: Association for Computational Linguistics.
Udroiu, A. M., M. Dumitrache, and I. Sandu. 2022. “Improving the cybersecurity of medical systems by applying the NIST framework.” In Proc., 2022 14th Int. Conf. on Electronics, Computers and Artificial Intelligence (ECAI), 1–7. New York: IEEE.
Ukwen, D. O., and M. Karabatak. 2021. “Review of NLP-based systems in digital forensics and cybersecurity.” In Proc., 2021 9th Int. Symp. on Digital Forensics and Security (ISDFS), 1–9. New York: IEEE.
Van Dongen, S., and A. J. Enright. 2012. “Metric distances derived from cosine similarity and Pearson and Spearman correlations.” Preprint, submitted August 14, 2012. http://arxiv.org/abs/1208.3145.
Walker, J. 2012. “Cyber security concerns for emergency management.” In Proc., Emergency Management, edited by B. Eksioglu, 39–59. Rijeka, Croatia: InTech.
Walker, J., B. J. Williams, and G. W. Skelton. 2010. “Cyber security for emergency management.” In Proc., 2010 IEEE Int. Conf. on Technologies for Homeland Security (HST), 476–480. New York: IEEE.
Xiong, W., E. Legrand, O. Åberg, and R. R. Lagerström. 2022. “Cyber security threat modeling based on the MITRE Enterprise ATT& CK Matrix.” Software Syst. Model. 21 (1): 157–177. https://doi.org/10.1007/s10270-021-00898-7.
Zhai, J., Y. Lou, and J. Gehrke. 2011. “ATLAS: A probabilistic algorithm for high dimensional similarity search.” In Proc., of the 2011 ACM SIGMOD Int. Conf. on Management of Data, 997–1008. New York: Association for Computing Machinery.
Information & Authors
Information
Published In
Journal of Infrastructure Systems
Volume 30 • Issue 3 • September 2024
Copyright
© 2024 American Society of Civil Engineers.
History
Received: Aug 8, 2023
Accepted: Feb 7, 2024
Published online: May 24, 2024
Published in print: Sep 1, 2024
Discussion open until: Oct 24, 2024
ASCE Technical Topics:
- Automatic identification systems
- Computer networks
- Computing in civil engineering
- Cyber security
- Detection methods
- Disaster preparedness
- Disaster risk management
- Disasters and hazards
- Emergency management
- Engineering fundamentals
- Infrastructure
- Infrastructure vulnerability
- Lifeline systems
- Mathematical functions
- Mathematics
- Matrix (mathematics)
- Methodology (by type)
- Natural disasters
Authors
Metrics & Citations
Metrics
Citations
Download citation
If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.
Cited by
- Christin Salley, Neda Mohammadi, Jiajia Xie, Iris Tien, John E. Taylor, Assessing Community Needs in Disasters: Transfer Learning for Fusing Limited Georeferenced Data from Crowdsourced Applications on the Community Level, Journal of Management in Engineering, 10.1061/JMENEA.MEENG-6208, 40, 6, (2024).