Taxonomy-Driven Graph-Theoretic Framework for Manufacturing Cybersecurity Risk Modeling and Assessment

被引:1
作者
Rahman H. [1 ]
Hamedani E.Y. [1 ]
Son Y.-J. [2 ]
Shafae M. [1 ]
机构
[1] Department of Systems and Industrial Engineering, The University of Arizona, Tucson, 85721, AZ
[2] School of Industrial Engineering, Purdue University, West Lafayette, 47907, IN
来源
Journal of Computing and Information Science in Engineering | 2024年 / 24卷 / 07期
关键词
attack graph; cyber-physical security for factories; cyber-physical system design and operation; cyberattacks; cybermanufacturing; cybersecurity; graph-theoretic methods; industrial internet of things; industry; 4.0; manufacturing automation; risk assessment; risk modeling; smart manufacturing;
D O I
10.1115/1.4063729
中图分类号
学科分类号
摘要
Identifying, analyzing, and evaluating cybersecurity risks are essential to devise effective decision-making strategies to secure critical manufacturing against potential cyberattacks. However, a manufacturing-specific quantitative approach is lacking to effectively model threat events and evaluate the unique cybersecurity risks in discrete manufacturing systems. In response, this paper introduces the first taxonomy-driven graph-theoretic model and framework to formally represent this unique cybersecurity threat landscape and identify vulnerable manufacturing assets requiring prioritized control. First, the proposed framework characterizes threat actors’ techniques, tactics, and procedures using taxonomical classifications of manufacturing-specific threat attributes and integrates these attributes into cybersecurity risk modeling. This facilitates the systematic generation of comprehensive and generalizable cyber-physical attack graphs for discrete manufacturing systems. Second, using the attack graph formalism, the proposed framework enables concurrent modeling and analysis of a wide variety of cybersecurity threats comprising varying attack vectors, locations, vulnerabilities, and consequences. The risk model captures the cascading attack impact of varying attack methods through different cyber and physical entities in manufacturing systems, leading to specific consequences. Then, the constructed cyber-physical attack graphs are analyzed to comprehend threat propagation through the discrete manufacturing value chain and identify potential attack paths. Third, a quantitative risk assessment approach is presented to evaluate the cybersecurity risk associated with potential attack paths. It also identifies the attack path with the maximum likelihood of success, pointing out critical manufacturing assets requiring prioritized control. Finally, the proposed risk modeling and assessment framework is demonstrated using an illustrative example. Copyright © 2024 by ASME.
引用
收藏
相关论文
共 75 条
  • [1] Lu Y., Morris K. C., Frechette S., Current Standards Landscape for Smart Manufacturing Systems, Nat. Inst. Stand. Technol. NISTIR, 8107, 3, pp. 1-39, (2016)
  • [2] Lu Y., Xu X., Wang L., Smart Manufacturing Process and System Automation–A Critical Review of the Standards and Envisioned Scenarios, J. Manuf. Syst, 56, pp. 312-325, (2020)
  • [3] Tweneboah-Koduah S., Skouby K. E., Tadayoni R., Cyber Security Threats to IoT Applications and Service Domains, Wirel. Pers. Commun, 95, 1, pp. 169-185, (2017)
  • [4] Roman R., Najera P., Lopez J., Securing the Internet of Things, Computer, 44, 9, pp. 51-58, (2011)
  • [5] Da Xu L., He W., Li S., Internet of Things in Industries: A Survey, IEEE Trans. Ind. informatics, 10, 4, pp. 2233-2243, (2014)
  • [6] Rahman M. H., Wuest T., Shafae M., Manufacturing Cybersecurity Threat Attributes and Countermeasures: Review, Meta-Taxonomy, and Use Cases of Cyberattack Taxonomies, J. Manuf. Syst, 68, pp. 196-208, (2023)
  • [7] IBM Security X-Force Threat Intelligence Index, (2020)
  • [8] Sturm L. D., Williams C. B., Camelio J. A., White J., Parker R., Cyber-Physical Vulnerabilities in Additive Manufacturing Systems: A Case Study Attack on the. STL File With Human Subjects, J. Manuf. Syst, 44, pp. 154-164, (2017)
  • [9] Elhabashy A. E., Wells L. J., Camelio J. A., Woodall W. H., A Cyber-Physical Attack Taxonomy for Production Systems: A Quality Control Perspective, J. Intell. Manuf, 30, 6, pp. 2489-2504, (2019)
  • [10] Rahman M. H., Shafae M., Physics-Based Detection of Cyber-Attacks in Manufacturing Systems: A Machining Case Study, J. Manuf. Syst, 64, pp. 676-683, (2022)
12345678