A method for evaluating the consequence propagation of security attacks in cyber-physical systems

Estimating the possible impacts of security attacks on physical processes can help to rank the critical assets based on their sensitivity to performed attacks and predict their attractiveness from the attacker's point of view. To address this challenge, this paper proposes a new method for assessing the direct and indirect impacts of attacks on cyber-physical systems (CPSs). The proposed method studies the dynamic behavior of systems in normal situation and under security attacks and evaluates the consequence propagation of attacks. The inputs to the model are control parameters including sensor readings and controller signals. The output of the model is evaluating the consequence propagation of attacks, ranking the important assets of systems based on their sensitivity to conducted attacks, and prioritizing the attacks based on their impacts on the behavior of system. The validation phase of the proposed method is performed by modeling and evaluating the consequence propagation of attacks against a boiling water power plant (BWPP). (C) 2016 Elsevier B.V. All rights reserved.