Dependency-based security risk assessment for cyber-physical systems

被引:0
作者
Aida Akbarzadeh
Sokratis K. Katsikas
机构
[1] Norwegian University of Science and Technology,Department of Information Security and Communication Technology
来源
International Journal of Information Security | 2023年 / 22卷
关键词
Cyber-physical systems; Attack path analysis; Risk assessment; Safety; Security; Industrial control systems; Industry 4.0;
D O I
暂无
中图分类号
学科分类号
摘要
A cyber-physical attack is a security breach in cyber space that impacts on the physical environment. The number and diversity of such attacks against Cyber-Physical Systems (CPSs) are increasing at impressive rates. In times of Industry 4.0 and Cyber-Physical Systems, providing security against cyber-physical attacks is a serious challenge which calls for cybersecurity risk assessment methods capable of investigating the tight interactions and interdependencies between the cyber and the physical components in such systems. However, existing risk assessment methods do not consider this specific characteristic of CPSs. In this paper, we propose a dependency-based, domain-agnostic cybersecurity risk assessment method that leverages a model of the CPS under study that captures dependencies among the system components. The proposed method identifies possible attack paths against critical components of a CPS by taking an attacker’s viewpoint and prioritizes these paths according to their risk to materialize, thus allowing the defenders to define efficient security controls. We illustrate the workings of the proposed method by applying it to a case study of a CPS in the energy domain, and we highlight the advantages that the proposed method offers when used to assess cybersecurity risks in CPSs.
引用
收藏
页码:563 / 578
页数:15
相关论文
共 63 条
[1]  
Alcaraz C(2012)Analysis of requirements for critical control systems Int. J. Crit. Infrastruct. Prot. 5 137-145
[2]  
Lopez J(2011)Lessons from stuxnet Computer 44 91-93
[3]  
Chen TM(2021)A survey of cyber-physical attacks and detection methods in smart water distribution systems IEEE Access 9 99 905-99 921
[4]  
Abu-Nimeh S(2011)Secure SCADA framework for the protection of energy control systems Concurr. Comput. Pract. Exp. 23 1431-1442
[5]  
Addeen H. H(2016)The design and implementation of attack path extraction model in power cyber physical system J. Commun. 11 834-840
[6]  
Xiao Y(2015)A descriptive study of Microsoft’s threat modeling technique Requir. Eng. 20 163-180
[7]  
Li J(2020)Cybersecurity and safety co-engineering of cyberphysical systems-a comprehensive survey Future Internet 12 65-118
[8]  
Guizani M(2019)Recommendations for smart grid security risk management Cyber-Phys. Syst. 5 92-18
[9]  
Alcaraz C(2020)IoT cyber risk: a holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process EURASIP J. Inf. Secur. 2020 1-27
[10]  
Lopez J(2016)A review of cyber security risk assessment methods for SCADA systems Comput. Sec. 56 1-1294
1234567