Dependency-based security risk assessment for cyber-physical systems-Reference-Cited by-同舟云学术

Dependency-based security risk assessment for cyber-physical systems

Published:2022-08-22 Issue: Volume: Page:
ISSN:1615-5262
Container-title:International Journal of Information Security
language:en
Short-container-title:Int. J. Inf. Secur.

Author:

Akbarzadeh Aida^ORCID,Katsikas Sokratis K.

Abstract

AbstractA cyber-physical attack is a security breach in cyber space that impacts on the physical environment. The number and diversity of such attacks against Cyber-Physical Systems (CPSs) are increasing at impressive rates. In times of Industry 4.0 and Cyber-Physical Systems, providing security against cyber-physical attacks is a serious challenge which calls for cybersecurity risk assessment methods capable of investigating the tight interactions and interdependencies between the cyber and the physical components in such systems. However, existing risk assessment methods do not consider this specific characteristic of CPSs. In this paper, we propose a dependency-based, domain-agnostic cybersecurity risk assessment method that leverages a model of the CPS under study that captures dependencies among the system components. The proposed method identifies possible attack paths against critical components of a CPS by taking an attacker’s viewpoint and prioritizes these paths according to their risk to materialize, thus allowing the defenders to define efficient security controls. We illustrate the workings of the proposed method by applying it to a case study of a CPS in the energy domain, and we highlight the advantages that the proposed method offers when used to assess cybersecurity risks in CPSs.

Funder

Research council of Norway

Norwegian centre for cybersecurity in critical sectors

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Safety, Risk, Reliability and Quality,Information Systems,Software

Link

https://link.springer.com/content/pdf/10.1007/s10207-022-00608-4.pdf

Reference42 articles.

1. Alcaraz, C., Lopez, J.: Analysis of requirements for critical control systems. Int. J. Crit. Infrastruct. Prot. 5(3–4), 137–145 (2012)

2. Abrams, M., Weiss, J.: Malicious control system cyber security attack case study-Maroochy water services, Australia. Tech. Rep, Mitre Corp McLean VA McLean (2008)

3. Chen, T.M., Abu-Nimeh, S.: Lessons from stuxnet. Computer 44(4), 91–93 (2011)

4. Addeen, H.. H., Xiao, Y., Li, J., Guizani, M.: A survey of cyber-physical attacks and detection methods in smart water distribution systems. IEEE Access 9, 99 905-99 921 (2021)

5. Castellanos, J. H., Ochoa, M., Zhou, J.: Finding dependencies between cyber-physical domains for security testing of industrial control systems. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 582–594 (2018)

Cited by 9 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. SYNAPSE - An Integrated Cyber Security Risk & Resilience Management Platform, With Holistic Situational Awareness, Incident Response & Preparedness Capabilities: SYNAPSE;Proceedings of the 19th International Conference on Availability, Reliability and Security;2024-07-30

2. Cybersecurity risk assessment of a marine dual-fuel engine on inland waterways ship;Proceedings of the Institution of Mechanical Engineers, Part M: Journal of Engineering for the Maritime Environment;2024-07-28

3. A multi-step attack path prediction method for oil & gas intelligence pipeline cyber physics system based on CPNE;Process Safety and Environmental Protection;2024-05

4. Model Based Risk Assessment and Risk Mitigation Framework for Cyber-Physical Systems;2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA);2023-11-01

5. Company Cybersecurity System: Assessment, Risks and Expectations;Production Engineering Archives;2023-10-27