Abstract
Today energy delivery systems (EDS) face challenges in dealing with cyberattacks that originate by exploiting the communication network assets. Traditional power systems are highly complex and heterogeneous. These systems focus on reliability, availability, and continuous performance and, thus, not designed to handle security issues. Network administrators often utilize attack graphs to analyze security in EDS. Although attack graphs are useful tools to generate attack paths and estimate possible consequences in a networked system, they lack incorporating the operational or functional dependencies. Localizing the dependencies among operational missions, tasks, and the hosting devices in a large-scale cyber-physical network is also challenging. Current research works handle the system dependency and the attack scenario modeling separately using dependency graphs and attack graphs, respectively. To address the gap of incorporating the mission operational dependencies with possible attack scenarios, in this work, we offer an approach to assess the cyberattack impact on the operational mission of the EDS by combining the logical attack graph and mission functional dependency graph. We provide the graphical modeling details and illustrate the approach using a case study of SCADA (supervisory control and data acquisition) operations within an EDS environment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
NESSUS Vulnerability Assessment (https://www.tenable.com/products/nessus).
- 2.
OpenVAS - Open Vulnerability Assessment Scanner (https://www.openvas.org/).
- 3.
Common Vulnerability Scoring System (https://www.first.org/cvss/).
- 4.
National Vulnerability Database (https://nvd.nist.gov/).
- 5.
Declarative Logic Programming.
References
Sun, X., Liu, P., Singhal, A.: Toward cyberresiliency in the context of cloud computing [resilient security]. IEEE Secur. Priv. 16(6), 71–75 (2018)
Cao, C., Yuan, L.-P., Singhal, A., Liu, P., Sun, X., Zhu, S.: Assessing attack impact on business processes by interconnecting attack graphs and entity dependency graphs. In: Kerschbaum, F., Paraboschi, S. (eds.) DBSec 2018. LNCS, vol. 10980, pp. 330–348. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-95729-6_21
Stouffer, K., Falco, J.: Recommended practice: improving industrial control systems cybersecurity with defense-in-depth strategies. Department of Homeland Security, Control systems security program, National cyber security division (2009)
Garvey, P.R., Pinto, C.A.: Introduction to functional dependency network analysis. In: The MITRE Corporation and Old Dominion, 2nd International Symposium on Engineering Systems, MIT, Cambridge, Massachusetts, vol. 5 (2009)
Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: USENIX Security Symposium, Baltimore, MD, vol. 8, pp. 113–128 (2005)
Gonda, T., Pascal, T., Puzis, R., Shani, G., Shapira, B.: Analysis of attack graph representations for ranking vulnerability fixes. In: GCAI, pp. 215–228 (2018)
Rao, B., Mitra, A.: An approach to merging of two community subgraphs to form a community graph using graph mining techniques. In: 2014 IEEE International Conference on Computational Intelligence and Computing Research, pp. 1–7. IEEE (2014)
Jakobson, G.: Mission-centricity in cyber security: architecting cyber attack resilient missions. In: 2013 5th International Conference on Cyber Conflict, CYCON 2013, pp. 1–18. IEEE (2013)
Guariniello, C., DeLaurentis, D.: Supporting design via the system operational dependency analysis methodology. Res. Eng. Des. 28(1), 53–69 (2017)
Albanese, M., Jajodia, S.: A graphical model to assess the impact of multi-step attacks. J. Def. Model. Simul. 15(1), 79–93 (2018)
Liu, C., Singhal, A., Wijesekera, D.: Mapping evidence graphs to attack graphs. In: IEEE International Workshop on Information Forensics and Security, WIFS 2012, pp. 121–126. IEEE (2012)
Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: Cauldron mission-centric cyber situational awareness with defense in depth. In: 2011 Military Communications Conference, MILCOM 2011, pp. 1339–1344. IEEE (2011)
Haque, M.A., Shetty, S., Krishnappa, B.: Modeling cyber resilience for energy delivery systems using critical system functionality. In: Resilience Week, RWS 2019, vol. 1, pp. 33–41. IEEE (2019)
Haque, M.A., Shetty, S., Krishnappa, B.: Cyber-physical system resilience: frameworks, metrics, complexities, challenges, and future directions. In: Complexity Challenges in Cyber Physical Systems: Using Modeling and Simulation (M&S) to Support Intelligence, Adaptation and Autonomy, pp. 301–337 (2019)
Sun, X., Singhal, A., Liu, P.: Towards actionable mission impact assessment in the context of cloud computing. In: Livraga, G., Zhu, S. (eds.) DBSec 2017. LNCS, vol. 10359, pp. 259–274. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61176-1_14
Acknowledgment
This material is based upon work supported by the Department of Energy under Award Number DE-OE0000780.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Haque, M.A., Shetty, S., Kamhoua, C.A., Gold, K. (2020). Modeling Mission Impact of Cyber Attacks on Energy Delivery Systems. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 336. Springer, Cham. https://doi.org/10.1007/978-3-030-63095-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-63095-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63094-2
Online ISBN: 978-3-030-63095-9
eBook Packages: Computer ScienceComputer Science (R0)