Abstract
Industrial Control Systems (ICS) play a critical role in controlling industrial processes. Wide use of modern IT technologies enables cyber attacks to disrupt the operation of ICS. Advanced Persistent Threats (APT) are the most threatening attacks to ICS due to their long persistence and destructive cyber-physical effects to ICS. This paper considers a simulation of attackers and defenders of an ICS, where the defender must consider the cost-effectiveness of implementing defensive measures within the system in order to create an optimal defense. The aim is to identify the appropriate deployment of a specific defensive strategy, such as defense-in-depth or critical component defense. The problem is represented as a strategic competitive optimisation problem, which is solved using a co-evolutionary particle swarm optimisation algorithm. Through the development of optimal defense strategy, it is possible to identify when each specific defensive strategies is most appropriate; where the optimal defensive strategy depends on the resources available and the relative effectiveness of those resources.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
ICS-CERT: Sept. 2014 – Feb. 2015. www.ics-cert.us-cert.gov/monitors/ICS-MM20 1502.
- 2.
SANS ICS Defense Use Case, 2014. https://ics.sans.org/media/ICS-CPPE-case- Study-2-German-Steelworks_Facility.pdf.
References
BSI: Industrial control system security top 10 threats and countermeasures 2014, March 2014. www.allianz-fuer-cybersicherheit.de/ACS/DE/_downloads/techniker/hardware/BSI-CS_005E.pdf
Chopitea, T.: Threat modelling of hacktivist groups organization, chain of command, and attack methods (2012). http://publications.lib.chalmers.se/records/fulltext/173222/173222.pdf
U.S. Department of Homeland Security: Common cybersecurity vulnerabilities in industrial control systems (2011). www.ics-cert.us-cert.gov/sites/default/files/documents/DHS_Common_Cybersecurity_Vulnerabilities_ICS_20110523.pdf
Durkota, K., Lisy, V., Kiekintveld, C., Bosansky, B.: Game-theoretic algorithms for optimal network security hardening using attack graphs. In: Proceedings of International Conference on Autonomous Agents and Multiagent Systems, pp. 1773–1774 (2015)
Eberhart, R.C., Kennedy, J.: A new optimizer using particle swarm theory. In: Proceedings of 6th International Symposium on Micro Machine and Human Science, New York, vol. 1, pp. 39–43 (1995)
Falliere, N., Murchu, L.O., Chien, E.: W32. Stuxnet dossier. White paper, Symantec Corp., Security. Response 5 (2011)
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Game theory meets information security management. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IFIP AICT, vol. 428, pp. 15–29. Springer, Heidelberg (2014)
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Decision support approaches for cyber security investment. Decis. Support Syst. 86, 13–23 (2016)
Gao, K., Jianming, L., Xu, R., Wang, Y., Li, Y.: A hybrid security situation prediction model for information network based on support vector machine and particle swarm optimization. Power Syst. Technol. 4, 033 (2011)
Gebser, M., Kaminski, R., Kaufmann, B., Ostrowski, M., Schaub, T., Schneider, M.: Potassco: the Potsdam answer set solving collection. AI Commun. 24(2), 107–124 (2011)
Karnan, M., Akila, M.: Personal authentication based on keystroke dynamics using soft computing techniques. In: 2nd International Conference on Communication Software and Networks, ICCSN 2010, pp. 334–338. IEEE (2010)
Kennedy, J.: Particle swarm optimization. In: Sammut, C., Webb, G.I. (eds.) Encyclopedia of Machine Learning, pp. 760–766. Springer, Berlin (2010)
KlÃma, R., Lisý, V., Kiekintveld, C.: Combining online learning and equilibrium computation in security games. In: Khouzani, M.H.R., Panaousis, E., Theodorakopoulos, G. (eds.) GameSec 2015. LNCS, vol. 9406, pp. 130–149. Springer, Heidelberg (2015). doi:10.1007/978-3-319-25594-1_8
Korzhyk, D., Conitzer, V., Parr, R.: Complexity of computing optimal Stackelberg strategies in security resource allocation games. In: AAAI (2010)
Kuipers, D., Fabro, M.: Control Systems Cyber Security: Defense in Depth Strategies. Department of Energy, United States (2006)
Lemay, A.: Defending the SCADA network controlling the electrical grid from advanced persistent threats. Ph.D. thesis, École Polytechnique de Montréal (2013)
Lippmann, R.P., Ingols, K.W., Scott, C., Piwowarski, K., Kratkiewicz, K.J., Artz, M., Cunningham, R.: Evaluating and Strengthening Enterprise Network Security Using Attack Graphs. Defense Technical Information Center, Fort Belvoir (2005)
Ma, Z., Smith, P.: Determining Risks from advanced multi-step attacks to critical information infrastructures. In: Luiijf, E., Hartel, P. (eds.) CRITIS 2013. LNCS, vol. 8328, pp. 142–154. Springer, Heidelberg (2013)
Noel, S., Jajodia, S., Wang, L., Singhal, A.: Measuring security risk of networks using attack graphs. Int. J. Next-Gener. Comput. 1(1), 135–147 (2010)
Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of 13th ACM Conference on Computer and Communications Security, pp. 336–345. ACM (2006)
Pham, V., Cid, C.: Are we compromised? Modelling security assessment games. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 234–247. Springer, Heidelberg (2012)
Poli, R.: Analysis of the publications on the applications of particle swarm optimisation. J. Artif. Evol. Appl. 2008, 3 (2008)
Poli, R., Kennedy, J., Blackwell, T.: Particle swarm optimization. Swarm Intell. 1(1), 33–57 (2007)
Small, P.E.: Defense in Depth: An Impractical Strategy for a Cyber World. SANS Institute, Bethesda (2011)
Srinoy, S.: Intrusion detection model based on particle swarm optimization and support vector machine. In: IEEE Symposium on Computational Intelligence in Security and Defense Applications, CISDA, pp. 186–192. IEEE (2007)
Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. NIST Special Publication (2011). http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf
Tsai, J., Rathi, S., Kiekintveld, C., Ordez, F., Tambe, M.: IRIS - A tool for strategic security allocation in transportation networks, vol. 2, pp. 1327–1334. International Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS), 1 (2009)
Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Comput. Commun. 29(18), 3812–3824 (2006)
Acknowledgement
This work is funded by the EPSRC project RITICS: Trustworthy Industrial Control Systems (EP/L021013/1).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Fielder, A., Li, T., Hankin, C. (2016). Modelling Cost-Effectiveness of Defenses in Industrial Control Systems. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9922. Springer, Cham. https://doi.org/10.1007/978-3-319-45477-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-45477-1_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45476-4
Online ISBN: 978-3-319-45477-1
eBook Packages: Computer ScienceComputer Science (R0)