Lingxuan Zhang
ABSTRACT
Industrial cyber-physical systems (ICPSs) are widely used in critical infrastructures. However, they threaten by various cyberattacks which can directly damage the physical processes of ICPSs. Therefore, we proposed a method to quantitatively assess the risk of cyberattacks on the physical systems of ICPSs. This method conduces implement-appropriate security strategies to protect the security of ICPSs. We use an extended Bayesian attack graph to quantify the probabilities of cyberattacks. In addition, we model the cyberattacks as the illegal control signals injected into the physical system and the illegal actions that change the structure of the physical system. With the established model, we compute a new metric: Physical-System-Deviation-Risk (PSDR), which is used to assess the impact of cyberattacks on the physical system. The risk of the physical systems caused by cyberattacks can be quantified by the PSDR and the probabilities of cyberattacks. Moreover, we use a specific case to demonstrate the effectiveness of this assessment method.
Supplemental Material
- Lee E A. 2008. Cyber physical systems: design challenges. In Proceedings of 11th IEEE International Symposium on Object Oriented Real-Time Distributed Computing (ISORC'08). ACM Press, Orlando, 363--369. https://doi.org/10.1109/ISORC.2008.25Google Scholar
Digital Library
- M. Frigault and L. Wang. 2008. Measuring Network Security Using Bayesian Network-Based Attack Graphs. In 2008 32nd Annual IEEE International Computer Software and Applications Conference (COMPSAC '08). IEEE, Turku, Finland, 698-- 703. https://doi.org/10.1109/COMPSAC.2008.88Google Scholar
- Huang JH, Feng DQ, and Wang HJ. 2016. A method for quantifying vulnerability of industrial control system based on attack graph. Acta Automatica Sinica 42, 5 (Jan. 2016), 792--798. https://doi.org/10.16383/j.aas.2016.c150517Google Scholar
- Orojloo H and Abdollahi Azgomi M. 2016. Predicting the behavior of attackers and the consequences of attacks against cyber-physical systems. Secur. Commun. Netw 9, 18 (Feb. 2016), 6111--6136. https://doi.org/10.1002/sec.1761Google ScholarCross Ref
- Huang K, Zhou C, and Tian Y C. 2018. Assessing the Physical Impact of Cyber- Attacks on Industrial Cyber-Physical Systems. IEEE Trans. Ind. Electron 65, 10 (Jan.2018),8153--8162. https://doi.org/10.1109/TIE.2018.2798605Google ScholarCross Ref
- Huang Y L, Alvaro A. Cárdenas, and Amin S. 2009. Understanding the physical and economic consequences of attacks on control systems. Int. J. Critical Infrastructure Protection2,3(June 2009),73--78. https://doi.org/10.1016/j.ijcip.2009.06.001Google Scholar
- F. Morilla. 2012. Benchmark for PID control based on the Boiler Control Problem. IFAC Proceedings Volumes 45, 3 (2012), 346 -- 351. https://doi.org/10.3182/ 20120328--3-IT-3014.00059 2nd IFAC Conference on Advances in PID Control.Google ScholarCross Ref
- N. Poolsappasit, R. Dewri, and I. Ray. 2012. Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Depend. Secure Comput 9, 1 (Feb. 2012), 8153--8162. https://doi.org/10.1109/tdsc.2011.34.Google ScholarDigital Library
- Farwell JP and Rohozinski R. 2011. Stuxnet and the Future of Cyber War. Survival 53,1(Jan.2011),23--40. https://doi.org/10.1080/00396338.2011.555586Google Scholar
- P. Mell, K. Scarfone, and S. Romanosky. 2012. Common vulnerability scoring system. IEEE Security Privacy. IEEE Security and Privacy 4, 6 (May 2012), 85--89. https://doi.org/10.1109/MSP.2006.145Google Scholar
- Colombo A W, Karnouskos S, and Kaynak O. 2017. Industrial Cyberphysical Systems: A Backbone of the Fourth Industrial Revolution. IEEE. Ind. Electron. Mag11,1(March2017),6--16. https://doi.org/10.1109/MIE.2017.2648857Google Scholar
- Li X, Zhou C, and Tian Y C. 2017. Asset-based dynamic impact assessment of cyberattacks for risk analysis in industrial control systems. IEEE Trans. Ind. Inform14,2(June2017),608--618. https://doi.org/10.1109/TII.2017.2740571Google Scholar
- Peng Y, Lu T, and Liu J. 2013. Cyber-physical System Risk Assessment. In 2013 Ninth International Conference on Intelligent Information Hiding and Multimedia Signal Processing. 442--447. https://doi.org/10.1109/IIH- MSP.2013.116Google Scholar
Index Terms
- Quantitatively Assessing the Cyber-to-Physical Risk of Industrial Cyber-Physical Systems
Recommendations
Assessing Cyber Risk in Cyber-Physical Systems Using the ATT&CK Framework
Autonomous transport is receiving increasing attention, with research and development activities already providing prototype implementations. In this article we focus on Autonomous Passenger Ships (APS), which are being considered as a solution for ...
Dependency-based security risk assessment for cyber-physical systems
AbstractA cyber-physical attack is a security breach in cyber space that impacts on the physical environment. The number and diversity of such attacks against Cyber-Physical Systems (CPSs) are increasing at impressive rates. In times of Industry 4.0 and ...
Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
AbstractCyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...
Comments