Blog
About

426
views
1
recommends
+1 Recommend
1 collections
    5
    shares
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Assessing Cyber-Physical Security in Industrial Control Systems

        , , , ,

      6th International Symposium for ICS & SCADA Cyber Security Research 2019 (ICS-CSR)

      Cyber Security Research

      10th-12th September 2019

      Security metrics, cyber-physical security, AND-OR graphs, hypergraphs, MAX-SAT resolution, ICS, CPS

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Over the last years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical threats. Efficient models and techniques able to capture their complex structure and identify critical cyber-physical components are therefore essential. AND/OR graphs have proven very useful in this context as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. In addition, ICS settings normally involve various cyber and physical security measures that simultaneously protect multiple ICS components in overlapping manners, which makes this problem even harder. In this paper, we present an extended security metric based on AND/OR hypergraphs which efficiently identifies the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our approach relies on MAX-SAT techniques, which we have incorporated in META4ICS, a Java-based security metric analyser for ICS. We also provide a thorough performance evaluation that shows the feasibility of our method. Finally, we illustrate our methodology through a case study in which we analyse the security posture of a realistic Water Transport Network (WTN).

          Related collections

          Most cited references 10

          • Record: found
          • Abstract: not found
          • Article: not found

          Battle of the Water Calibration Networks

            Bookmark
            • Record: found
            • Abstract: found
            • Article: found
            Is Open Access

            Use of Attack Graphs in Security Systems

            Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.
              Bookmark
              • Record: found
              • Abstract: not found
              • Conference Proceedings: not found

              Reducing Vulnerability to Cyber-Physical Attacks in Water Distribution Networks

                Bookmark

                Author and article information

                Contributors
                Conference
                September 2019
                September 2019
                : 49-58
                Affiliations
                Institute for Security Science and Technology

                Imperial College London, UK
                KIOS Research and Innovation Centre of Excellence

                University of Cyprus
                Department of Electrical and Electronic Engineering

                Imperial College London, UK
                Article
                10.14236/ewic/icscsr19.7
                © Martín Barrère et al. Published by BCS Learning and Development Ltd. 6th International Symposium for ICS & SCADA Cyber Security Research 2019

                This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

                6th International Symposium for ICS & SCADA Cyber Security Research 2019
                ICS-CSR
                6
                Athens, Greece
                10th-12th September 2019
                Electronic Workshops in Computing (eWiC)
                Cyber Security Research
                Product
                Product Information: 1477-9358BCS Learning & Development
                Self URI (journal page): https://ewic.bcs.org/
                Categories
                Electronic Workshops in Computing

                Comments

                Comment on this article