Litcius/Paper detail

Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies

Martín Barrère, Chris Hankin, Nicolas Nicolaou, Δημήτριος Γ. Ηλιάδης, Thomas Parisini

2020Journal of Information Security and Applications40 citationsDOIOpen Access PDF

Abstract

In recent years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical attacks, having massive destructive consequences. Security metrics are therefore essential to assess and improve their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs and hypergraphs which is able to efficiently identify the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) f or an attacker, in order to disrupt the operation of vital ICS assets. Our tool, META4ICS (pronounced as metaphorics ), leverages state-of-the-art methods from the field of logical satisfiability optimisation and MAX-SAT techniques in order to achieve efficient computation times. In addition, we present a case study where we have used our system to analyse the security posture of a realistic Water Transport Network (WTN).

Topics & Concepts

Computer sciencePhysical securityCyber-physical systemComputer securityIndustrial control systemMetric (unit)Set (abstract data type)Control (management)ComputationField (mathematics)Order (exchange)State (computer science)EngineeringBusinessMathematicsArtificial intelligenceOperations managementOperating systemAlgorithmFinanceProgramming languagePure mathematicsInformation and Cyber SecurityNetwork Security and Intrusion DetectionSmart Grid Security and Resilience