Litcius/Paper detail

Dependency-based security risk assessment for cyber-physical systems

Aida Akbarzadeh, Sokratis Katsikas

2022International Journal of Information Security26 citationsDOIOpen Access PDF

Abstract

Abstract A cyber-physical attack is a security breach in cyber space that impacts on the physical environment. The number and diversity of such attacks against Cyber-Physical Systems (CPSs) are increasing at impressive rates. In times of Industry 4.0 and Cyber-Physical Systems, providing security against cyber-physical attacks is a serious challenge which calls for cybersecurity risk assessment methods capable of investigating the tight interactions and interdependencies between the cyber and the physical components in such systems. However, existing risk assessment methods do not consider this specific characteristic of CPSs. In this paper, we propose a dependency-based, domain-agnostic cybersecurity risk assessment method that leverages a model of the CPS under study that captures dependencies among the system components. The proposed method identifies possible attack paths against critical components of a CPS by taking an attacker’s viewpoint and prioritizes these paths according to their risk to materialize, thus allowing the defenders to define efficient security controls. We illustrate the workings of the proposed method by applying it to a case study of a CPS in the energy domain, and we highlight the advantages that the proposed method offers when used to assess cybersecurity risks in CPSs.

Topics & Concepts

Cyber-physical systemComputer scienceComputer securityInterdependenceDomain (mathematical analysis)Security domainDependency (UML)Physical securityCritical infrastructureRisk analysis (engineering)Software engineeringOperating systemMathematicsMedicinePolitical scienceLawMathematical analysisInformation and Cyber SecuritySmart Grid Security and ResilienceInfrastructure Resilience and Vulnerability Analysis