Biblio
Risk assessment of cyber-physical systems, such as power plants, connected devices and IT-infrastructures has always been challenging: safety (i.e., absence of unintentional failures) and security (i. e., no disruptions due to attackers) are conditions that must be guaranteed. One of the traditional tools used to help considering these problems is attack trees, a tree-based formalism inspired by fault trees, a well-known formalism used in safety engineering. In this paper we define and implement the translation of attack-fault trees (AFTs) to a new extension of timed automata, called parametric weighted timed automata. This allows us to parametrize constants such as time and discrete costs in an AFT and then, using the model-checker IMITATOR, to compute the set of parameter values such that a successful attack is possible. Using the different sets of parameter values computed, different attack and fault scenarios can be deduced depending on the budget, time or computation power of the attacker, providing helpful data to select the most efficient counter-measure.
This paper discusses two pieces of software designed for intelligence analysis, the brainstorming tool and the Scenario Planning Advisor. These tools were developed in the Cognitive Immersive Systems Lab (CISL) in conjunction with IBM. We discuss the immersive environment the tools are situated in, and the proposed benefit for intelligence analysis.
Currently, organisations find it difficult to design a Decision Support System (DSS) that can predict various operational risks, such as financial and quality issues, with operational risks responsible for significant economic losses and damage to an organisation's reputation in the market. This paper proposes a new DSS for risk assessment, called the Fuzzy Inference DSS (FIDSS) mechanism, which uses fuzzy inference methods based on an organisation's big data collection. It includes the Emerging Association Patterns (EAP) technique that identifies the important features of each risk event. Then, the Mamdani fuzzy inference technique and several membership functions are evaluated using the firm's data sources. The FIDSS mechanism can enhance an organisation's decision-making processes by quantifying the severity of a risk as low, medium or high. When it automatically predicts a medium or high level, it assists organisations in taking further actions that reduce this severity level.
We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account the whole spectrum of security risks - from technical aspects through to human and organizational issues - across an ICS supply chain. We demonstrate the effectiveness of SEISMiC through a supply chain risk assessment of Natanz, Iran's nuclear facility that was the subject of the Stuxnet attack.
Several operational and economic factors impact the patching decisions of critical infrastructures. The constraints imposed by such factors could prevent organizations from fully remedying all of the vulnerabilities that expose their (critical) assets to risk. Therefore, an involved decision maker (e.g. security officer) has to strategically decide on the allocation of possible remediation efforts towards minimizing the inherent security risk. This, however, involves the use of comparative judgments to prioritize risks and remediation actions. Throughout this work, the security risk is quantified using the security metric Time-To-Compromise (TTC). Our main contribution is to provide a generic TTC estimator to comparatively assess the security posture of computer networks taking into account interdependencies between the network components, different adversary skill levels, and characteristics of (known and zero-day) vulnerabilities. The presented estimator relies on a stochastic TTC model and Monte Carlo simulation (MCS) techniques to account for the input data variability and inherent prediction uncertainties.
Despite more than a decade of heightened focus on cybersecurity, cyber threats remain an ongoing and growing concern [1]-[3]. Stakeholders often perform cyber risk assessments in order to understand potential mission impacts due to cyber threats. One common approach to cyber risk assessment is event-based analysis which usually considers adverse events, effects, and paths through a system, then estimates the effort/likelihood and mission impact of such attacks. When conducted manually, this type of approach is labor-intensive, subjective, and does not scale well to complex systems. As an alternative, we present an automated capability-based risk assessment approach, compare it to manual event-based analysis approaches, describe its application to a notional space system ground segment, and discuss the results.
In the computer based solutions of the problems in today's world; if the problem has a high complexity value, different requirements can be addressed such as necessity of simultaneous operation of many computers, the long processing times for the operation of algorithms, and computers with hardware features that can provide high performance. For this reason, it is inevitable to use a computer based on quantum physics in the near future in order to make today's cryptosystems unsafe, search the servers and other information storage centers on internet very quickly, solve optimization problems in the NP-hard category with a very wide solution space and analyze information on large-scale data processing and to process high-resolution image for artificial intelligence applications. In this study, an examination of quantum approaches and quantum computers, which will be widely used in the near future, was carried out and the areas in which such innovation can be used was evaluated. Malicious or non-malicious use of quantum computers with this capacity, the advantages and disadvantages of the high performance which it provides were examined under the head of security, the effect of this recent technology on the existing security systems was investigated.
Connected and automated vehicles aim to improve the comfort and the safety of the driver and passengers. To this end, car manufacturers continually improve actual standardized methods to ensure their customers safety, privacy, and vehicles security. However, these methods do not support fully autonomous vehicles, linkability and confusion threats. To address such gaps, we propose a systematic threat analysis and risk assessment framework, SARA, which comprises an improved threat model, a new attack method/asset map, the involvement of the attacker in the attack tree, and a new driving system observation metric. Finally, we demonstrate its feasibility in assessing risk with two use cases: Vehicle Tracking and Comfortable Emergency Brake Failure.
Cyber situational awareness has become increasingly important for proactive risk management to help detect and mitigate cyber attacks. Being aware of the importance of individual information system assets to the goal or mission of the organisation is critical to help minimise enterprise risk. However current risk assessment methodologies do not give explicit support to assess mission related asset criticality. This paper describes ongoing efforts within the H2020 PROTECTIVE project to define a practical mission-centric risk assessment methodology for use across diverse organisation types.
The alarming rate of big data usage in the cloud makes data exposed easily. Cloud which consists of many servers linked to each other is used for data storage. Having owned by third parties, the security of the cloud needs to be looked at. Risks of storing data in cloud need to be checked further on the severity level. There should be a way to access the risks. Thus, the objective of this paper is to use SLR so that we can have extensive background of literatures on risk assessment for big data in cloud computing environment from the perspective of security, privacy and trust.
In order to evaluate the network security risks and implement effective defenses in industrial control system, a risk assessment method for industrial control systems based on attack graphs is proposed. Use the concept of network security elements to translate network attacks into network state migration problems and build an industrial control network attack graph model. In view of the current subjective evaluation of expert experience, the atomic attack probability assignment method and the CVSS evaluation system were introduced to evaluate the security status of the industrial control system. Finally, taking the centralized control system of the thermal power plant as the experimental background, the case analysis is performed. The experimental results show that the method can comprehensively analyze the potential safety hazards in the industrial control system and provide basis for the safety management personnel to take effective defense measures.
Traceability has grown from being a specialized need for certain safety critical segments of the industry, to now being a recognized value-add tool for the industry as a whole that can be utilized for manual to automated processes End to End throughout the supply chain. The perception of traceability data collection persists as being a burden that provides value only when the most rare and disastrous of events take place. Disparate standards have evolved in the industry, mainly dictated by large OEM companies in the market create confusion, as a multitude of requirements and definitions proliferate. The intent of the IPC-1782 project is to bring the whole principle of traceability up to date and enable business to move faster, increase revenue, increase productivity, and decrease costs as a result of increased trust. Traceability, as defined in this standard will represent the most effective quality tool available, becoming an intrinsic part of best practice operations, with the encouragement of automated data collection from existing manufacturing systems which works well with Industry 4.0, integrating quality, reliability, product safety, predictive (routine, preventative, and corrective) maintenance, throughput, manufacturing, engineering and supply-chain data, reducing cost of ownership as well as ensuring timeliness and accuracy all the way from a finished product back through to the initial materials and granular attributes about the processes along the way. The goal of this standard is to create a single expandable and extendable data structure that can be adopted for all levels of traceability and enable easily exchanged information, as appropriate, across many industries. The scope includes support for the most demanding instances for detail and integrity such as those required by critical safety systems, all the way through to situations where only basic traceability, such as for simple consumer products, are required. A key driver for the adoption of the standard is the ability to find a relevant and achievable level of traceability that exactly meets the requirement following risk assessment of the business. The wealth of data accessible from traceability for analysis (e.g.; Big Data, etc.) can easily and quickly yield information that can raise expectations of very significant quality and performance improvements, as well as providing the necessary protection against the costs of issues in the market and providing very timely information to regulatory bodies along with consumers/customers as appropriate. This information can also be used to quickly raise yields, drive product innovation that resonates with consumers, and help drive development tests & design requirements that are meaningful to the Marketplace. Leveraging IPC 1782 to create the best value of Component Traceability for your business.
Cyber-attacks and intrusions in cyber-physical control systems are, currently, difficult to reliably prevent. Knowing a system's vulnerabilities and implementing static mitigations is not enough, since threats are advancing faster than the pace at which static cyber solutions can counteract. Accordingly, the practice of cybersecurity needs to ensure that intrusion and compromise do not result in system or environment damage or loss. In a previous paper [2], we described the Cyberspace Security Econometrics System (CSES), which is a stakeholder-aware and economics-based risk assessment method for cybersecurity. CSES allows an analyst to assess a system in terms of estimated loss resulting from security breakdowns. In this paper, we describe two new related contributions: 1) We map the Cyberspace Security Econometrics System (CSES) method to the evaluation and mitigation steps described by the NIST Guide to Industrial Control Systems (ICS) Security, Special Publication 800-82r2. Hence, presenting an economics-based and stakeholder-aware risk evaluation method for the implementation of the NIST-SP-800-82 guide; and 2) We describe the application of this tailored method through the use of a fictitious example of a critical infrastructure system of an electric and gas utility.
The paper suggests several techniques for computer network risk assessment based on Common Vulnerability Scoring System (CVSS) and attack modeling. Techniques use a set of integrated security metrics and consider input data from security information and event management (SIEM) systems. Risk assessment techniques differ according to the used input data. They allow to get risk assessment considering requirements to the accuracy and efficiency. Input data includes network characteristics, attacks, attacker characteristics, security events and countermeasures. The tool that implements these techniques is presented. Experiments demonstrate operation of the techniques for different security situations.
Quantitative risk assessment is a critical first step in risk management and assured design of networked computer systems. It is challenging to evaluate the marginal probabilities of target states/conditions when using a probabilistic attack graph to represent all possible attack paths and the probabilistic cause-consequence relations among nodes. The brute force approach has the exponential complexity and the belief propagation method gives approximation when the corresponding factor graph has cycles. To improve the approximation accuracy, a region-based method is adopted, which clusters some highly dependent nodes into regions and messages are passed among regions. Experiments are conducted to compare the performance of the different methods.
Supervisory control and data acquisition (SCADA) systems are the key driver for critical infrastructures and industrial facilities. Cyber-attacks to SCADA networks may cause equipment damage or even fatalities. Identifying risks in SCADA networks is critical to ensuring the normal operation of these industrial systems. In this paper we propose a Bayesian network-based cyber-security risk assessment model to dynamically and quantitatively assess the security risk level in SCADA networks. The major distinction of our work is that the proposed risk assessment method can learn model parameters from historical data and then improve assessment accuracy by incrementally learning from online observations. Furthermore, our method is able to assess the risk caused by unknown attacks. The simulation results demonstrate that the proposed approach is effective for SCADA security risk assessment.