Visible to the public Vulnerability-Based Impact Criticality Estimation for Industrial Control Systems

TitleVulnerability-Based Impact Criticality Estimation for Industrial Control Systems
Publication TypeConference Paper
Year of Publication2020
AuthorsAni, U. D., He, H., Tiwari, A.
Conference Name2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
Date PublishedJune 2020
ISBN Number978-1-7281-6428-1
Keywordsattack probabilities, compositionality, control engineering computing, control uncertainties, Cyber Dependencies, cyber environments, cyber security risks, cyber threats, cybersecurity, distributed system, Functional Dependency, human factors, ICS networks, ICS security, impact estimation, industrial control, Industrial Control System (ICS), industrial control systems, MAVCA model, Metrics, miniature ICS, proactive security response, probabilistic multiattribute vulnerability criticality analysis model, production engineering computing, pubcrawl, quantitative evaluation, quantitative security metrics, resilience, Resiliency, risk management, Scalability, Security Criticality Analysis, Security Impact Analysis, security of data, security risk assessment scheme, vulnerability analysis, vulnerability host components, vulnerability severities, vulnerability-based impact criticality estimation

Cyber threats directly affect the critical reliability and availability of modern Industry Control Systems (ICS) in respects of operations and processes. Where there are a variety of vulnerabilities and cyber threats, it is necessary to effectively evaluate cyber security risks, and control uncertainties of cyber environments, and quantitative evaluation can be helpful. To effectively and timely control the spread and impact produced by attacks on ICS networks, a probabilistic Multi-Attribute Vulnerability Criticality Analysis (MAVCA) model for impact estimation and prioritised remediation is presented. This offer a new approach for combining three major attributes: vulnerability severities influenced by environmental factors, the attack probabilities relative to the vulnerabilities, and functional dependencies attributed to vulnerability host components. A miniature ICS testbed evaluation illustrates the usability of the model for determining the weakest link and setting security priority in the ICS. This work can help create speedy and proactive security response. The metrics derived in this work can serve as sub-metrics inputs to a larger quantitative security metrics taxonomy; and can be integrated into the security risk assessment scheme of a larger distributed system.

Citation Keyani_vulnerability-based_2020