Toward a cyber-physical topology language: applications to NERC CIP audit

ACM workshop on Smart Energy Grid Security Pub Date : 2013-11-08 DOI:10.1145/2516930.2516934

G. Weaver, C. Cheh, E. Rogers, W. Sanders, Dennis Gammel

{"title":"Toward a cyber-physical topology language: applications to NERC CIP audit","authors":"G. Weaver, C. Cheh, E. Rogers, W. Sanders, Dennis Gammel","doi":"10.1145/2516930.2516934","DOIUrl":null,"url":null,"abstract":"Our Cyber-Physical Topology Language (CPTL) provides a language that utilities can use to programmatically analyze current and future cyber-physical architectures. The motivation for our research emerged from the importance and limitations of several audit scenarios: account management, vulnerability assessment, and configuration management. Those scenarios occur in the context of the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) audits. The NERC CIP standards define security controls by which utilities must be audited. Although the standards were designed to make power control networks less vulnerable to cyber attack and to decrease the chance of outages, the audit process is manual and costly. In order to save utilities and auditors time and money, we used the limitations of those audit scenarios in formally specifying and implementing CPTL, which consists of both a representation of cyber-physical assets and operations upon that representation. First, CPTL uses graph theory to represent a network of cyber-physical assets; we currently implement this representation in GraphML. Second, CPTL defines operations upon that representation. In this paper, we introduce operators to process attributes by expanding and contracting components of a network, and implement these operations using the Boost Graph Library (BGL). In order to demonstrate the potential for CPTL to save auditors and utilities time and money, we provide a detailed example of how CPTL could help with vulnerability assessment and discuss additional applications beyond the audit scenarios mentioned above. We describe current approaches to those scenarios and argue that CPTL improves upon both the state-of-the-art and current practice. In fact, we intend CPTL to enable a broad range of new research on realistic cyber-physical architectures by giving utilities, auditors, managers, and researchers a common language with which to communicate and analyze those architectures.","PeriodicalId":303004,"journal":{"name":"ACM workshop on Smart Energy Grid Security","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM workshop on Smart Energy Grid Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2516930.2516934","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

Abstract

Our Cyber-Physical Topology Language (CPTL) provides a language that utilities can use to programmatically analyze current and future cyber-physical architectures. The motivation for our research emerged from the importance and limitations of several audit scenarios: account management, vulnerability assessment, and configuration management. Those scenarios occur in the context of the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) audits. The NERC CIP standards define security controls by which utilities must be audited. Although the standards were designed to make power control networks less vulnerable to cyber attack and to decrease the chance of outages, the audit process is manual and costly. In order to save utilities and auditors time and money, we used the limitations of those audit scenarios in formally specifying and implementing CPTL, which consists of both a representation of cyber-physical assets and operations upon that representation. First, CPTL uses graph theory to represent a network of cyber-physical assets; we currently implement this representation in GraphML. Second, CPTL defines operations upon that representation. In this paper, we introduce operators to process attributes by expanding and contracting components of a network, and implement these operations using the Boost Graph Library (BGL). In order to demonstrate the potential for CPTL to save auditors and utilities time and money, we provide a detailed example of how CPTL could help with vulnerability assessment and discuss additional applications beyond the audit scenarios mentioned above. We describe current approaches to those scenarios and argue that CPTL improves upon both the state-of-the-art and current practice. In fact, we intend CPTL to enable a broad range of new research on realistic cyber-physical architectures by giving utilities, auditors, managers, and researchers a common language with which to communicate and analyze those architectures.

查看原文本刊更多论文

迈向网络物理拓扑语言:NERC CIP审计的应用

我们的网络物理拓扑语言(CPTL)提供了一种语言，实用程序可以使用该语言以编程方式分析当前和未来的网络物理体系结构。我们研究的动机来自几个审计场景的重要性和局限性:帐户管理、漏洞评估和配置管理。这些情况发生在北美电力可靠性公司关键基础设施保护(NERC CIP)审计的背景下。NERC CIP标准定义了必须对公用事业进行审计的安全控制。虽然这些标准旨在使电力控制网络不那么容易受到网络攻击，并减少停电的机会，但审计过程是手动的，成本很高。为了节省公用事业和审计人员的时间和金钱，我们在正式指定和实现CPTL时使用了这些审计场景的局限性，CPTL由网络物理资产的表示和对该表示的操作组成。首先，CPTL使用图论来表示网络物理资产网络;我们目前在GraphML中实现了这种表示。其次，CPTL在该表示上定义操作。在本文中，我们引入算子通过扩展和收缩网络组件来处理属性，并使用Boost Graph Library (BGL)实现这些操作。为了展示CPTL为审计人员和实用程序节省时间和金钱的潜力，我们提供了一个CPTL如何帮助进行漏洞评估的详细示例，并讨论了除上述审计场景之外的其他应用程序。我们描述了这些场景的当前方法，并认为CPTL改进了最先进的技术和当前的实践。事实上，我们希望CPTL能够通过为公用事业、审计人员、管理人员和研究人员提供一种通用语言来交流和分析这些体系结构，从而实现对现实网络物理体系结构的广泛新研究。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM workshop on Smart Energy Grid Security

自引率

0.00%

发文量