C. Few, James Thompson, Kenny Awuson-David, Tawfik Al-Hadhrami
{"title":"使用攻击图预测网络物理系统安全性的案例研究","authors":"C. Few, James Thompson, Kenny Awuson-David, Tawfik Al-Hadhrami","doi":"10.1109/ICOTEN52080.2021.9493452","DOIUrl":null,"url":null,"abstract":"Cyber-attacks increasingly threaten Cyber-Physical Systems (CPS). Recent examples are attacks on a Florida water plant control system and firewalls protecting several Western U.S. electricity grid operators. Techniques for rigorously analysing the cybersecurity of CPS without the risk of disrupting their operations are therefore of increasing interest to CPS operators and regulators. Meanwhile, attack graphs have long been studied by researchers as a means of analysing the cybersecurity of both information and control systems. In this paper, we present a case study on the use of attack graphs for predicting the cybersecurity of a CPS within the critical national infrastructure. It explains how the attack graph was developed and analysed using existing system documentation, computer-aided techniques and human analysis. In this case study human cyber analysts with good knowledge of the CPS considered the automated predictions of the most exploitable attack paths to be credible. This enabled a detailed and evidenced analysis of the minimum level of cyber-attacker sophistication needed to compromise the CPS. The case study has evidenced that this style of CPS analysis could be used either during system design or whilst in operational use.","PeriodicalId":308802,"journal":{"name":"2021 International Congress of Advanced Technology and Engineering (ICOTEN)","volume":"70 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"A case study in the use of attack graphs for predicting the security of cyber-physical systems\",\"authors\":\"C. Few, James Thompson, Kenny Awuson-David, Tawfik Al-Hadhrami\",\"doi\":\"10.1109/ICOTEN52080.2021.9493452\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cyber-attacks increasingly threaten Cyber-Physical Systems (CPS). Recent examples are attacks on a Florida water plant control system and firewalls protecting several Western U.S. electricity grid operators. Techniques for rigorously analysing the cybersecurity of CPS without the risk of disrupting their operations are therefore of increasing interest to CPS operators and regulators. Meanwhile, attack graphs have long been studied by researchers as a means of analysing the cybersecurity of both information and control systems. In this paper, we present a case study on the use of attack graphs for predicting the cybersecurity of a CPS within the critical national infrastructure. It explains how the attack graph was developed and analysed using existing system documentation, computer-aided techniques and human analysis. In this case study human cyber analysts with good knowledge of the CPS considered the automated predictions of the most exploitable attack paths to be credible. This enabled a detailed and evidenced analysis of the minimum level of cyber-attacker sophistication needed to compromise the CPS. The case study has evidenced that this style of CPS analysis could be used either during system design or whilst in operational use.\",\"PeriodicalId\":308802,\"journal\":{\"name\":\"2021 International Congress of Advanced Technology and Engineering (ICOTEN)\",\"volume\":\"70 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-07-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Congress of Advanced Technology and Engineering (ICOTEN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICOTEN52080.2021.9493452\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Congress of Advanced Technology and Engineering (ICOTEN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOTEN52080.2021.9493452","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A case study in the use of attack graphs for predicting the security of cyber-physical systems
Cyber-attacks increasingly threaten Cyber-Physical Systems (CPS). Recent examples are attacks on a Florida water plant control system and firewalls protecting several Western U.S. electricity grid operators. Techniques for rigorously analysing the cybersecurity of CPS without the risk of disrupting their operations are therefore of increasing interest to CPS operators and regulators. Meanwhile, attack graphs have long been studied by researchers as a means of analysing the cybersecurity of both information and control systems. In this paper, we present a case study on the use of attack graphs for predicting the cybersecurity of a CPS within the critical national infrastructure. It explains how the attack graph was developed and analysed using existing system documentation, computer-aided techniques and human analysis. In this case study human cyber analysts with good knowledge of the CPS considered the automated predictions of the most exploitable attack paths to be credible. This enabled a detailed and evidenced analysis of the minimum level of cyber-attacker sophistication needed to compromise the CPS. The case study has evidenced that this style of CPS analysis could be used either during system design or whilst in operational use.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
