Quantitative Cybersecurity Analysis Framework for Cyber Physical Systems: A Conceptual Approach

Cyber-physical systems (CPS) are indispensable in various sectors, enabling convenient and efficient processes in today's rapidly evolving technological landscape. However, the integration of internet-enabled components with physical processes exposes CPS to numerous security threats, rendering them susceptible to potential cyber-attacks. This paper presents a quantitative analysis framework for evaluating the security attributes of CPS conceptual design. Focusing on CPS design architecture, the framework models and quantifies security attributes by considering various dimensions. The paper demonstrates the integration of qualitative expert inputs into a fuzzy logic system to address the challenges and uncertainties associated with vulnerability data in CPS security quantification. Additionally, it examines the statistical dependence of basic attack steps (BASs) and their impact on the overall system security analysis, taking into account the intricate connectivity of CPS and the vulnerabilities that attackers could exploit. The novelty of the proposed framework lies in its integrated approach to modelling and quantifying cybersecurity attributes in the CPS environment while considering uncertainties in vulnerability data and dependencies between security events. The computation of statistical and stochastic dependencies among BASs is achieved by mapping the attack tree (AT) to a higher statistical model of the Bayesian network (BN) model. The application of this framework was demonstrated using an intelligent glucose monitoring and insulin administration system (IGMIAS). The framework's general nature makes it adaptable for quantifying cybersecurity behaviours in any CPS environment.