Abstract
Over the last years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical threats. Efficient models and techniques able to capture their complex structure and identify critical cyber-physical components are therefore essential. AND/OR graphs have proven very useful in this context as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. In addition, ICS settings normally involve various cyber and physical security measures that simultaneously protect multiple ICS components in overlapping manners, which makes this problem even harder. In this paper, we present an extended security metric based on AND/OR hypergraphs which efficiently identifies the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our approach relies on MAX-SAT techniques, which we have incorporated in META4ICS, a Java-based security metric analyser for ICS. We also provide a thorough performance evaluation that shows the feasibility of our method. Finally, we illustrate our methodology through a case study in which we analyse the security posture of a realistic Water Transport Network (WTN).
Highlights
For many decades, Industrial Control Systems (ICS) such as water treatment plants, energy, oil, gas plants, and others, have been safely operated in isolation from the external world
Our main contributions are: (1) a mathematical model able to represent multiple overlapping security measures over complex AND/OR dependency graphs for ICS environments, (2) an efficient security metric to identify critical cyber-physical components and security measures, (3) an implementation prototype based on META4ICS (META4ICS (2019)), (4) an extensive experimental evaluation on performance and scalability aspects, and (5) a case study conducted on a realistic water transport network that shows the applicability of our security metric
Our case study is focused on water transport networks (WTNs) where we examine the applicability of our approach over real Water Transport Network (WTN) typically deployed in European countries
Summary
Industrial Control Systems (ICS) such as water treatment plants, energy, oil, gas plants, and others, have been safely operated in isolation from the external world. With the advent of the Internet, new convenient IT-based control mechanisms, and highly interconnected networks, ICS environments have become an appealing target for malicious actors. Cyber attacks on these systems can have devastating consequences such as flooding, blackouts, or even nuclear disasters (Humayed et al (2017)). We present a novel approach based on AND/OR hypergraphs that is able to efficiently identify the set of critical components and security measures, with the lowest compromise cost (effort) for an attacker, whose violation would imply an operational disruption to the ICS system. Our main contributions are: (1) a mathematical model able to represent multiple overlapping security measures over complex AND/OR dependency graphs for ICS environments, (2) an efficient security metric to identify critical cyber-physical components and security measures, (3) an implementation prototype based on META4ICS (META4ICS (2019)), (4) an extensive experimental evaluation on performance and scalability aspects, and (5) a case study conducted on a realistic water transport network that shows the applicability of our security metric
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have