Attack graph-based stochastic modeling approach for enabling cybersecure semiconductor wafer fabrication

Abstract

The increasing interconnectivity between information technology (IT) and operational technology (OT) has brought numerous benefits to advanced manufacturing, including the semiconductor industry, by enhancing the quality and by reducing the costs of wafer and integrated circuits (IC) fabrication. However, the transition of the semiconductor industry to secure digital manufacturing has also increased the importance of safeguarding networked assets from cybercriminals. To this end, a flexible scheme is developed in this paper to model wafer fabrication as a directed attack graph. This graph representation is then used as the basis of a two-stage stochastic programming model that considers uncertainty in attack probabilities while minimizing expected cyber risk by employing optimal, budget-constrained countermeasures (i.e., arc interdiction strategies). A sample average approximation coupled with a progressive hedging algorithm or Bender’s decomposition are proposed. Numerical experiments are performed to assess the viability of the proposed solution algorithms, the optimal arc interdiction strategies under various budget levels, and the effect of attack probability mappings. The results indicate that computing terminals nearest the manufacturing process have the highest defense priority and that the sample average approximation coupled with a progressive hedging algorithm is a suitable hybrid solution procedure for large instances when compared with sample average approximation coupled with Benders.