Abstract
Cyber-attack attempts against critical infrastructure have been increasing in recent years. In the event of a successful cyber-attack on critical infrastructure, the potential for wide-spread loss of access to a critical resource, like electricity, is high. Automated and adversary-aware risk assessment approaches may be useful in defending the nation’s critical infrastructure. In previous publications, one such approach, HESTIA, was presented. HESTIA stands for High-level, Extensible System for Training and Infrastructure risk Assessment, which is a semi-automatic, adversarial- and specification-based risk assessment system. HESTIA takes a system specification and subjects it to specifications of attack and hardening scenarios to generate a new specification, which can be used for risk assessment of the system. This paper formalizes a part of HESTIA process. We also discuss about HESTIA’s planned utilization.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
