A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie – combining new version of attack tree with bowtie analysis

Abdo, H; Kaouk, Mohamad; Flaus, Jean‐Marie; Masse, François

doi:10.1016/j.cose.2017.09.004

Cited by 132 publications

(79 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In what follows we survey various methods that have been proposed in the literature towards such a threat assessment One straightforward approach for threat assessment is to use a test bed to implement different attacks [217]. Another well-known technique is so-called attack trees, where the attacker's reachable points and possibilities are exhibited on an attack graph [218], [219]. A rich introduction on attack graphs can be found in [219].…”

Section: A Threat Assessmentmentioning

confidence: 99%

A systems and control perspective of CPS security

Dibaji

Pirani

Flamholz

et al. 2019

Annual Reviews in Control

382

191

View full text Add to dashboard Cite

The comprehensive integration of instrumentation, communication, and control into physical systems has led to the study of Cyber-Physical Systems (CPS), a field that has recently garnered increased attention. A key concern that is ubiquitous in CPS is a need to ensure security in the face of cyber attacks. In this paper, we carry out a survey of systems and control methods that have been proposed for the security of CPS. We classify these methods into three categories based on the type of defense proposed against the cyberattacks: prevention, resilience, and detection & isolation. A unified threat assessment metric is proposed in order to evaluate how CPS security is achieved in each of these three cases. Also surveyed are risk assessment tools and the effect of network topology on CPS security. An emphasis has been placed on power and transportation applications in the overall survey. Index Terms-cyber-physical systems, resilient control I. INTRODUCTION Motivated by concerns about sustainability, efficiency, and resiliency, several sectors including energy, transportation, water, and healthcare systems have witnessed significant advances in instrumentation, monitoring, and automation over the past decade. The resulting integration of information, communication, and computation with physically engineered systems demands a detailed investigation into the analysis and synthesis of Cyber-Physical Systems (CPS) so as to realize the desired performance metrics of efficiency, sustainability, and safety. The extensive and intricate presence of cyber components also introduces a vulnerability of unwanted access to these systems. The available communication technologies, referred to as SCADA (Supervisory Control and Data Acquisition), are witnessing significant advances, triggering a shift from protected, closed, and wired networks to open and wireless networks which, as a side effect, are more vulnerable to outside interference.

show abstract

Section: A Threat Assessmentmentioning

confidence: 99%

A systems and control perspective of CPS security

Dibaji

Pirani

Flamholz

et al. 2019

Annual Reviews in Control

382

191

View full text Add to dashboard Cite

show abstract

“…La importancia de procesos de análisis de riesgos adaptados a infraestructuras críticas siguiendo un modelo "Bow Tie" también se presenta por Abdo, H. et al en "A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtiecombining new version of attack tree with bowtie analysis" [29].…”

Section: Yongli Tang Et Al "Information Security Riskunclassified

Revisión Sistemática de Análisis de Riesgos Asociativos y Jerárquicos. Periodo 2014 – 2019

Santos-Olmo¹,

Sánchez²,

Alvarez³

et al. 2020

Seguridad Informática. X Congreso Iberoamericano, CIBSI 2020

View full text Add to dashboard Cite

“…In brief, an attack tree represents attacks in the form of a tree structure [15]. The root of the tree indicates the main event of potential attacks, and it then downlinks to leaf nodes which represent extended attacks (events) [16].…”

Section: Threat Modelmentioning

confidence: 99%

Determining Information Security Threats for an IoT-Based Energy Internet by Adopting Software Engineering and Risk Management Approaches

Chen

Huang

2019

Inventions

View full text Add to dashboard Cite

This paper introduces an information security threat modeling (ISTM) scheme, which leverages the strengths of software engineering and risk management approaches, called I-SERM. The proposed I-SERM scheme effectively and efficiently prioritizes information security threats for IT systems that utilize a large number of sensors, such as Internet of Things (IoT)-based energy systems. I-SERM operations include determining functional components, identifying associated threat types, analyzing threat items, and prioritizing key threats with the use of software engineering tools such as product flow diagrams, use case diagrams, and data flow diagrams. By simultaneously referring to a proposed STRIDE+p matrix and a defined threat breakdown structure with reference score (TBS+r) scheme, the I-SERM approach enables systematic ISTM. To demonstrate the usability of I-SERM, this study presents a practical case aimed at electricity load balancing on a smart grid. In brief, this study indicates a substantive research direction that combines the advantages of software engineering and risk management into a systematic ISTM process. In addition, the demonstration of I-SERM in practice provides a valuable and practical reference for I-SERM application, and contributes to research in the field of information security designs for IoT-based Energy Internet systems. Inventions 2019, 4, 53 2 of 22ISTs, and taking the considerable remedial actions required are important steps that should be taken based on both theoretical and pragmatic consideration.The IoT has become a mainstream of ICT-based technology enabling smarter applications in the fields of facility monitoring and process management (i.e., Industry 4.0), medical areas, etc. IoT technology also makes possible the construction of smart power systems with intelligent energy management applications. Pan et al. [1] designed and implemented an IoT framework for smart energy functions in buildings. Marinakis and Doukas [2] also emphasized the enhancement of IoT-enabled intelligent energy management in buildings. In addition, Ejaz et al. [3] discussed the issue of how to adopt IoT technology to provide efficient energy management in smart cities. Noor-A-Rahim et al. [4] proposed an IoT-based framework to provide reliable communications between renewable energy facilities, remote IoT components, and control centers. These articles indicate that complex IoT-supported systems like smart buildings or cities, with many factors affecting the total energy consumption in different energy application scenarios, have been the focus of much Energy Internet research.Electricity is undoubtedly an indispensable form of energy for modern society. With the trend of rapid urbanization, people have become highly dependent on their use of electricity. As a result, the stability and reliability of the power supply plays a critical role in the operation of modern power systems. In addition to relying on the effective operation of power equipment, an ICT-supported infrastructure platform capable of superviso...

show abstract

A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie – combining new version of attack tree with bowtie analysis

Cited by 132 publications

References 19 publications

A systems and control perspective of CPS security

A systems and control perspective of CPS security

Revisión Sistemática de Análisis de Riesgos Asociativos y Jerárquicos. Periodo 2014 – 2019

Determining Information Security Threats for an IoT-Based Energy Internet by Adopting Software Engineering and Risk Management Approaches

Contact Info

Product

Resources

About