Threat Modeling of Cyber-Physical Systems - A Case Study of a Microgrid System

Khalil, Shaymaa Mamdouh; Bahşi, Hayretdin; Dola, Henry Ochieng’; Korõtko, Tarmo; McLaughlin, Kieran; Kotkas, Vahur

doi:10.1016/j.cose.2022.102950

Cited by 24 publications

(15 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Theory suggests "Reducing the opportunities for cybercrime to occur, making cybercrime more difficult to commit and by increasing the risks of detection and punishment associated with committing cybercrime" (Choo 2011, 719). Scholars mentioned "cyber threat modelling" as "an analytical process that is used for identifying the potential threats against a system and supporting the selection of security requirements in the early stages of the system development life cycle" (Mamdouh Khalil et al 2023).…”

Section: Methodology and Theoretical Frameworkmentioning

confidence: 99%

Various types of cyber threats

Luknar,

Jovanović

2024

Srpska politička misao

View full text Add to dashboard Cite

Security of the Internet and online communication has become an essential challenge in contemporary world. Paper discusses different types of cyber threats: cyber-attack, cyber terrorism and cybercrime. Individuals, companies and the states rely their communication and daily functioning on information and communication technologies (ICT). The purpose of the study is to highlight importance of the ICT safety use by pointing to seriousness of the cyber threats. The main methods applied in paper to examine published scientific materials are: inductive and deductive method, analytical and synthesis method, hypothetical-deductive method and method of content analysis. Results of the study indicate need for actively dealing with cyber threats. The intent of this study is both to inform and raise awareness of cyber threats within the communities. Findings of the study contribute to the broader knowledge in research area.

show abstract

Section: Methodology and Theoretical Frameworkmentioning

confidence: 99%

Various types of cyber threats

Luknar,

Jovanović

2024

Srpska politička misao

View full text Add to dashboard Cite

show abstract

“…Here, the authors examined the benefits of Software-Defined Networking (SDN) in creating coordinated intrusion response plans for ICS and provided a taxonomy of intrusion response plans. The adaptation of threat modeling for ICSs is summarized by Khalil et al [56] through comprehensive literature evaluation, provided their vulnerability to cyberattacks that can have severe consequences. The study emphasizes the significance of strategic frameworks covering security, privacy, and improved validation metrics in ICS threat modeling approaches.…”

Section: Volume mentioning

confidence: 99%

Communications Security in Industry X: A Survey

Ahmad,

Rodriguez,

Kumar

et al. 2024

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

Industry 4.0 is moving towards deployment using 5G as one of the main underlying communication infrastructures. Thus, the vision of the Industry of the future is getting more attention in research. Industry X (InX) is a significant thrust beyond the state-of-the-art of current Industry 4.0, towards a mix of cyber and physical systems through novel technological developments. In this survey, we define InX as the combination of Industry 4.0 and 5.0 paradigms. Most of the novel technologies, such as cyber-physical systems, industrial internet of things, machine learning, advances in cloud computing, such as edge and fog computing, and blockchain, to name a few, are converged through advanced communication networks. Since communication networks are usually targeted for security attacks, these new technologies upon which InX relies must be secured to avoid security vulnerabilities propagating into InX and its components. Therefore, in this article, we break down the security concerns of the converged InXcommunication networks into the core technologies that tie these, once considered distinct, fields together. The security challenges of each technology are highlighted and potential solutions are discussed. The existing vulnerabilities or research gaps are brought forth to stir further research in this direction. New emerging visions in the context of InX are provided towards the end of the article to provoke further curiosity of researchers.

show abstract

“…Cyber-physical systems, in contrast to software-based ones, have a wider range of hardware, software, and communication components that perform a physical task, necessitating the involvement of a wider range of stakeholder groups, such as operators dealing with physical processes or more heterogeneous development teams with different backgrounds in addition to IT or OT system operators. Consequently, threat modelling techniques, which have primarily been created for software, should be modified to account for the stakeholder structure of CPS systems [11]. Threat models are methods or frameworks for identifying, analysing, and proposing security control countermeasures for threats and their capabilities.…”

Section: Related Workmentioning

confidence: 99%

Security and Safety in Cyber-Physical System (CPS): An Inclusive Threat Model

Mardiana Mohamad Noor,

Ali Selamat,

Nurulakmar Abu Husain

et al. 2024

ARASET

View full text Add to dashboard Cite

A Cyber-Physical System (CPS) is a combination of computational algorithms and physical processes that are integrated together. Cyber-Physical Systems (CPS) integrate computer and communication capabilities with the monitoring and management of physical parts, establishing a mutually beneficial interaction between the cyber and physical components. Industrial Control System (ICS) is one example of CPS which integrates the physical (OT) and cyber domains (IT), which makes them more vulnerable to attacks. Two essential characteristics of Cyber-Physical Systems (CPS) are safety and security. Threat models are methods for identifying, analysing, and proposing security control countermeasures for threats and their capabilities. However, the threat model methods which are used for the traditional IT systems are not sufficient as they do not include the physical interactions, consequences and impacts to the safety aspects in the Operational Technology (OT). On the other hand, a risk assessment analyses attack scenario, examines cybersecurity from the attacker's point of view, and gives cost-benefit data to support the expenditure on security measures. This study proposes an inclusive attacker’s centric threat model and pro-active risk assessment model for CPS using Mamdani Fuzzy Inference System (FIS). The outcomes of the threat model prove that the lateral propagation of the threat is possible and threat may also propagate from the CPS assets to the IT segment. The risk assessment by using FIS shown that the safety and security risk for the CPS is significant and calculated as medium level. Hence, the risk factors that are considered in calculating the overall risk for a CPS need to be immediately addressed and mitigated.

show abstract

Threat Modeling of Cyber-Physical Systems - A Case Study of a Microgrid System

Cited by 24 publications

References 20 publications

Various types of cyber threats

Various types of cyber threats

Communications Security in Industry X: A Survey

Security and Safety in Cyber-Physical System (CPS): An Inclusive Threat Model

Contact Info

Product

Resources

About