Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems During Early System Design

This research contributes to the lifecycle assessment of complex cyber-physical systems (CCPSs) to better understand and mitigate risks of malicious attacks through design. This assessment capability is proposed during the early phase of engineering design where significant decision-making flexibility exists. This is done by assessing potential malicious attacks carried out by humans interacting with the system across all phases of the system’s lifecycle. We propose a novel quantification of an attacker-centric risk, then optimize the large set of attacks using a genetic algorithm. This research is motivated by the increased vulnerability of CCPSs due to their increasingly complex interconnected and digitally connected nature. A specific area of interest for CCPSs has been the increasing degree of connectedness. For example, several recent federal reports indicate that significant risk exists in the design of commercial aircraft where the entertainment system is connected to the avionics through a central network. The result is an increased ability to attack a specific subsystem or component to produce system failure. These findings, as well as others, have led to a significant concern with malicious attacks to target critical components of the CCPS. While assessments can be performed on a CCPS during the later phases of engineering design, techniques are currently not available during the early phase. We propose an assessment technique which is useful to practitioners during conceptual design. In this research, we assess a nuclear power plant as an example CCPS. The resulting methodology provides useful insight to the risks of malicious attacks throughout the system’s lifecycle.

[1]  Dipankar Dasgupta,et al.  Classification of Insider Threat Detection Techniques , 2016, CISRC.

[2]  WEAPON SYSTEM REQUIREMENTS Detailed Systems Engineering Prior to Product Development Positions Programs for Success , 2016 .

[3]  Nikolaos Papakonstantinou,et al.  Modeling of function failure propagation across uncoupled systems , 2015, 2015 Annual Reliability and Maintainability Symposium (RAMS).

[4]  Nikolaos Papakonstantinou,et al.  Security impact assessment of industrial automation systems using genetic algorithm and simulation , 2014, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA).

[5]  Nikolaos Papakonstantinou,et al.  Common cause failure analysis of cyber–physical systems situated in constructed environments , 2013, Research in Engineering Design.

[6]  C. Perrow Fukushima and the inevitability of accidents , 2011 .

[7]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[8]  Thomas M. Chen,et al.  Lessons from Stuxnet , 2011, Computer.

[9]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[10]  Rafal Rohozinski,et al.  Stuxnet and the Future of Cyber War , 2011 .

[11]  Irem Y. Tumer,et al.  Link Between Function-Flow Failure Rates and Failure Modes for Early Design Stage Reliability Analysis , 2011 .

[12]  Eusebi Calle,et al.  A multiple failure propagation model in GMPLS-based networks , 2010, IEEE Network.

[13]  Irem Y. Tumer,et al.  A Graph-Based Fault Identification and Propagation Framework for Functional Design of Complex Systems , 2008 .

[14]  Martí Rosas-Casals,et al.  Robustness of the European power grids under intentional attack. , 2007, Physical review. E, Statistical, nonlinear, and soft matter physics.

[15]  Jeff A. Estefan,et al.  of Model-Based Systems Engineering ( MBSE ) Methodologies , 2008 .

[16]  Kurtoglu Tolga,et al.  Ffip: a Framework for Early Assessment of Functional Failures in Complex Systems , 2007 .

[17]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[18]  Irem Y. Tumer,et al.  The function-failure design method , 2005 .

[19]  Y. Lai,et al.  Cascade-based attacks on complex networks. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[20]  Beom Jun Kim,et al.  Attack vulnerability of complex networks. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[21]  Kristin L. Wood,et al.  Development of a Functional Basis for Design , 2000 .

[22]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[23]  Russell C. Eberhart,et al.  A new optimizer using particle swarm theory , 1995, MHS'95. Proceedings of the Sixth International Symposium on Micro Machine and Human Science.

[24]  J. A. McDermid,et al.  Towards integrated safety analysis and design , 1994, SIAP.

[25]  William E. Lorensen,et al.  Object-Oriented Modeling and Design , 1991, TOOLS.

[26]  P. Slovic Perception of risk. , 1987, Science.