STRIDE-based threat modeling for cyber-physical systems

Critical infrastructures and industrial control systems are complex Cyber-Physical Systems (CPS). To ensure reliable operations of such systems, comprehensive threat modeling during system design and validation is of paramount significance. Previous works in literature mostly focus on safety, risks and hazards in CPS but lack effective threat modeling necessary to eliminate cyber vulnerabilities. Further, impact of cyber attacks on physical processes is not fully understood. This paper presents a comprehensive threat modeling framework for CPS using STRIDE, a systematic approach for ensuring system security at the component level. This paper first devises a feasible and effective methodology for applying STRIDE and then demonstrates it against a real synchrophasor-based synchronous islanding testbed in the laboratory. It investigates (i) what threat types could emerge in each system component based on the security properties lacking, and (ii) how a vulnerability in a system component risks the entire system security. The paper identifies that STRIDE is a light-weight and effective threat modeling methodology for CPS that simplifies the task for security analysts to identify vulnerabilities and plan appropriate component level security measures at the system design stage.

[1]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[2]  Trevor A. Kletz,et al.  Hazop & Hazan: Identifying and Assessing Process Industry Hazards, Fouth Edition , 1999 .

[3]  Roger L. King,et al.  Cybersecurity risk testing of substation phasor measurement units and phasor data concentrators , 2011, CSIIRW '11.

[4]  Thoshitha T. Gamage,et al.  Security Implications of Transport Layer Protocols in Power Grid Synchrophasor Data Communication , 2016, IEEE Transactions on Smart Grid.

[5]  Paul Smith,et al.  Data Integrity Attacks in Smart Grid Wide Area Monitoring , 2016, ICS-CSR.

[6]  Steve Lipner,et al.  Security development lifecycle , 2010, Datenschutz und Datensicherheit - DuD.

[7]  Martin W. Gerdes,et al.  A STRIDE-Based Threat Model for Telehealth Systems , 2015 .

[8]  Eduardo B. Fernández,et al.  Threat Modeling in Cyber-Physical Systems , 2016, 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[9]  Sakir Sezer,et al.  IEEE C37.118-2 Synchrophasor Communication Framework - Overview, Cyber Vulnerabilities Analysis and Performance Evaluation , 2016, ICISSP.

[10]  Luigi Coppolino,et al.  Exposing vulnerabilities in electric power grids: An experimental approach , 2014, Int. J. Crit. Infrastructure Prot..

[11]  Rafal Rohozinski,et al.  Stuxnet and the Future of Cyber War , 2011 .

[12]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[13]  Nancy G. Leveson,et al.  Inside Risks An Integrated Approach to Safety and Security Based on Systems Theory , 2013 .

[14]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[15]  Peter Maynard,et al.  Threat Analysis of BlackEnergy Malware for Synchrophasor based Real-time Control and Monitoring in Smart Grid , 2016, ICS-CSR.

[16]  Todd E. Humphreys,et al.  Evaluation of the vulnerability of phasor measurement units to GPS spoofing attacks , 2012, Int. J. Crit. Infrastructure Prot..

[17]  Joe H. Chow,et al.  Real-time detection of packet drop attacks on synchrophasor data , 2014, 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[18]  Sergiu Stelian Iliescu,et al.  Synchrophasors Applications in Power System Monitoring, Protection and Control , 2015, 2015 20th International Conference on Control Systems and Computer Science.

[19]  Paul Smith,et al.  A Cyber-Physical Security Analysis of Synchronous-Islanded Microgrid Operation , 2015, ICS-CSR.

[20]  H. C. Wilson,et al.  Hazop and Hazan: Identifying and Assessing Process Industry Hazards, 4th edition , 2001 .

[21]  Eric Armengaud,et al.  SAHARA: A security-aware hazard and risk analysis method , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[22]  Sakir Sezer,et al.  STPA-SafeSec: Safety and security analysis for cyber-physical systems , 2017, J. Inf. Secur. Appl..

[23]  Sakir Sezer,et al.  Analysis of IEEE C37.118 and IEC 61850-90-5 synchrophasor communication frameworks , 2016, 2016 IEEE Power and Energy Society General Meeting (PESGM).

[24]  Luigi Vanfretti,et al.  The OpenPMU Project: Challenges and perspectives , 2013, 2013 IEEE Power & Energy Society General Meeting.