Evaluating the risk of cyber attacks on SCADA systems via Petri net analysis with application to hazardous liquid loading operations

This paper develops an analytic technique for quantifying the risk of computer network operations (CNO) against supervisory control and data acquisition (SCADA) systems. We measure risk in terms of the extent to which an attacker can manipulate process control elements, the consequences due to disruption of the controlled physical process, and the vulnerability of the SCADA system to malicious intrusion. The technique constitutes a novel application of Petri net state coverability analysis coupled with process simulation. As such, this framework permits a formal assessment of candidate policies to manage risk by diminishing aspects of the network vulnerability to intrusion, where the objective is to prevent malicious induction of catastrophic process failure modes. We extend earlier work on Petri nets for attack analysis by developing a detailed methodology including: a new algorithm for the automatic generation of Petri nets from the description of a SCADA network and its vulnerabilities; metrics for quantifying risk as a function of a Petri net's state; techniques for evaluating these metrics based on a Petri net's minimal coverability set; and a method for coupling the Petri net representation of the SCADA network to the controlled processes for failure mode and effects assessment. The paper concludes by presenting an example application of the analysis technique to evaluate the security of a hazardous liquid loading process.

[1]  Chuei-Tin Chang,et al.  Petri-Net models for risk analysis of hazardous liquid loading operations , 2002 .

[2]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[3]  Ole Martin Dahl,et al.  Using Coloured Petri Nets in Penetration Testing , 2005 .

[4]  Matthew Henry,et al.  Risk Analysis in Interdependent Infrastructures , 2007, Critical Infrastructure Protection.

[5]  Yacov Y. Haimes,et al.  Journal of Homeland Security and Emergency Management A Roadmap for Quantifying the Efficacy of Risk Management of Information Security and Interdependent , 2011 .

[6]  Richard M. Karp,et al.  Parallel Program Schemata , 1969, J. Comput. Syst. Sci..

[7]  Miles A. McQueen,et al.  Time-to-Compromise Model for Cyber Risk Reduction Estimation , 2006, Quality of Protection.

[8]  R. Keeney,et al.  Acceptable Risk , 1986, IEEE Transactions on Reliability.

[9]  Zhenyu Yan,et al.  Analysis of Interdependencies and Risk in Oil & Gas Infrastructure Systems , 2007 .

[10]  Javier Esparza,et al.  Decidability and Complexity of Petri Net Problems - An Introduction , 1996, Petri Nets.

[11]  Xia Wang,et al.  Software fault tree and coloured Petri net-based specification, design and implementation of agent-based intrusion detection systems , 2007, Int. J. Inf. Comput. Secur..

[12]  Jean-François Raskin,et al.  A counter-example to the minimal coverability tree algorithm , 2005 .

[13]  Alain Finkel,et al.  The Minimal Coverability Graph for Petri Nets , 1991, Applications and Theory of Petri Nets.

[14]  James P. McDermott,et al.  Attack net penetration testing , 2001, NSPW '00.

[15]  Yacov Y Haimes,et al.  A comprehensive Network Security Risk Model for process control networks. , 2009, Risk analysis : an official publication of the Society for Risk Analysis.

[16]  D. Peterson,et al.  OPC Security White Paper # 2 OPC Exposed , 2007 .

[17]  Wei Chen,et al.  Colored Petri Net Based Attack Modeling , 2003, RSFDGrC.

[18]  Wolfgang Reisig Petri Nets: An Introduction , 1985, EATCS Monographs on Theoretical Computer Science.

[19]  Helko Lehmann,et al.  Solving coverability problems of petri nets by partial deduction , 2000, PPDP '00.

[20]  E. Byres,et al.  The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems , 2004 .

[21]  Jean-François Raskin,et al.  On the Efficient Computation of the Minimal Coverability Set for Petri Nets , 2007, ATVA.

[22]  Miles A. McQueen,et al.  Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).