Cyber-Physical System (CPS) is a system of system which integrates physical system with cyber capability in order to improve the physical performance. It is being widely used in areas closely related to national economy and people's livelihood, therefore CPS security problems have drawn a global attention and an appropriate risk assessment for CPS is in urgent need. Existing risk assessment for CPS always focuses on the reliability assessment, using Probability Risk Assessment (PRA). In this way, the assessment of physical part and cyber part is isolated as PRA is difficult to quantify the risks from the cyber world. Methodologies should be developed to assess the both parts as a whole system, considering this integrated system has a high coupling between the physical layer and cyber layer. In this paper, a risk assessment idea for CPS with the use of attack tree is proposed. Firstly, it presents a detailed description about the threat and vulnerability attributes of each leaf in an attack tree and tells how to assign value to its threat and vulnerability vector. Then this paper focuses on calculating the threat and vulnerability vector of an attack path with the use of the leaf vector values. Finally, damage is taken into account and an idea to calculate the risk value of the whole attack path is given.
[1]
Chen-Ching Liu,et al.
Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees
,
2007,
2007 IEEE Power Engineering Society General Meeting.
[2]
Sandip C. Patel,et al.
Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements
,
2008,
Int. J. Inf. Manag..
[3]
Richard A. Raines,et al.
A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees
,
2007
.
[4]
E. Byres,et al.
The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems
,
2004
.