Optimally scheduled interventions in the presence of vulnerabilities for modern cyber-physical systems

A large variety of modern technologies fade the borders between the cyber and the physical worlds. Nonetheless, the two-dimensional architecture of cyber-physical systems also enabled the proliferation of innovative attacks where traditional computer systems malware caused significant damages to physical infrastructures, such as the power grid. In this work, we propose a methodology that provides optimal intervention strategies for fixing vulnerabilities discovered in production cyber-physical systems. The main goal of the technique is to decrease the risk of vulnerabilities being exploited by malicious actors, by leveraging risk modeling together with advanced job scheduling algorithms. The proposal is evaluated through use-cases from the healthcare domain.

[1]  Robert McNaughton,et al.  Scheduling with Deadlines and Loss Functions , 1959 .

[2]  W. Townsend The Single Machine Problem with Quadratic Penalty Function of Completion Times: A Branch-and-Bound Solution , 1978 .

[3]  Joakim Öjendal,et al.  The Security-Development Nexus: Exploring the Security-Development Nexus , 2012 .

[4]  A. Gligor,et al.  An Approach for Cyber Security Experimentation Supporting Sensei / IoT for Smart Grid , 2014 .

[5]  Béla Genge,et al.  Designing Optimal and Resilient Intrusion Detection Architectures for Smart Grids , 2017, IEEE Transactions on Smart Grid.

[6]  TU MarioHermann Design Principles for Industrie 4 . 0 Scenarios , 2015 .

[7]  Ghasem Moslehi,et al.  A branch-and-bound algorithm for single machine scheduling with quadratic earliness and tardiness penalties , 2012, Comput. Oper. Res..

[8]  Mark Hagerott,et al.  Stuxnet and the vital role of critical infrastructure operators and engineers , 2014, Int. J. Crit. Infrastructure Prot..

[9]  P. C. Bagga,et al.  Note-A Node Elimination Procedure for Townsend's Algorithm for Solving the Single Machine Quadratic Penalty Function Scheduling Problem , 1980 .

[10]  Béla Genge,et al.  Using Sensitivity Analysis and Cross-Association for the Design of Intrusion Detection Systems in Industrial Cyber-Physical Systems , 2017, IEEE Access.

[11]  Sushil K. Gupta,et al.  Note—On the Single Machine Scheduling Problem with Quadratic Penalty Function of Completion Times: An Improved Branching Procedure , 1984 .

[12]  野口 和彦 AS/NZS 4360:2004とRisk management-ISO NWIPについて : リスクマネジメント規格の動向(リスクマネジメントとその手法について) , 2005 .

[13]  Bela Genge,et al.  Security Assessment of Modern Data Aggregation Platforms in the Internet of Things , 2015 .

[14]  CYBER SECURITY ASSESSMENTS OF INDUSTRIAL CONTROL SYSTEMS A GOOD PRACTICE , 2011 .

[15]  T. C. Edwin Cheng,et al.  Parallel machine scheduling to minimize the sum of quadratic completion times , 2004 .

[16]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .