Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies
File(s)1-s2.0-S2214212619311342-main.pdf (3.11 MB)
Published version
Publication available at
Author(s)
Barrere, M
Hankin, C
Nicolau, N
Eliades, D
Parisini, T
Type
Journal Article
Abstract
In recent years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical attacks, having massive destructive consequences. Security metrics are therefore essential to assess and improve their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs and hypergraphs which is able to efficiently identify the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our tool, META4ICS (pronounced as metaphorics), leverages state-of-the-art methods from the field of logical satisfiability optimisation and MAX-SAT techniques in order to achieve efficient computation times. In addition, we present a case study where we have used our system to analyse the security posture of a realistic Water Transport Network (WTN).
Date Issued
2020-06-01
Date Acceptance
2020-02-20
ISSN
2214-2126
Publisher
Elsevier
Start Page
1
End Page
17
Journal / Book Title
Journal of Information Security and Applications
Volume
52
Copyright Statement
© 2020 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY license. (http://creativecommons.org/licenses/by/4.0/)
Sponsor
Horizon2020
Identifier
https://www.elsevier.com/
https://www.imperial.ac.uk/people/m.barrere
Grant Number
Project ID: 739551
Subjects
Security metric
Industrial control systems
Cyber-physical systems
AND/OR graphs
Hypergraphs
MAX-SAT resolution
Publication Status
Published
Article Number
ARTN 102471
Date Publish Online
2020-05-12