Barrere, MartinMartinBarrereHankin, chrischrisHankinNicolau, nicolasnicolasNicolauEliades, DemetriosDemetriosEliadesParisini, ThomasThomasParisini2020-04-172020-06-01Journal of Information Security and Applications, 2020, 52, pp.1-172214-2126http://hdl.handle.net/10044/1/78054In recent years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical attacks, having massive destructive consequences. Security metrics are therefore essential to assess and improve their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs and hypergraphs which is able to efficiently identify the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our tool, META4ICS (pronounced as metaphorics), leverages state-of-the-art methods from the field of logical satisfiability optimisation and MAX-SAT techniques in order to achieve efficient computation times. In addition, we present a case study where we have used our system to analyse the security posture of a realistic Water Transport Network (WTN).© 2020 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY license. (http://creativecommons.org/licenses/by/4.0/)Security metricIndustrial control systemsCyber-physical systemsAND/OR graphsHypergraphsMAX-SAT resolutionJournal Articlehttps://www.dx.doi.org/10.1016/j.jisa.2020.102471https://www.elsevier.com/Project ID: 739551