Conference paper Open Access

Attack path analysis and cost-efficient selection of cybersecurity controls for complex cyberphysical systems

Spathoulas, Georgios; Kavallieratos, Georgios; Katsikas, Sokratis; Baiocco, Alessio

The increasing integration of information technology with operational technology leads to the formation of Cyber-Physical Systems (CPSs) that intertwine physical and cyber components and connect to each other. This interconnection enables the offering of functionality beyond the combined offering of each individual component, but at the same time increases the cyber risk of the overall system, as such risk propagates between and aggregates at component systems. The complexity of the resulting systems in many cases leads to difficulty in analyzing cyber risk. Additionally, the selection of cybersecurity controls that will effectively and efficiently treat the cyber risk is commonly performed manually, or at best with limited automated decision support. In this paper, we extend our previous work in [1] to analyze attack paths between CPSs on one hand, and we improve the method proposed therein for selecting a set of security controls that minimizes both the residual risk and the cost of implementation. We use the DELTA demand-response management platform for the energy market stakeholders such as Aggregators and Retailers [2] as a use case to illustrate the workings of the proposed approaches. The results are sets of cybersecurity controls applied to those components of the overall system that have been identified to lie in those attack paths that have been identified as most critical among all the identified attack paths.

Files (517.4 kB)
Name Size
CyberICPS_2021_paper_10 (2).pdf
md5:f6c296e0e60bd2ae2b77990e05248ec1
517.4 kB Download
22
11
views
downloads
All versions This version
Views 2222
Downloads 1111
Data volume 5.7 MB5.7 MB
Unique views 1919
Unique downloads 1111

Share

Cite as