Identifying Security-Critical Cyber-Physical Components in Industrial Control Systems

by   Martín Barrère, et al.

In recent years, Industrial Control Systems (ICS) have become an appealing target for cyber attacks, having massive destructive consequences. Security metrics are therefore essential to assess their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs that represent cyber-physical dependencies among network components. Our metric is able to efficiently identify sets of critical cyber-physical components, with minimal cost for an attacker, such that if compromised, the system would enter into a non-operational state. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MAX-SAT problem. Our tool, META4ICS, leverages state-of-the-art techniques from the field of logical satisfiability optimisation in order to achieve efficient computation times. Our experimental results indicate that the proposed security metric can efficiently scale to networks with thousands of nodes and be computed in seconds. In addition, we present a case study where we have used our system to analyse the security posture of a realistic water transport network. We discuss our findings on the plant as well as further security applications of our metric.


page 1

page 2

page 3

page 4


Assessing Cyber-Physical Security in Industrial Control Systems

Over the last years, Industrial Control Systems (ICS) have become increa...

MaxSAT Evaluation 2019 – Benchmark: Identifying Security-Critical Cyber-Physical Components in Weighted AND/OR Graphs

This paper presents a MaxSAT benchmark focused on identifying critical n...

Anomaly-Based Intrusion Detection System for Cyber-Physical System Security

Over the past decade, industrial control systems have experienced a mass...

NoiSense: Detecting Data Integrity Attacks on Sensor Measurements using Hardware based Fingerprints

In recent years fingerprinting of various physical and logical devices h...

A Security Cost Modelling Framework for Cyber-Physical Systems

Cyber-Physical Systems (CPS) are formed through interconnected component...

Towards a Networks-of-Networks Framework for Cyber Security

Networks-of-networks (NoN) is a graph-theoretic model of interdependent ...

A Distributed Hierarchy Framework for Enhancing Cyber Security of Control Center Applications

Recent cyber-attacks on power grids highlight the necessity to protect t...

Please sign up or login with your details

Forgot password? Click here to reset