In quest of benchmarking security risks to cyber-physical systems

Author

Amin, Saurabh ; Schwartz, Galina A. ; Hussain, Amir

Author_Institution

Dept. of Civil & Environ. Eng., Massachusetts Inst. of Technol., Cambridge, MA, USA

Volume

27

Issue

1

fYear

2013

fDate

January-February 2013

Firstpage

19

Lastpage

24

Abstract

We present a generic yet practical framework for assessing security risks to cyber-physical systems (CPSs). Our framework can be used to benchmark security risks when information is less than perfect, and interdependencies of physical and computational components may result in correlated failures. Such environments are prone to externalities, and can cause huge societal losses. We focus on the risks that arise from interdependent reliability failures (faults) and security failures (attacks). We advocate that a sound assessment of these risks requires explicit modeling of the effects of both technology-based defenses and institutions necessary for supporting them. Thus, we consider technology-based security defenses grounded in information security tools and fault-tolerant control in conjunction with institutional structures. Our game-theoretic approach to estimating security risks facilitates more effective defenses, especially against correlated failures.

Keywords

failure analysis; fault tolerance; game theory; reliability; risk management; security of data; CPS; benchmarking security risk assessment; cyber-physical systems; fault-tolerant control; game-theoretic approach; information security tools; interdependent reliability failures; security failures; technology-based security defenses; Benchmark testing; Computer crime; Comupter security; Investments; Network security; Reliability; Risk management; Supervisory control;

fLanguage

English

Journal_Title

Network, IEEE

Publisher

ieee

ISSN

0890-8044

Type

jour

DOI

10.1109/MNET.2013.6423187

Filename

6423187