Ani, UD;
He, H;
Tiwari, A;
(2020)
Vulnerability-Based Impact Criticality Estimation for Industrial Control Systems.
In:
Proceedings of the 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security).
The Institute of Electrical and Electronics Engineers (IEEE)
Preview |
Text
Uani_CameraReady-CyberScience2020_Submitted.pdf - Accepted Version Download (822kB) | Preview |
Abstract
Cyber threats directly affect the critical reliability and availability of modern Industry Control Systems (ICS) in respects of operations and processes. Where there are a variety of vulnerabilities and cyber threats, it is necessary to effectively evaluate cyber security risks, and control uncertainties of cyber environments, and quantitative evaluation can be helpful. To effectively and timely control the spread and impact produced by attacks on ICS networks, a probabilistic Multi-Attribute Vulnerability Criticality Analysis (MAVCA) model for impact estimation and prioritised remediation is presented. This offer a new approach for combining three major attributes: vulnerability severities influenced by environmental factors, the attack probabilities relative to the vulnerabilities, and functional dependencies attributed to vulnerability host components. A miniature ICS testbed evaluation illustrates the usability of the model for determining the weakest link and setting security priority in the ICS. This work can help create speedy and proactive security response. The metrics derived in this work can serve as sub-metrics inputs to a larger quantitative security metrics taxonomy; and can be integrated into the security risk assessment scheme of a larger distributed system.
| Type: | Proceedings paper |
|---|---|
| Title: | Vulnerability-Based Impact Criticality Estimation for Industrial Control Systems |
| Event: | 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security) |
| Location: | Dublin, Ireland |
| Dates: | 15th-19th June 2020 |
| ISBN-13: | 978-1-7281-6428-1 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1109/cybersecurity49315.2020.9138886 |
| Publisher version: | https://doi.org/10.1109/CyberSecurity49315.2020.91... |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher's terms and conditions. |
| Keywords: | Cybersecurity, Functional Dependency, Industrial Control System (ICS), ICS Security, Security Criticality Analysis, Security Impact Analysis, Vulnerability Analysis |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > STEaPP |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10108350 |
Archive Staff Only
 |
View Item |
