Towards Optimal Cyber Defense Remediation in Cyber Physical Systems by Balancing Operational Resilience and Strategic Risk
Title | Towards Optimal Cyber Defense Remediation in Cyber Physical Systems by Balancing Operational Resilience and Strategic Risk |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Hasan, Kamrul, Shetty, Sachin, Hassanzadeh, Amin, Ullah, Sharif |
Conference Name | MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM) |
Date Published | nov |
Keywords | CPS Resilience, cyber physical systems, cyber threats, Cyber-physical systems, Damage Assessment, data-driven attack graph, Erbium, fault graph-based model, graph theory, information technology, operational impact assessment, Operational Resilience, operational technology, optimal cyber defense remediation, pubcrawl, random system faults, resilience, Resiliency, Resource management, risk analysis, risk management, Safety, security, security of data, Servers, software fault tolerance, Software Vulnerability, tactical risk |
Abstract | A prioritized cyber defense remediation plan is critical for effective risk management in cyber-physical systems (CPS). The increased integration of Information Technology (IT)/Operational Technology (OT) in CPS has to lead to the need to identify the critical assets which, when affected, will impact resilience and safety. In this work, we propose a methodology for prioritized cyber risk remediation plan that balances operational resilience and economic loss (safety impacts) in CPS. We present a platform for modeling and analysis of the effect of cyber threats and random system faults on the safety of CPS that could lead to catastrophic damages. We propose to develop a data-driven attack graph and fault graph-based model to characterize the exploitability and impact of threats in CPS. We develop an operational impact assessment to quantify the damages. Finally, we propose the development of a strategic response decision capability that proposes optimal mitigation actions and policies that balances the trade-off between operational resilience (Tactical Risk) and Strategic Risk. |
DOI | 10.1109/MILCOM47813.2019.9021076 |
Citation Key | hasan_towards_2019 |
- pubcrawl
- tactical risk
- Software Vulnerability
- software fault tolerance
- Servers
- security of data
- security
- Safety
- risk management
- risk analysis
- resource management
- Resiliency
- resilience
- random system faults
- CPS resilience
- optimal cyber defense remediation
- operational technology
- Operational Resilience
- operational impact assessment
- information technology
- graph theory
- fault graph-based model
- Erbium
- data-driven attack graph
- Damage Assessment
- cyber-physical systems
- cyber threats
- cyber physical systems