Visible to the public Towards Optimal Cyber Defense Remediation in Cyber Physical Systems by Balancing Operational Resilience and Strategic Risk

TitleTowards Optimal Cyber Defense Remediation in Cyber Physical Systems by Balancing Operational Resilience and Strategic Risk
Publication TypeConference Paper
Year of Publication2019
AuthorsHasan, Kamrul, Shetty, Sachin, Hassanzadeh, Amin, Ullah, Sharif
Conference NameMILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)
Date Publishednov
KeywordsCPS Resilience, cyber physical systems, cyber threats, Cyber-physical systems, Damage Assessment, data-driven attack graph, Erbium, fault graph-based model, graph theory, information technology, operational impact assessment, Operational Resilience, operational technology, optimal cyber defense remediation, pubcrawl, random system faults, resilience, Resiliency, Resource management, risk analysis, risk management, Safety, security, security of data, Servers, software fault tolerance, Software Vulnerability, tactical risk
Abstract

A prioritized cyber defense remediation plan is critical for effective risk management in cyber-physical systems (CPS). The increased integration of Information Technology (IT)/Operational Technology (OT) in CPS has to lead to the need to identify the critical assets which, when affected, will impact resilience and safety. In this work, we propose a methodology for prioritized cyber risk remediation plan that balances operational resilience and economic loss (safety impacts) in CPS. We present a platform for modeling and analysis of the effect of cyber threats and random system faults on the safety of CPS that could lead to catastrophic damages. We propose to develop a data-driven attack graph and fault graph-based model to characterize the exploitability and impact of threats in CPS. We develop an operational impact assessment to quantify the damages. Finally, we propose the development of a strategic response decision capability that proposes optimal mitigation actions and policies that balances the trade-off between operational resilience (Tactical Risk) and Strategic Risk.

DOI10.1109/MILCOM47813.2019.9021076
Citation Keyhasan_towards_2019