Quantitative Risk Assessment of Cyber Attacks on Cyber-Physical Systems using Attack Graphs

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

7 Citations (Scopus)
85 Downloads (Pure)

Abstract

Over the past decade, the number of cyber attack incidents targeting critical infrastructures such as the electrical power system has increased. To assess the risk of cyber attacks on the cyber-physical system, a holistic approach is needed that considers both system layers. However, the existing risk assessment methods are either qualitative in nature or employ probabilistic models to study the impact on only one system layer. Hence, in this work, we propose a quantitative risk assessment method for cyber-physical systems based on probabilistic and deterministic techniques. The former uses attack graphs to evaluate the attack likelihood, while the latter analyzes the potential cyber-physical impact. This is achieved through a dynamic cyber-physical power system model, i.e., digital twin, able to simulate power system cascading failures caused by cyber attacks. Additionally, we propose a domain-specific language to describe the assets of digital substations and thereby model the attack graphs. Using the proposed method, combined risk metrics are calculated that consider the likelihood and impact of cyber threat scenarios. The risk assessment is conducted using the IEEE 39-bus system, consisting of 27 user-defined digital substations. These substations serve as the backbone of the examined cyber system layer and as entry-points for the attackers. Results indicate that cyber attacks on specific substations can cause major cascading failures or even a blackout. Thereby, the proposed method identifies the most critical substations and assets that must be cyber secured.
Original languageEnglish
Title of host publication2022 10th Workshop on Modelling and Simulation of Cyber-Physical Energy Systems (MSCPES)
PublisherIEEE
Pages1-6
Number of pages6
ISBN (Electronic)978-1-6654-6865-7
ISBN (Print)978-1-6654-6866-4
DOIs
Publication statusPublished - 2022
Event2022 10th Workshop on Modelling and Simulation of Cyber-Physical Energy Systems (MSCPES) - Milan, Italy
Duration: 3 May 20223 May 2022

Workshop

Workshop2022 10th Workshop on Modelling and Simulation of Cyber-Physical Energy Systems (MSCPES)
Country/TerritoryItaly
CityMilan
Period3/05/223/05/22

Bibliographical note

Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care

Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

  • attack graphs
  • cyber-physical systems
  • digital twin
  • cyber attacks
  • risk assessment

Fingerprint

Dive into the research topics of 'Quantitative Risk Assessment of Cyber Attacks on Cyber-Physical Systems using Attack Graphs'. Together they form a unique fingerprint.

Cite this