The ability to network machinery and devices that are otherwise isolated is highly attractive to industry. This has led to growth in the use of cyber-physical systems (CPSs) with existing infrastructure. However, coupling physical and cyber processes leaves CPSs vulnerable to security attacks. A threat-vulnerability based risk model is developed through a detailed analysis of CPS security attack structures and threats. The Stuxnet malware attack is used to test the viability of the proposed model. An analysis of the Natanz system shows that, with an actual case security-risk score at Mitigation level 5, the infested facilities barely avoided a situation worse than the one which occurred. The paper concludes with a discussion on the need for risk analysis as part of CPS security and highlights the future work of modelling and comparing existing security solutions using the proposed model so to identify the sectors where CPS security is still lacking.
Reference:
Ledwaba, L. and Venter, H.S. 2017. A threat-vulnerability based risk analysis model for cyber physical system security. Proceedings of the 50th Hawaii International Conference on System Sciences, 4-7 January 2017, Kona, Hawaii, USA
Ledwaba, L., & Venter, H. (2017). A threat-vulnerability based risk analysis model for cyber physical system security. AIS Electronic Library. http://hdl.handle.net/10204/9613
Ledwaba, Lehlogonolo, and HS Venter. "A threat-vulnerability based risk analysis model for cyber physical system security." (2017): http://hdl.handle.net/10204/9613
Ledwaba L, Venter H, A threat-vulnerability based risk analysis model for cyber physical system security; AIS Electronic Library; 2017. http://hdl.handle.net/10204/9613 .