This chapter reports on a model-based approach to assessing cyber-risks in a cyber-physical system (CPS), such as power-transmission systems. We demonstrate that quantitative cyber-risk assessment, despite its inherent difficulties, is feasible. In this regard: (i) we give experimental evidence (using Monte-Carlo simulation) showing that the losses from a specific cyber-attack type can be established accurately using an abstract model of cyber-attacks – a model constructed without taking into account the details of the specific attack used in the study; (ii) we establish the benefits from deploying defence-in-depth (DiD) against failures and cyber-attacks for two types of attackers: (a) an attacker unaware of the nature of DiD, and (b) an attacker who knows in detail the DiD they face in a particular deployment, and launches attacks sufficient to defeat DiD. This study provides some insight into the benefits of combining design-diversity – to harden some of the protection devices in a CPS – with periodic “proactive recovery” of protection devices. The results are discussed in the context of making evidence-based decisions about maximising the benefits from DiD in a particular CPS.
CITATION STYLE
Netkachov, O., Popov, P., & Salako, K. (2019). Quantitative evaluation of the efficacy of defence-in-depth in critical infrastructures. In Advanced Sciences and Technologies for Security Applications (pp. 89–121). Springer. https://doi.org/10.1007/978-3-319-95597-1_5
Mendeley helps you to discover research relevant for your work.