Impact Assessment of IT Security Breaches in Cyber-Physical Systems: Short paper

  • András Földvári Budapest University of Technology and Economics
  • Gergely Biczók Budapest University of Technology and Economics
  • Imre Kocsis Budapest University of Technology and Economics
  • László Gönczy Budapest University of Technology and Economics
  • András Pataricza Budapest University of Technology and Economics

Resumo


The increased cyber-attack surface in cyber-physical systems, the close coupling to vulnerable physical processes, and the potential for human casualties necessitate a careful extension of traditional safety methodologies, e.g., error propagation analysis (EPA), with cybersecurity capabilities. We propose a model-driven Information Technology/Operational Technology impact analysis method that supports identifying vulnerabilities, most critical attack strategies, and most dangerous threat actors by analyzing attack scenarios on an abstract functional model of the system. Our solution extends EPA, initially developed for dependability and safety analysis, with cybersecurity aspects to explore the safety impact of a cyber attack on a cyber-physical system. The paper presents the impact analysis workflow, the threat model, the pilot analysis tool, and a case study.
Palavras-chave: cyber-physical systems, impact analysis, error propagation analysis, cybersecurity
Publicado
22/11/2021
FÖLDVÁRI, András; BICZÓK, Gergely; KOCSIS, Imre; GÖNCZY, László; PATARICZA, András. Impact Assessment of IT Security Breaches in Cyber-Physical Systems: Short paper. In: WORKSHOP ON VALIDATION AND VERIFICATION OF FUTURE CYBER-PHYSICAL SYSTEMS (WAFERS), 2. , 2021, Florianópolis. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2021 .