Disruption of electric power operations can be catastrophic on national security and the economy. Due to the complexity of widely dispersed assets and the interdependences among computer, communication, and power infrastructures, the requirement to meet security and quality compliance on operations is a challenging issue. In recent years, the North American Electric Reliability Corporation (NERC) established a cybersecurity standard that requires utilities' compliance on cybersecurity of control systems. This standard identifies several cyber-related vulnerabilities that exist in control systems and recommends several remedial actions (e.g., best practices). In this paper, a comprehensive survey on cybersecurity of critical infrastructures is reported. A supervisory control and data acquisition security framework with the following four major components is proposed: (1) real-time monitoring; (2) anomaly detection; (3) impact analysis; and (4) mitigation strategies. In addition, an attack-tree-based methodology for impact analysis is developed. The attack-tree formulation based on power system control networks is used to evaluate system-, scenario -, and leaf-level vulnerabilities by identifying the system's adversary objectives. The leaf vulnerability is fundamental to the methodology that involves port auditing or password strength evaluation. The measure of vulnerabilities in the power system control framework is determined based on existing cybersecurity conditions, and then, the vulnerability indices are evaluated.

/pdf/cybersecurity-for-critical-infrastructures-attack-and-b43elyfw9t.pdf

Cybersecurity for Critical Infrastructures: Attack and Defense Modeling

DAG-based attack and defense modeling: don’t miss the forest for the attack trees

We introduce and give formal definitions of attack-defense trees. We argue that these trees are a simple, yet powerful tool to analyze complex security and privacy problems. Our formalization is generic in the sense that it supports different semantical approaches. We present several semantics for attack-defense trees along with usage scenarios, and we show how to evaluate attributes.

/pdf/foundations-of-attack-defense-trees-570s8023eu.pdf

Foundations of attack-defense trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper critically surveys previous work on quantitative representation and analysis of security. Such quantified security has been presented as a general approach to precisely assess and control security. We classify a significant part of the work between 1981 and 2008 with respect to security perspective, target of quantification, underlying assumptions and type of validation. The result shows how the validity of most methods is still strikingly unclear. Despite applying a number of techniques from fields such as computer science, economics and reliability theory to the problem it is unclear what valid results exist with respect to operational security. Quantified security is thus a weak hypothesis because a lack of validation and comparison between such methods against empirical data. Furthermore, many assumptions in formal treatments are not empirically well-supported in operational security and have been adopted from other fields. A number of risks are present with depending on quantitative methods with limited or no validation.

/pdf/quantified-security-is-a-weak-hypothesis-a-critical-survey-4qx3sqwf00.pdf

Quantified security is a weak hypothesis: a critical survey of results and assumptions

In this paper we present a mixed qualitative and quantitative approach for evaluation of information technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with attack countermeasures and we use economic quantitative indexes for computing the defender's return on security investment and the attacker's return on attack. We show how our approach can be used to evaluate effectiveness and economic profitability of countermeasures as well as their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.

/pdf/defense-trees-for-economic-evaluation-of-security-2zcqwnp0bi.pdf

Defense trees for economic evaluation of security investments

In this paper we use defense trees, an extension of attack trees with countermeasures, to represent attack scenarios and game theory to detect the most promising actions attacker and defender. On one side the attacker wants to break the system (with as little efforts as possible), on the opposite side the defender want to protect it (sustaining the minimum cost).

As utility function for the attacker and for the defender we consider economic indexes (like the Return on Investment (ROI) and the Return on Attack (ROA)). We show how our approach can be used to evaluate effectiveness and economic profitability of countermeasures as well as their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.

/pdf/strategic-games-on-defense-trees-25i4wr2if8.pdf

Strategic games on defense trees

In this paper we present a qualitative approach for the selection of security countermeasures able to protect an IT system from attacks. For this purpose, we model security scenarios by using defense trees (an extension of attack trees) and preferences over countermeasure using Conditional Preference networks (CP-nets for short). In particular, we introduce two different methods for the composition of preferences: the and-composition and the or-composition. The first one is used to determine a preference order in the selection of countermeasures able to mitigate the risks produced by conjunct attacks. The second one is used to determine a preference order over sets of countermeasures able to mitigate the risks produced by alternative attacks.

/pdf/using-cp-nets-as-a-guide-for-countermeasure-selection-3x9litfxxw.pdf

Using CP-nets as a guide for countermeasure selection

In this article, we present a mixed qualitative and quantitative approach for evaluation of information technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with countermeasures and we use economic quantitative indexes for computing the defender's return on security investment and the attacker's return on attack. We show how our approach can be used to evaluate economic profitability of countermeasures and their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.

/pdf/evaluation-of-complex-security-scenarios-using-defense-trees-4omqk98mp2.pdf

Evaluation of complex security scenarios using defense trees and economic indexes

http://www.dmi.unipg.it/~bista/papers/papers-download/stm07.pdf

Pamela Peretti

Papers

Defense trees for economic evaluation of security investments

Strategic games on defense trees

Using CP-nets as a guide for countermeasure selection

Evaluation of complex security scenarios using defense trees and economic indexes

Analyzing Security Scenarios Using Defence Trees and Answer Set Programming