Professional Documents
Culture Documents
net/publication/328303093
CITATION READS
1 868
4 authors, including:
Bheshaj Krishnappa
4 PUBLICATIONS 1 CITATION
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Md Ariful Haque on 25 March 2019.
Abstract— In this paper, we have analyzed the resilience for ICS using the R4 framework of disaster resilience [4]. We
property of industrial control systems (ICS) in the events of decompose the resilience metric into a hierarchy of several sub-
cyberattacks using subjective approach. We are proposing a metrics. These metrics are organized in a tree structure that
comprehensive cyber resilience framework for the ICS by captures qualitative information about the ICS resilience.
decomposing the resilience metric into a hierarchy of several sub-
metrics. These metrics form a tree structure that has the potential The paper is organized as follows. Section II provides related
to capture qualitative information about system’s security and work on resilience and security frameworks in brief. Section III
resilience posture and can be used as a high-level framework to provides a cyber-physical description of ICS with the complex
identify where modeling and analysis are needed to be carried out. inter-dependencies between cyber and physical components.
We present a brief description of resilient ICS characteristics and Section III also presents our framework that consists of a set of
a cyber resilience assessment model for ICS. Finally, we present resilience metrics that can effectively measure cyber resilience
the cyber resilience metrics formulation methods and an across ICS industries. Section IV presents discussions on how
illustration of resilience metrics calculation using Analytical the framework can be used to compute the resilience metrics.
Hierarchy Process (AHP). Our resilience framework can serve as Section V concludes the work.
a platform for a multi-criteria decision aid and help technical
experts in identifying the gap in the study of ICS resilience.
II. RELATED WORK
Keywords— Cyberattack, Industrial Control System, Resilience The National Academy of Science (NAS) defined resilience
Framework, Metrics as “The ability to prepare and plan for, absorb, recover from,
or more successfully adapt to actual or potential adverse
I. INTRODUCTION events.”[5]. In [6] the authors used the resilience definition
Industrial Control Systems (ICS) are critical components provided by NAS to define a set of resilience metrics spread
facilitating operations in vital industries such as electricity, oil over four operational domains: physical, information, cognitive,
and gas, water distribution system and manufacturing which are and social. In [4] the authors proposed the R4 framework for
known as critical infrastructures. In the past, the most common disaster resilience. The R4 framework comprises four broad
threats faced by the ICS were at the physical domains with metrics which are Robustness, Redundancy, Resourcefulness,
adverse events such as physical attacks, failures and natural and Rapidity. In [7], the MITRE presents a framework for cyber
disasters [1]. Today the extensive use of Information and resiliency engineering. Most of these frameworks provide some
Communication Technologies (ICT) in ICS make them subjective guidance from different angels of resilience study
vulnerable to cyber-attacks [2]. For example, in Advanced and lack of clear explanation on the quantitative resilience
Persistent Threat (APT) attacks highly skilled attackers can steal metrics formulation. Another issue with these frameworks is
user authentication information and then move laterally in the that they are most suitable for ITS (Information Technology
network, from host to host in a hidden manner until they reach a System) rather than ICS.
valued target. In 2015 attackers used spear-fishing emails to steal
In [8], the National Institute of Standards and Technology
credentials in three energy distribution companies of Ukraine
(NIST) provides a framework for improving the cybersecurity
and moved laterally through the corporate network and gained
access to the Supervisory Control and Data Acquisition and resilience of critical infrastructures. The NIST framework
(SCADA) system [3]. The attackers were able to disable the identifies five functions that organize cybersecurity at the
corporate network and temporarily disrupt electricity supply in highest levels: identify, protect, detect, respond, and recover. In
the power grid infrastructure. [9] NIST provides detailed guidelines for ICS system security.
In [10], the authors define the necessary measures to be taken
In this work, we have reviewed the existing cyber resilience in order to make ICS and critical infrastructures resilient. In all
frameworks. We have analyzed the characteristics of resilient these frameworks, the authors do not provide a methodology to
ICS systems and develop a cyber resilience assessment model quantify the resilience metrics of the ICS system.
for ICS. In addition, we propose a cyber resilience framework
This work is part of the project funded by the Department of Energy under
Award Number DE-OE0000780.
26
TABLE I. CYBER RESILIENCE FRAMEWORK FOR ICS
28
TABLE II. VALUES OF THE RANDOM INDEX FOR SMALL PROBLEMS
* With respect to Robustness, what criteria do you find the most important
(M < 10) [13]
between Physical and Organization ?
𝒎𝒎 factors 2 3 4 5 6 7 8 Physical
29
𝐶𝐶3 . From the normalized right eigenvector of Table IV, we completeness, or usefulness of any information, apparatus,
find the Robustness in function of the Physical ( 𝐶𝐶1 ) , product, or process disclosed, or represents that its use would
Organization (𝐶𝐶2 ) and Technical (𝐶𝐶3 ) criteria as: not infringe privately owned rights. Reference herein to any
specific commercial product, process, or service by trade
𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅 = 0.06𝐶𝐶1 + 0.200𝐶𝐶2 + 0.74𝐶𝐶3 (5) name, trademark, manufacturer, or otherwise does not
Similarly, pairwise comparisons were done between sub- necessarily constitute or imply its endorsement,
criteria, and alternatives. We derive the relative weights of recommendation, or favoring by the United States
each criterion and the score corresponding to the alternative Government or any agency thereof. The views and opinions
options at the lower level of the hierarchy. Equation (6) and of authors expressed herein do not necessarily state or reflect
those of the United States Government or any agency thereof.
(8) give the numerical values that we obtained for the relative
weights and the score vector for the four criteria and three
alternative options respectively. REFERENCES
𝐴𝐴𝐴𝐴𝐴𝐴𝐴𝐴𝐴𝐴𝐴𝐴 𝐶𝐶𝐶𝐶𝐶𝐶𝐶𝐶𝐶𝐶𝐶𝐶𝐶𝐶 (𝑆𝑆𝑆𝑆1 ) 0.3 [1] R. Kinney, P. Crucitti, R. Albert, and V. Latora, “Modeling cascading
failures in the North American power grid,” The European Physical
𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆 (𝑆𝑆𝑆𝑆2 ) (6)
� � = �0.2� Journal B-Condensed Matter and Complex Systems, vol. 46, no. 1, pp.
𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷(𝑆𝑆𝑆𝑆3 ) 0.1 101-107, 2005.
𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅 𝑀𝑀𝑀𝑀𝑀𝑀𝑀𝑀𝑀𝑀𝑀𝑀𝑀𝑀𝑀𝑀𝑀𝑀𝑀𝑀 (𝑆𝑆𝑆𝑆4 ) 0.4 [2] C. Glenn, D. Sterbentz, and A. Wright, Cyber Threat and Vulnerability
Analysis of the US Electric Sector, Idaho National Lab.(INL), Idaho
Equation (7) shows how the Organization criteria (𝐶𝐶2 ) is Falls, ID (United States), 2016.
[3] D. U. Case, “Analysis of the cyber attack on the Ukrainian power grid,”
computed in function of the four sub-criteria, Electricity Information Sharing and Analysis Center (E-ISAC), 2016.
[4] K. Tierney, and M. Bruneau, “Conceptualizing and measuring
𝐶𝐶2 = 0.3 𝑆𝑆𝑆𝑆1 + 0.2 𝑆𝑆𝑆𝑆2 + 0.1 𝑆𝑆𝐶𝐶3 + 0.4 𝑆𝑆𝑆𝑆4 (7) resilience: A key to disaster loss reduction,” TR news, no. 250, 2007.
[5] N. A. o. Sciences, Disaster resilience: a national imperative,
𝐻𝐻 0.73 Washington, D.C., 2012.
�𝑀𝑀� = �0.2067� (8) [6] I. Linkov, D. A. Eisenberg, K. Plourde, T. P. Seager, J. Allen, and A.
Kott, “Resilience metrics for cyber systems,” Environment Systems and
𝐿𝐿 0.0581 Decisions, vol. 33, no. 4, pp. 471-476, 2013.
[7] D. Bodeau, and R. Graubart, “Cyber resiliency engineering
V. CONCLUSION framework,” MTR110237, MITRECorporation, 2011.
[8] C. I. Cybersecurity, “Framework for Improving Critical Infrastructure
In this paper, we investigate the cyber resilience of ICS. Cybersecurity,” Framework, vol. 1, pp. 11, 2014.
First, we discuss the properties of a resilient ICS. Then we [9] K. Stouffer, J. Falco, and K. Scarfone, “Guide to industrial control
systems (ICS) security,” NIST special publication, vol. 800, no. 82, pp.
adapt the R4 framework to derive the cyber resilience 16-16, 2011.
assessment model (CRAM) for ICS. Finally, we propose a [10] S. Bologna, A. Fasani, and M. Martellini, "Cyber Security and
detailed cyber resilience framework for ICS using the Resilience of Industrial Control Systems and Critical Infrastructures,"
CRAM. We explain how to effectively quantify and evaluate Cyber Security, pp. 57-72: Springer, 2013.
[11] D. Wei, and K. Ji, "Resilient industrial control system (RICS):
cyber resilience metrics using the proposed framework. The Concepts, formulation, metrics, and insights." pp. 15-22.
framework can provide directions in ICS resilience analysis [12] A. McIntyre, B. Becker, and R. Halbgewachs, “Security metrics for
and assessment process and help the ICS operators and process control systems,” Sandia National Laboratories, Sandia
Report SAND2007-2070P, 2007.
technical experts to better understand their industrial control [13] T. L. Saaty, “Relative measurement and its generalization in decision
system architecture to make it more resilient from making why pairwise comparisons are central in mathematics for the
cyberattacks. Unlike most of the relevant works that only measurement of intangible factors the analytic hierarchy/network
provide security guidance and recommendations, we have process,” RACSAM-Revista de la Real Academia de Ciencias Exactas,
Fisicas y Naturales. Serie A. Matematicas, vol. 102, no. 2, pp. 251-318,
derived the resilience metrics using the proposed framework 2008.
which provides quantitative insights into the ICS cyber [14] M. J. Bartock, J. A. Cichonski, M. P. Souppaya, M. C. Smith, G. A.
resilience. This resilience metrics formulation process can be Witte, and K. A. Scarfone, Guide for cybersecurity event recovery,
2016.
used to evaluate and analyze overall ICS network resilience. [15] J. T. Force, and T. Initiative, “Security and privacy controls for federal
information systems and organizations,” NIST Special Publication,
ACKNOWLEDGMENT vol. 800, no. 53, pp. 8-13, 2013.
[16] T. Macaulay, and B. L. Singer, Cybersecurity for industrial control
This material is based upon work supported by the systems: SCADA, DCS, PLC, HMI, and SIS, p.^pp. 51: Auerbach
Department of Energy under Award Number DE- Publications, 2016.
[17] K. Sun, S. Jajodia, J. Li, Y. Cheng, W. Tang, and A. Singhal,
OE0000780. "Automatic security analysis using security metrics." pp. 1207-1212.
[18] L. Watkins, and J. Hurley, "Cyber Maturity as Measured by Scientific
DISCLAIMER Risk-Based Metrics." p. 384.
[19] G. C. Wilamowski, J. R. Dever, and S. M. Stuban, “Using Analytical
This report was prepared as an account of work sponsored Hierarchy and Analytical Network Processes to Create CYBER
by an agency of the United States Government. Neither the SECURITY METRICS,” Defense Acquisition Research Journal: A
Publication of the Defense Acquisition University, vol. 24, no. 2, 2017.
United States Government nor any agency thereof, nor any of [20] H. Tran, E. Campos-Nanez, P. Fomin, and J. Wasek, “Cyber resilience
their employees makes any warranty, express or implied, or recovery model to combat zero-day malware attacks,” computers &
assumes any legal liability or responsibility for the accuracy, security, vol. 61, pp. 19-31, 2016.
30