skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Risk and Vulnerability Assessment Using Cybernomic Computational Models: Tailored for Industrial Control Systems

Abstract

There are many influencing economic factors to weigh from the defender-practitioner stakeholder point-of-view that involve cost combined with development/deployment models. Some examples include the cost of countermeasures themselves, the cost of training and the cost of maintenance. Meanwhile, we must better anticipate the total cost from a compromise. The return on investment in countermeasures is essentially impact costs (i.e., the costs from violating availability, integrity and confidentiality / privacy requirements). The natural question arises about choosing the main risks that must be mitigated/controlled and monitored in deciding where to focus security investments. To answer this question, we have investigated the cost/benefits to the attacker/defender to better estimate risk exposure. In doing so, it s important to develop a sound basis for estimating the factors that derive risk exposure, such as likelihood that a threat will emerge and whether it will be thwarted. This impact assessment framework can provide key information for ranking cybersecurity threats and managing risk.

Authors:
 [1];  [2];  [1]
  1. ORNL
  2. University of Memphis
Publication Date:
Research Org.:
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Sponsoring Org.:
Work for Others (WFO)
OSTI Identifier:
1185966
DOE Contract Number:
DE-AC05-00OR22725
Resource Type:
Conference
Resource Relation:
Conference: 10th Annual Cyber and Information Security Research (CISR) Conference, Oak Ridge, TN, USA, 20150407, 20150409
Country of Publication:
United States
Language:
English
Subject:
Availability; Integrity; Security Measures/Metrics; Dependability; Security Requirements; Threats; Vulnerabilities; Algorithms; Management; Measurement; Performance; Design; Economics; Experimentation; Security; Theory; Verification

Citation Formats

Abercrombie, Robert K, Sheldon, Federick T., and Schlicher, Bob G. Risk and Vulnerability Assessment Using Cybernomic Computational Models: Tailored for Industrial Control Systems. United States: N. p., 2015. Web.
Abercrombie, Robert K, Sheldon, Federick T., & Schlicher, Bob G. Risk and Vulnerability Assessment Using Cybernomic Computational Models: Tailored for Industrial Control Systems. United States.
Abercrombie, Robert K, Sheldon, Federick T., and Schlicher, Bob G. Thu . "Risk and Vulnerability Assessment Using Cybernomic Computational Models: Tailored for Industrial Control Systems". United States. doi:.
@article{osti_1185966,
title = {Risk and Vulnerability Assessment Using Cybernomic Computational Models: Tailored for Industrial Control Systems},
author = {Abercrombie, Robert K and Sheldon, Federick T. and Schlicher, Bob G},
abstractNote = {There are many influencing economic factors to weigh from the defender-practitioner stakeholder point-of-view that involve cost combined with development/deployment models. Some examples include the cost of countermeasures themselves, the cost of training and the cost of maintenance. Meanwhile, we must better anticipate the total cost from a compromise. The return on investment in countermeasures is essentially impact costs (i.e., the costs from violating availability, integrity and confidentiality / privacy requirements). The natural question arises about choosing the main risks that must be mitigated/controlled and monitored in deciding where to focus security investments. To answer this question, we have investigated the cost/benefits to the attacker/defender to better estimate risk exposure. In doing so, it s important to develop a sound basis for estimating the factors that derive risk exposure, such as likelihood that a threat will emerge and whether it will be thwarted. This impact assessment framework can provide key information for ranking cybersecurity threats and managing risk.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Thu Jan 01 00:00:00 EST 2015},
month = {Thu Jan 01 00:00:00 EST 2015}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: