skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Cyber-Physical Security Assessment (CyPSA) Toolset

Abstract

CyPSA seeks to organize and gain insight into the diverse sets of data that a critical infrastructure provider must manage. Specifically CyPSA inventories, manages, and analyzes assets and relations among those assets. A variety of interfaces are provided. CyPSA inventories assets (both cyber and physical). This may include the cataloging of assets through a common interface. Data sources used to generate a catalogue of assets include PowerWorld, NPView, NMap Scans, and device configurations. Depending upon the role of the person using the tool the types of assets accessed as well as the data sources through which asset information is accessed may vary. CyPSA allows practitioners to catalogue relations among assets and these may either be manually or programmatically generated. For example, some common relations among assets include the following: Topological Network Data: Which devices and assets are connected and how? Data sources for this kind of information include NMap scans, NPView topologies (via Firewall rule analysis). Security Metrics Outputs: The output of various security metrics such as overall exposure. Configure Assets:CyPSA may eventually include the ability to configure assets including relays and switches. For example, a system administrator would be able to configure and alter the state of a relaymore » via the CyPSA interface. Annotate Assets: CyPSA also allows practitioners to manually and programmatically annotate assets. Sources of information with which to annotate assets include provenance metadata regarding the data source from which the asset was loaded, vulnerability information from vulnerability databases, configuration information, and the output of an analysis in general.« less

Authors:
 [1];  [2];  [1];  [3];  [4];  [3];  [3];  [3];  [5];  [3];  [3];  [2];  [3];  [6]
  1. Rutgers University
  2. Oregon State University
  3. Univ. of Illinois
  4. PowerWorld Corp.
  5. Oregon State Univ.
  6. Univ. of Illinois.
Publication Date:
Research Org.:
University of Illinois
Sponsoring Org.:
USDOE Advanced Research Projects Agency - Energy (ARPA-E)
OSTI Identifier:
1341011
Report Number(s):
CyPSA; 005125IBMPC00
DOE Contract Number:
AR0000342
Resource Type:
Software
Software Revision:
00
Software Package Number:
005125
Software CPU:
IBMPC
Source Code Available:
Yes
Related Software:
PowerWorld Simulator, NP-View from Network Perception
Country of Publication:
United States

Citation Formats

Garcia, Luis, Patapanchala, Panini, Zonouz, Saman, Davis, Kate, Davis, Matt, Berthier, Robin, Bamba, Mouna, Soubigou, Olivier, Rayala, Vishnu Priya, Weaver, Gabe, Rogers, Edmond, Bobba, Rakesh, Nicol, David, and Sauer, Pete. Cyber-Physical Security Assessment (CyPSA) Toolset. Computer software. Vers. 00. USDOE Advanced Research Projects Agency - Energy (ARPA-E). 31 Aug. 2016. Web.
Garcia, Luis, Patapanchala, Panini, Zonouz, Saman, Davis, Kate, Davis, Matt, Berthier, Robin, Bamba, Mouna, Soubigou, Olivier, Rayala, Vishnu Priya, Weaver, Gabe, Rogers, Edmond, Bobba, Rakesh, Nicol, David, & Sauer, Pete. (2016, August 31). Cyber-Physical Security Assessment (CyPSA) Toolset (Version 00) [Computer software].
Garcia, Luis, Patapanchala, Panini, Zonouz, Saman, Davis, Kate, Davis, Matt, Berthier, Robin, Bamba, Mouna, Soubigou, Olivier, Rayala, Vishnu Priya, Weaver, Gabe, Rogers, Edmond, Bobba, Rakesh, Nicol, David, and Sauer, Pete. Cyber-Physical Security Assessment (CyPSA) Toolset. Computer software. Version 00. August 31, 2016.
@misc{osti_1341011,
title = {Cyber-Physical Security Assessment (CyPSA) Toolset, Version 00},
author = {Garcia, Luis and Patapanchala, Panini and Zonouz, Saman and Davis, Kate and Davis, Matt and Berthier, Robin and Bamba, Mouna and Soubigou, Olivier and Rayala, Vishnu Priya and Weaver, Gabe and Rogers, Edmond and Bobba, Rakesh and Nicol, David and Sauer, Pete},
abstractNote = {CyPSA seeks to organize and gain insight into the diverse sets of data that a critical infrastructure provider must manage. Specifically CyPSA inventories, manages, and analyzes assets and relations among those assets. A variety of interfaces are provided. CyPSA inventories assets (both cyber and physical). This may include the cataloging of assets through a common interface. Data sources used to generate a catalogue of assets include PowerWorld, NPView, NMap Scans, and device configurations. Depending upon the role of the person using the tool the types of assets accessed as well as the data sources through which asset information is accessed may vary. CyPSA allows practitioners to catalogue relations among assets and these may either be manually or programmatically generated. For example, some common relations among assets include the following: Topological Network Data: Which devices and assets are connected and how? Data sources for this kind of information include NMap scans, NPView topologies (via Firewall rule analysis). Security Metrics Outputs: The output of various security metrics such as overall exposure. Configure Assets:CyPSA may eventually include the ability to configure assets including relays and switches. For example, a system administrator would be able to configure and alter the state of a relay via the CyPSA interface. Annotate Assets: CyPSA also allows practitioners to manually and programmatically annotate assets. Sources of information with which to annotate assets include provenance metadata regarding the data source from which the asset was loaded, vulnerability information from vulnerability databases, configuration information, and the output of an analysis in general.},
doi = {},
year = 2016,
month = 8,
note =
}

Software:
To order this software, request consultation services, or receive further information, please fill out the following request.

Save / Share:
  • This internally funded Laboratory-Directed R&D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the variousmore » interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.« less
  • Abstract not provided.
  • Securing high value and critical assets is one of the biggest challenges facing this nation and others around the world. In modern integrated systems, there are four potential modes of attack available to an adversary: • physical only attack, • cyber only attack, • physical-enabled cyber attack, • cyber-enabled physical attack. Blended attacks involve an adversary working in one domain to reduce system effectiveness in another domain. This enables the attacker to penetrate further into the overall layered defenses. Existing vulnerability assessment (VA) processes and software tools which predict facility vulnerabilities typically evaluate the physical and cyber domains separately. Vulnerabilitiesmore » which result from the integration of cyber-physical control systems are not well characterized and are often overlooked by existing assessment approaches. In this paper, we modified modification of the timely detection methodology, used for decades in physical security VAs, to include cyber components. The Physical and Cyber Risk Analysis Tool (PACRAT) prototype illustrates an integrated vulnerability assessment that includes cyber-physical interdependencies. Information about facility layout, network topology, and emplaced safeguards is used to evaluate how well suited a facility is to detect, delay, and respond to attacks, to identify the pathways most vulnerable to attack, and to evaluate how often safeguards are compromised for a given threat or adversary type. We have tested the PACRAT prototype on critical infrastructure facilities and the results are promising. Future work includes extending the model to prescribe the recommended security improvements via an automated cost-benefit analysis.« less

To initiate an order for this software, request consultation services, or receive further information, fill out the request form below. You may also reach us by email at: .

OSTI staff will begin to process an order for scientific and technical software once the payment and signed site license agreement are received. If the forms are not in order, OSTI will contact you. No further action will be taken until all required information and/or payment is received. Orders are usually processed within three to five business days.

Software Request

(required)
(required)
(required)
(required)
(required)
(required)
(required)
(required)