skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: A Framework for Development of Risk-Informed Autonomous Adaptive Cyber Controller

Abstract

This article details a framework and methodology to risk-inform the decisions of an unsupervised cyber controller. A risk assessment methodology within this framework uses a combination of fault trees, event trees and attack graphs to trace and map cyber elements with business processes. The methodology attempts to prevent and mitigate cyberattacks by using adaptive controllers that proactively reconfigure a network based on actionable risk estimates. The estimates are based on vulnerabilities and potential business consequences. A generic enterprise control system is used to demonstrate the wide applicability of the methodology. In addition, data needs, implementation, and potential pitfalls are discussed.

Authors:
ORCiD logo [1];  [1];  [1]; ORCiD logo [1];  [1];  [1]
  1. BATTELLE (PACIFIC NW LAB)
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1597086
Report Number(s):
PNNL-SA-129745
DOE Contract Number:  
AC05-76RL01830
Resource Type:
Journal Article
Journal Name:
Journal of Computing and Information Science in Engineering
Additional Journal Information:
Journal Volume: 19; Journal Issue: 4
Country of Publication:
United States
Language:
English
Subject:
reconfiguration, fault tree, event tree, attack graph, cybersecurity, controller, adaptive

Citation Formats

Veeramany, Arun, Hutton, William J., Sridhar, Siddharth, Gourisetti, Sri Nikhil G., Coles, Garill A., and Skare, Paul M. A Framework for Development of Risk-Informed Autonomous Adaptive Cyber Controller. United States: N. p., 2019. Web. doi:10.1115/1.4043040.
Veeramany, Arun, Hutton, William J., Sridhar, Siddharth, Gourisetti, Sri Nikhil G., Coles, Garill A., & Skare, Paul M. A Framework for Development of Risk-Informed Autonomous Adaptive Cyber Controller. United States. doi:10.1115/1.4043040.
Veeramany, Arun, Hutton, William J., Sridhar, Siddharth, Gourisetti, Sri Nikhil G., Coles, Garill A., and Skare, Paul M. Tue . "A Framework for Development of Risk-Informed Autonomous Adaptive Cyber Controller". United States. doi:10.1115/1.4043040.
@article{osti_1597086,
title = {A Framework for Development of Risk-Informed Autonomous Adaptive Cyber Controller},
author = {Veeramany, Arun and Hutton, William J. and Sridhar, Siddharth and Gourisetti, Sri Nikhil G. and Coles, Garill A. and Skare, Paul M.},
abstractNote = {This article details a framework and methodology to risk-inform the decisions of an unsupervised cyber controller. A risk assessment methodology within this framework uses a combination of fault trees, event trees and attack graphs to trace and map cyber elements with business processes. The methodology attempts to prevent and mitigate cyberattacks by using adaptive controllers that proactively reconfigure a network based on actionable risk estimates. The estimates are based on vulnerabilities and potential business consequences. A generic enterprise control system is used to demonstrate the wide applicability of the methodology. In addition, data needs, implementation, and potential pitfalls are discussed.},
doi = {10.1115/1.4043040},
journal = {Journal of Computing and Information Science in Engineering},
number = 4,
volume = 19,
place = {United States},
year = {2019},
month = {12}
}

Works referenced in this record:

Software-defined energy communication networks: From substation automation to future smart grids
conference, October 2013