Comparison of two methods to quantify cyber and physical security effectiveness.

Wyss, Gregory Dane; Gordon, Kristl A

doi:10.2172/876367

Title: Comparison of two methods to quantify cyber and physical security effectiveness.

Technical Report · Tue Nov 01 00:00:00 EST 2005

DOI:https://doi.org/10.2172/876367· OSTI ID:876367

Wyss, Gregory Dane; Gordon, Kristl A

With the increasing reliance on cyber technology to operate and control physical security system components, there is a need for methods to assess and model the interactions between the cyber system and the physical security system to understand the effects of cyber technology on overall security system effectiveness. This paper evaluates two methodologies for their applicability to the combined cyber and physical security problem. The comparison metrics include probabilities of detection (P{sub D}), interruption (P{sub I}), and neutralization (P{sub N}), which contribute to calculating the probability of system effectiveness (P{sub E}), the probability that the system can thwart an adversary attack. P{sub E} is well understood in practical applications of physical security but when the cyber security component is added, system behavior becomes more complex and difficult to model. This paper examines two approaches (Bounding Analysis Approach (BAA) and Expected Value Approach (EVA)) to determine their applicability to the combined physical and cyber security issue. These methods were assessed for a variety of security system characteristics to determine whether reasonable security decisions could be made based on their results. The assessments provided insight on an adversary's behavior depending on what part of the physical security system is cyber-controlled. Analysis showed that the BAA is more suited to facility analyses than the EVA because it has the ability to identify and model an adversary's most desirable attack path.

View Technical Report

Cite

Export

Save

Research Organization:: Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC04-94AL85000

OSTI ID:: 876367

Report Number(s):: SAND2005-7177; TRN: US200606%%144

Country of Publication:: United States

Language:: English

Similar Records

Countering Cyber Sabotage: Introducing Consequence-Driven Cyber-Informed Engineering (CCE)

Book · Wed Sep 01 00:00:00 EDT 2021 · OSTI ID:876367

Bochman, Andrew A; Freeman, Sarah G

Cyber risk assessment and investment optimization using game theory and ML-based anomaly detection and mitigation for wide-area control in smart grids

Other · Mon Aug 01 00:00:00 EDT 2022 · OSTI ID:876367

Hyder, Burhan

Cyber Friendly Fire

Technical Report · Thu Sep 01 00:00:00 EDT 2011 · OSTI ID:876367

Greitzer, Frank L.; Carroll, Thomas E.; Roberts, Adam D.

Related Subjects

99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE
COMPUTERIZED CONTROL SYSTEMS
SABOTAGE
DETECTION
PROBABILITY
SECURITY
PHYSICAL PROTECTION
COMPUTER NETWORKS
Intranets (Computer networks)-Security measures.
Dwellings-Security measures.
Computer security.
Computer networks-Security measures.
Electronic security systems.

Title: Comparison of two methods to quantify cyber and physical security effectiveness.

Citation Formats

Similar Records

Related Subjects