Critical infrastructure systems of systems assessment methodology.
Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies that separately consider physical security and cyber security. This research has developed a risk assessment methodology that explicitly accounts for both physical and cyber security, while preserving the traditional security paradigm of detect, delay, and respond. This methodology also accounts for the condition that a facility may be able to recover from or mitigate the impact of a successful attack before serious consequences occur. The methodology uses evidence-based techniques (which are a generalization of probability theory) to evaluate the security posture of the cyber protection systems. Cyber threats are compared against cyber security posture using a category-based approach nested within a path-based analysis to determine the most vulnerable cyber attack path. The methodology summarizes the impact of a blended cyber/physical adversary attack in a conditional risk estimate where the consequence term is scaled by a ''willingness to pay'' avoidance approach.
- Research Organization:
- Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC04-94AL85000
- OSTI ID:
- 899076
- Report Number(s):
- SAND2006-6399; TRN: US200708%%22
- Country of Publication:
- United States
- Language:
- English
Similar Records
Autonomous System Inference, Trojan, and Adversarial Reprogramming Attack and Defense (Final)
Risk assessment for physical and cyber attacks on critical infrastructures.
Related Subjects
COMPUTER NETWORKS
RISK ASSESSMENT
SECURITY
SABOTAGE
MITIGATION
National security-Computer network resources.
Intranets (Computer networks)-Security measures.
Public key infrastructure (Computer security)
Computer security.
Local area networks (Computer networks)-Security measures.