DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Risk-informed autonomous adaptive cyber controllers

Abstract

Technology related to risk-informed autonomous adaptive cyber controllers is disclosed. In one example of the disclosed technology, a method includes generating probabilities of a cyber-attack occurring along an attack surface of a network. The probabilities can be generated using sensor and operational data of a network as inputs to an attack graph. The risk scores can be determined using a plurality of fault trees and the generated probabilities from the attack graph. The respective risk scores can correspond to respective nodes of an event tree. The event tree and the determined risk scores can be used to determine risk estimates for a plurality of configurations of the network. The risk estimates for the plurality of configurations of the network can be used to reconfigure the network to reduce a risk from the cyber-attack.

Inventors:
; ; ; ; ; ; ; ; ;
Issue Date:
Research Org.:
Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1860191
Patent Number(s):
11206278
Application Number:
16/432,655
Assignee:
Battelle Memorial Institute (Richland, WA)
Patent Classifications (CPCs):
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
DOE Contract Number:  
AC05-76RL01830
Resource Type:
Patent
Resource Relation:
Patent File Date: 06/05/2019
Country of Publication:
United States
Language:
English

Citation Formats

Veeramany, Arun, Hutton, III, William James, Sridhar, Siddharth, Gourisetti, Sri Nikhil Gupta, Coles, Garill A., Rice, Mark J., Skare, Paul M., Manz, David O., Dagle, Jeffery E., and Unwin, Stephen D.. Risk-informed autonomous adaptive cyber controllers. United States: N. p., 2021. Web.
Veeramany, Arun, Hutton, III, William James, Sridhar, Siddharth, Gourisetti, Sri Nikhil Gupta, Coles, Garill A., Rice, Mark J., Skare, Paul M., Manz, David O., Dagle, Jeffery E., & Unwin, Stephen D.. Risk-informed autonomous adaptive cyber controllers. United States.
Veeramany, Arun, Hutton, III, William James, Sridhar, Siddharth, Gourisetti, Sri Nikhil Gupta, Coles, Garill A., Rice, Mark J., Skare, Paul M., Manz, David O., Dagle, Jeffery E., and Unwin, Stephen D.. Tue . "Risk-informed autonomous adaptive cyber controllers". United States. https://www.osti.gov/servlets/purl/1860191.
@article{osti_1860191,
title = {Risk-informed autonomous adaptive cyber controllers},
author = {Veeramany, Arun and Hutton, III, William James and Sridhar, Siddharth and Gourisetti, Sri Nikhil Gupta and Coles, Garill A. and Rice, Mark J. and Skare, Paul M. and Manz, David O. and Dagle, Jeffery E. and Unwin, Stephen D.},
abstractNote = {Technology related to risk-informed autonomous adaptive cyber controllers is disclosed. In one example of the disclosed technology, a method includes generating probabilities of a cyber-attack occurring along an attack surface of a network. The probabilities can be generated using sensor and operational data of a network as inputs to an attack graph. The risk scores can be determined using a plurality of fault trees and the generated probabilities from the attack graph. The respective risk scores can correspond to respective nodes of an event tree. The event tree and the determined risk scores can be used to determine risk estimates for a plurality of configurations of the network. The risk estimates for the plurality of configurations of the network can be used to reconfigure the network to reduce a risk from the cyber-attack.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2021},
month = {12}
}

Works referenced in this record:

An autonomous control framework for advanced reactors
journal, August 2017


Threat Evaluation System and Method
patent-application, December 2013


Cyber security risk assessment for SCADA and DCS networks
journal, October 2007


Cyber-security in substation automation systems
journal, February 2016


Modelling network to assess security properties
patent-application, June 2007


Software-defined energy communication networks: From substation automation to future smart grids
conference, October 2013


Cyber Security Issues in Navigation Systems of Marine Vessels From a Control Perspective
conference, September 2017

  • Hassani, Vahid; Crasta, Naveena; Pascoal, António M.
  • ASME 2017 36th International Conference on Ocean, Offshore and Arctic Engineering, Volume 7B: Ocean Engineering
  • https://doi.org/10.1115/OMAE2017-61771

Measuring network security using dynamic bayesian network
conference, January 2008


A Framework for Development of Risk-Informed Autonomous Adaptive Cyber Controllers
journal, June 2019

  • Veeramany, Arun; Hutton, William J.; Sridhar, Siddharth
  • Journal of Computing and Information Science in Engineering, Vol. 19, Issue 4
  • https://doi.org/10.1115/1.4043040

SFTA-Based Approach for Safety/Reliability Analysis of Operational Use-Cases in Cyber-Physical Systems
journal, July 2017


Adaptive use of network-centric mechanisms in cyber-defense
conference, January 2003


Vulnerabilities of Cyber-Physical Linear Control Systems to Sophisticated Attacks
conference, November 2017

  • Radisavljevic-Gajic, Verica; Park, Seri; Chasaki, Danai
  • ASME 2017 Dynamic Systems and Control Conference, Volume 2: Mechatronics; Estimation and Identification; Uncertain Systems and Robustness; Path Planning and Motion Control; Tracking Control Systems; Multi-Agent and Networked Systems; Manufacturing; Intelligent Transportation and Vehicles; Sensors and Actuators; Diagnostics and Detection; Unmanned, Ground and Surface Robotics; Motion and Vibration Control Applications
  • https://doi.org/10.1115/DSCC2017-5386

On The Quantitative Definition of Risk
journal, March 1981


Stuxnet worm impact on industrial cyber-physical system security
conference, November 2011

  • Karnouskos, Stamatis
  • IECON 2011 - 37th Annual Conference of IEEE Industrial Electronics, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society
  • https://doi.org/10.1109/IECON.2011.6120048

Method and tool for network vulnerability analysis
patent, March 2006


Risk assessment method for cybersecurity of cyber-physical systems based on inter-dependency of vulnerabilities
conference, December 2015


Pra: a Perspective on Strengths, Current Limitations, and Possible Improvements
journal, February 2014


A review of cyber security risk assessment methods for SCADA systems
journal, February 2016


Vulnerabilities of Control Systems in Internet of Things Applications
journal, April 2018


Fault tree analysis: A survey of the state-of-the-art in modeling, analysis and tools
journal, February 2015