Cyber/Physical Security Vulnerability Assessment Integration

MacDonald, Douglas G.; Clements, Samuel L.; Patrick, Scott W.; Perkins, Casey J.; Muller, George; Lancaster, Mary J.; Hutton, William J.

doi:10.1109/ISGT.2013.6497883

Title: Cyber/Physical Security Vulnerability Assessment Integration

Conference · Thu Feb 28 00:00:00 EST 2013

DOI:https://doi.org/10.1109/ISGT.2013.6497883· OSTI ID:1239497

MacDonald, Douglas G.; Clements, Samuel L.; Patrick, Scott W.; Perkins, Casey J.; Muller, George; Lancaster, Mary J.; Hutton, William J.

Securing high value and critical assets is one of the biggest challenges facing this nation and others around the world. In modern integrated systems, there are four potential modes of attack available to an adversary: • physical only attack, • cyber only attack, • physical-enabled cyber attack, • cyber-enabled physical attack. Blended attacks involve an adversary working in one domain to reduce system effectiveness in another domain. This enables the attacker to penetrate further into the overall layered defenses. Existing vulnerability assessment (VA) processes and software tools which predict facility vulnerabilities typically evaluate the physical and cyber domains separately. Vulnerabilities which result from the integration of cyber-physical control systems are not well characterized and are often overlooked by existing assessment approaches. In this paper, we modified modification of the timely detection methodology, used for decades in physical security VAs, to include cyber components. The Physical and Cyber Risk Analysis Tool (PACRAT) prototype illustrates an integrated vulnerability assessment that includes cyber-physical interdependencies. Information about facility layout, network topology, and emplaced safeguards is used to evaluate how well suited a facility is to detect, delay, and respond to attacks, to identify the pathways most vulnerable to attack, and to evaluate how often safeguards are compromised for a given threat or adversary type. We have tested the PACRAT prototype on critical infrastructure facilities and the results are promising. Future work includes extending the model to prescribe the recommended security improvements via an automated cost-benefit analysis.

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Cite

Export

Save

Research Organization:: Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-76RL01830

OSTI ID:: 1239497

Report Number(s):: PNNL-SA-90959

Resource Relation:: Conference: 2013 IEEE PES Innovative Smart Grid Technologies Conference (ISGT 2013), February 24-27, 2013, Washington DC, 1-6

Country of Publication:: United States

Language:: English

Similar Records

Cyber / Physical Security Vulnerability Assessment Integration

Conference · Sat Jul 28 00:00:00 EDT 2012 · OSTI ID:1239497

MacDonald, Douglas G.; Simpkins, Bret E.

CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION

Conference · Sun Jul 17 00:00:00 EDT 2011 · OSTI ID:1239497

MacDonald, Douglas G; Key, Brad; Clements, Samuel L; +4 more

Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure

Technical Report · Fri Feb 04 00:00:00 EST 2011 · OSTI ID:1239497

Suski, N; Wuest, C

Title: Cyber/Physical Security Vulnerability Assessment Integration

Citation Formats

Similar Records

Related Subjects