Abstract
We consider the problem of quantifying the potential for an adversary to move through the computer/communication network controlling a critical infrastructure. Quantification is needed to describe the risk to the critical infrastructure of cyber penetration in terms understandable to the owners/operators of the critical infrastructure. We identify several specific challenges, and conclude without having solved the problem, but having pointed the way towards some possible solutions.
This material is based upon work supported by the Department of Energy under Award Number DE-OE0000780 and by the Maryland Procurement Office under Contract No. H98230-14-C-0141. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
National vulnerability database. https://nvd.nist.gov/vuln-metrics/cvss. Accessed 24 Oct 2019
NP-View and NP-Live. https://www.network-perception.com. Accessed 24 Oct 2019
Du, D., Hu, X.: Steiner Tree Problems in Computer Communication Networks. World Scientific Publishing Co. Inc., River Edge (2008)
Idika, N., Bhargava, B.: Extending attack graph-based security metrics and aggregating their application. IEEE Trans. Dependable Secur. Comput. 9, 75–85 (2012)
Mell, P., Kent, K.A., Romanosky, S.: The common vulnerability scoring system (CVSS) and its applicability to federal agency systems. Citeseer (2007)
Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system. Secur. Priv. IEEE 4(6), 85–89 (2006)
Nguyen, H.H., Palani, K., Nicol, D.M.: An approach to incorporating uncertainty in network security analysis. In: Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp, HoTSoS, pp. 74–84. ACM, New York (2017). https://doi.org/10.1145/3055305.3055308
Nguyen, H.H., Palani, K., Nicol, D.M.: Extensions of network reliability analysis. In: Proceedings of the 49th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019, Portland, OR, June 2019
Nicol, D.M.: Cyber risk of coordinated attacks in critical infrastructures. In: Proceedings of the 2018 Winter Simulation Conference, Gutenberg, Sweden, 9–12 December 2018, pp. 2759–2768 (2018)
Nicol, D.M., Mallapura, V.: Modeling and analysis of stepping stone attacks. In: Proceedings of the 2014 Winter Simulation Conference, Savannah, GA, USA, 7–10 December 2014, pp. 3036–3047 (2014). https://doi.org/10.1109/WSC.2014.7020142
Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Softw. Eng. 25(5), 633–650 (1999). https://doi.org/10.1109/32.815323
Schiffman, M., Eschelbeck, G., Ahmad, D., Wright, A., Romanosky, S.: CVSS: a common vulnerability scoring system. National Infrastructure Advisory Council (NIAC) (2004)
Schneir, B.: Attack trees: modeling security threats. Dr. Dobb’s J. (1999)
Schneir, B.: Secrets & Lies: Digital Security in a Networked World. Wiley, New York (2000)
Sobol, I.M.: A Primer for the Monte Carlo Method. CRC Press, Boca Raton (1994)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Nicol, D.M. (2020). Challenges in Quantifying an Adversary’s Cyber Access to Critical Infrastructures. In: Nadjm-Tehrani, S. (eds) Critical Information Infrastructures Security. CRITIS 2019. Lecture Notes in Computer Science(), vol 11777. Springer, Cham. https://doi.org/10.1007/978-3-030-37670-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-37670-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37669-7
Online ISBN: 978-3-030-37670-3
eBook Packages: Computer ScienceComputer Science (R0)