Skip to main content
SpringerLink
Log in

Realizing Cyber-Physical Systems Resilience Frameworks and Security Practices

  • Chapter
  • First Online:
Security in Cyber-Physical Systems

Part of the book series: Studies in Systems, Decision and Control ((SSDC,volume 339))

Abstract

Cyber-Physical Systems (CPSs) are complex systems that evolve from the integrations of components dealing with real-time computations and physical processes, along with networking. CPSs often incorporate approaches merging from different scientific fields such as embedded systems, control systems, operational technology, information technology systems (ITS), and cybernetics. Major cybersecurity concerns are rising around CPSs because of their expanding uses in the modern world today. Often the security concerns are limited to deriving risk analytics and security assessment. Others focus on the development of intrusion detection and prevention systems. To make the CPSs resilient, it needs a thorough understanding of the current cybersecurity frameworks proposed by different governing bodies in this domain. It is also imperative to realize how these frameworks are applying established security practices. To address the gap in understanding the defense-in-depth security architectures and achieving them within the CPS domain, we analyze the cybersecurity frameworks and the challenges in applying them. To give some background information, we start a discussion of the differences between ITS and CPS. We then present a state-of-the-art review of some of the existing cybersecurity frameworks for risk and resilience management. Finally, we propose formal techniques to realize the frameworks and security practices in the CPS domain by providing quantitative resilience analytics.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Griffor, E.R., Greer, C., Wollman, D.A., Burns, M.J.: Framework for cyber-physical systems: vol. 1. Overview, Technical report (2017)

    Google Scholar 

  2. Shi, L., Dai, Q., Ni, Y.: Cyber-physical interactions in power systems: a review of models, methods, and applications. Electr. Power Syst. Res. 163, 396–412 (2018)

    Article  Google Scholar 

  3. Zhang, T., Wang, Y., Liang, X., Zhuang, Z., Xu, W.: Cyber attacks in cyber-physical power systems: a case study with gprs-based scada systems. In: 2017 29th Chinese Control And Decision Conference (CCDC), pp. 6847–6852. IEEE (2017)

    Google Scholar 

  4. Macaulay, T., Singer, B.L.: Cybersecurity for industrial control systems: SCADA, DCS. HMI, and SIS. Auerbach Publications, PLC (2016)

    Book  Google Scholar 

  5. Stouffer, K., Falco, J., Scarfone, K.: Guide to Industrial Control Systems (ICS) Security, vol. 800, no. 82, p. 16. NIST Special Publication (2011)

    Google Scholar 

  6. Colbert, E.J.M., Kott, A.: Cyber-Security of SCADA and Other Industrial Control Systems, vol. 66. Springer (2016)

    Google Scholar 

  7. Johnson, A., Dempsey, K., Ross, R., Gupta, S., Bailey, D.: Guide for Security-Focused Configuration Management of Information Systems, vol. 800, no. 128, p. 16. NIST Special Publication (2011)

    Google Scholar 

  8. Cyware: Understanding the difference between risk, threat, and vulnerability (2019). https://cyware.com/news/understanding-the-difference-between-risk-threat-and-vulnerability-c5210e89

  9. Blank, R.M.: Guide for conducting risk assessments (2011)

    Google Scholar 

  10. Lewis, T.G.: Network Science: Theory and Applications. Wiley (2011)

    Google Scholar 

  11. Haque, M.A., Gochhayat, S.P., Shetty, S., Krishnappa, B.: Simulation Foundations, Methods and Applications. SFMA) series, Cloud-Based Simulation Platform for Quantifying Cyber-Physical Systems Resilience. Springer (2020)

    Google Scholar 

  12. Chen, T., Abu-Nimeh, S.: Lessons from stuxnet. Computer 44(4), 91–93 (2011)

    Article  Google Scholar 

  13. Mittal, S., Tolk, A.: Complexity Challenges in Cyber Physical Systems: Using Modeling and Simulation (M&S) to Support Intelligence. Wiley, Adaptation and Autonomy (2019)

    Book  Google Scholar 

  14. Haque, M.A., Shetty, S., Krishnappa, B.: Cyber-physical system resilience. In: Complexity Challenges in Cyber Physical Systems: Using Modeling and Simulation (M&S) to Support Intelligence, Adaptation and Autonomy (2019)

    Google Scholar 

  15. Laing, C.: Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection. IGI Global (2012)

    Google Scholar 

  16. Bruneau, M., Chang, S.E., Eguchi, R.T., Lee, G.C., O’Rourke, T.D., Reinhorn, A.M., Shinozuka, M., Tierney, K., Wallace, W.A., Winterfeldt, D.V.: A framework to quantitatively assess and enhance the seismic resilience of communities. Earthquake Spectra 19(4), 733–752 (2003)

    Article  Google Scholar 

  17. Tierney, K., Bruneau, M.: Conceptualizing and measuring resilience: a key to disaster loss reduction. TR News (250) (2007)

    Google Scholar 

  18. National Research Council et al.: Disaster resilience: a national imperative (2012)

    Google Scholar 

  19. Ross, R.S.: Recommended security controls for federal information systems and organizations [includes updates through 9/14/2009]. Technical report (2009)

    Google Scholar 

  20. Sedgewick, A.: Framework for improving critical infrastructure cybersecurity, version 1.0. Technical report (2014)

    Google Scholar 

  21. Haque, M.A., De Teyou, G.K., Shetty, S., Krishnappa, B.: Cyber resilience framework for industrial control systems: concepts, metrics, and insights. In: 2018 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 25–30. IEEE (2018)

    Google Scholar 

  22. Haque, M.A., Shetty, S., Krishnappa, B.: ICS-CRAT: a cyber resilience assessment tool for industrial control systems. In: 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), pp. 273–281. IEEE (2019)

    Google Scholar 

  23. Barker, K., Lambert, J.H., Zobel, C.W., Tapia, A.H., Ramirez-Marquez, J.E., Albert, L., Nicholson, C.D., Caragea, C.: Defining resilience analytics for interdependent cyber-physical-social networks. Sustain. Resilient Infrastructu. 2(2), 59–67 (2017)

    Article  Google Scholar 

  24. DiMase, D., Collier, Z.A., Heffner, K., Linkov, I.: Systems engineering framework for cyber physical security and resilience. Environ. Syst. Decis. 35(2), 291–300 (2015)

    Article  Google Scholar 

  25. Haque, M.A., Shetty, S., Kamdem, G.: Improving bulk power system resilience by ranking critical nodes in the vulnerability graph. In: Proceedings of the Annual Simulation Symposium, p. 8. Society for Computer Simulation International (2018)

    Google Scholar 

  26. Haque, M.A., Shetty, S., Krishnappa, B.: Modeling cyber resilience for energy delivery systems using critical system functionality. In: IEEE Resilience Week 2019, pp. 33–41. IEEE (2019)

    Google Scholar 

  27. Clark, A., Zonouz, S.: Cyber-physical resilience: definition and assessment metric. IEEE Trans. Smart Grid 10(2), 1671–1684 (2017)

    Article  Google Scholar 

  28. Wei, D., Ji, K.: Resilient industrial control system (RICS): concepts, formulation, metrics, and insights. In: 2010 3rd International Symposium on Resilient Control Systems, pp. 15–22. IEEE (2010)

    Google Scholar 

  29. Linkov, I., Eisenberg, D.A., Bates, M.E., Chang, D., Convertino, M., Allen, J.H., Flynn, S.E., Seager, T.P.: Measurable resilience for actionable policy (2013)

    Google Scholar 

  30. JOINT TASK FORCE: Risk Management Framework for Information Systems and Organizations, vol. 800, p. 37. NIST Special Publication (2018)

    Google Scholar 

  31. Bodeau, D., Graubart., R.: Cyber Resiliency Engineering Framework. MTR110237, MITRECorporation (2011)

    Google Scholar 

  32. Cornelius, E., Fabro, M.: Recommended practice: Creating cyber forensics plans for control systems. Technical report, Idaho National Laboratory (INL) (2008)

    Book  Google Scholar 

  33. Fabro, M., Gorski, E., Spiers, N.: Recommended practice: improving industrial control system cybersecurity with defense-in-depth strategies. In: DHS Industrial Control Systems Cyber Emergency Response Team (2016)

    Google Scholar 

  34. Watson, J.-P., Guttromson, R., Silva-Monroy, C., Jeffers, R., Jones, K., Ellison, J., Rath, C., Gearhart, J., Jones, D., Corbet, T., et al.: Conceptual framework for developing resilience metrics for the electricity oil and gas sectors in the united states. Technical report, Sandia National Laboratories, Albuquerque, NM, USA (2014)

    Google Scholar 

  35. ICS-CERT: Recommended practice: developing an industrial control systems cybersecurity incident response capability (2009)

    Google Scholar 

  36. Tom, S., Christiansen, D., Berrett, D.: Recommended practice for patch management of control systems. Technical report, Idaho National Laboratory (INL) (2008)

    Google Scholar 

  37. ICS-CERT: Recommended practice: updating antivirus in an industrial control system (2018)

    Google Scholar 

  38. Saaty, T.L.: Relative measurement and its generalization in decision making why pairwise comparisons are central in mathematics for the measurement of intangible factors the analytic hierarchy/network process. RACSAM-Revista de la Real Academia de Ciencias Exactas, Fisicas y Naturales. Serie A. Matematicas 102(2), 251–318 (2008)

    Google Scholar 

  39. Wilamowski, G.C., Dever, J.R., Stuban, S.M.F.: Using analytical hierarchy and analytical network processes to create cyber security metrics. Def. Acquisit. Res. J.: Publicat. Def.e Acquisit. Univ. 24(2) (2017)

    Google Scholar 

  40. Sun, K., Jajodia, S., Li, J., Cheng, Y., Tang, W., Singhal, A.: Automatic security analysis using security metrics. In: 2011-MILCOM 2011 Military Communications Conference, pp. 1207–1212. IEEE (2011)

    Google Scholar 

  41. Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. In: Published by FIRST-Forum of Incident Response and Security Teams, vol. 1, p. 23 (2007)

    Google Scholar 

  42. Haque, M.A.: Analysis of bulk power system resilience using vulnerability graph (2018)

    Google Scholar 

  43. Garvey, P.R., Ariel Pinto, C.: Introduction to functional dependency network analysis. In: The MITRE Corporation and Old Dominion, Second International Symposium on Engineering Systems, vol. 5. MIT, Cambridge, MA (2009)

    Google Scholar 

  44. NIST: National vulnerability database. https://nvd.nist.gov/vuln/data-feeds. Accessed 14 Jan 2020

  45. Arghandeh, R., Von Meier, A., Mehrmanesh, L., Mili, L.: On the definition of cyber-physical resilience in power systems. Renew. Sustain. Energy Rev. 58, 1060–1069 (2016)

    Article  Google Scholar 

  46. Bharali, A., Baruah, D.: On network criticality in robustness analysis of a network structure. Malaya J. Matematik (MJM) 7(2), 223–229 (2019)

    Article  MathSciNet  Google Scholar 

  47. Roberson, D., Clarisse Kim, H., Chen, B., Page, C., Nuqui, R., Valdes, A., Macwan, R., Johnson, B.K.: Improving grid resilience using high-voltage dc: strengthening the security of power system stability. IEEE Power Energy Mag. 17(3), 38–47 (2019)

    Article  Google Scholar 

  48. Zobel, C.W.: Quantitatively representing nonlinear disaster recovery. Decis. Sci. 45(6), 1053–1082 (2014)

    Article  Google Scholar 

  49. Tizghadam, A., Leon-Garcia, A.: On robust traffic engineering in transport networks. In: IEEE GLOBECOM 2008—2008 IEEE Global Telecommunications Conference, pp. 1–6. IEEE (2008)

    Google Scholar 

  50. Chung, F.: Laplacians and the cheeger inequality for directed graphs. Ann. Combinatorics 9(1), 1–19 (2005)

    Article  MathSciNet  Google Scholar 

  51. Bernstein, D.S.: Scalar, Vector, and Matrix Mathematics: Theory, Facts, and Formulas-Revised and, Expanded edn. Princeton University Press (2018)

    Google Scholar 

  52. Hwang, C.-L., Lai, Y.-J., Liu, T.-Y.: A new approach for multiple objective decision making. Comput. Oper. Res. 20(8), 889–899 (1993)

    Article  Google Scholar 

  53. Kim, A., Kang, M.H.: Determining asset criticality for cyber defense. Technical report, Naval Research Lab, Washington, DC (2011)

    Book  Google Scholar 

Download references

Acknowledgments

This material is based upon work supported by the Department of Energy under Award Number DE-OE0000780.

Author information

Authors and Affiliations

  1. Computational Modeling and Simulation Engineering, Old Dominion University, 5115 Hampton Blvd, Norfolk, VA, 23529, USA

    Md Ariful Haque & Sachin Shetty

  2. Naval Surface Warfare Center, Crane Division, Crane, IN, 47522, USA

    Kimberly Gold

  3. Risk Analysis and Mitigation, ReliabilityFirst Corporation, 3 Summit Park Drive, Suite 600, Cleveland, OH, 44131, USA

    Bheshaj Krishnappa

Authors
  1. Md Ariful Haque
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sachin Shetty
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kimberly Gold
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bheshaj Krishnappa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Md Ariful Haque .

Editor information

Editors and Affiliations

  1. Department of Computer Science, Electrical and Space Engineering, Luleå University of Technology, Luleå, Sweden

    Ali Ismail Awad

  2. School of Computer Science, University of Nottingham, Nottingham, UK

    Steven Furnell

  3. Systems Research Institute, Polish Academy of Sciences, Warszawa, Poland

    Marcin Paprzycki

  4. Institute of Information Technology and Management, New Delhi, India

    Sudhir Kumar Sharma

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Haque, M.A., Shetty, S., Gold, K., Krishnappa, B. (2021). Realizing Cyber-Physical Systems Resilience Frameworks and Security Practices. In: Awad, A.I., Furnell, S., Paprzycki, M., Sharma, S.K. (eds) Security in Cyber-Physical Systems. Studies in Systems, Decision and Control, vol 339. Springer, Cham. https://doi.org/10.1007/978-3-030-67361-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-67361-1_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-67360-4

  • Online ISBN: 978-3-030-67361-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation