Abstract
Cyber-Physical Systems (CPSs) are complex systems that evolve from the integrations of components dealing with real-time computations and physical processes, along with networking. CPSs often incorporate approaches merging from different scientific fields such as embedded systems, control systems, operational technology, information technology systems (ITS), and cybernetics. Major cybersecurity concerns are rising around CPSs because of their expanding uses in the modern world today. Often the security concerns are limited to deriving risk analytics and security assessment. Others focus on the development of intrusion detection and prevention systems. To make the CPSs resilient, it needs a thorough understanding of the current cybersecurity frameworks proposed by different governing bodies in this domain. It is also imperative to realize how these frameworks are applying established security practices. To address the gap in understanding the defense-in-depth security architectures and achieving them within the CPS domain, we analyze the cybersecurity frameworks and the challenges in applying them. To give some background information, we start a discussion of the differences between ITS and CPS. We then present a state-of-the-art review of some of the existing cybersecurity frameworks for risk and resilience management. Finally, we propose formal techniques to realize the frameworks and security practices in the CPS domain by providing quantitative resilience analytics.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Griffor, E.R., Greer, C., Wollman, D.A., Burns, M.J.: Framework for cyber-physical systems: vol. 1. Overview, Technical report (2017)
Shi, L., Dai, Q., Ni, Y.: Cyber-physical interactions in power systems: a review of models, methods, and applications. Electr. Power Syst. Res. 163, 396–412 (2018)
Zhang, T., Wang, Y., Liang, X., Zhuang, Z., Xu, W.: Cyber attacks in cyber-physical power systems: a case study with gprs-based scada systems. In: 2017 29th Chinese Control And Decision Conference (CCDC), pp. 6847–6852. IEEE (2017)
Macaulay, T., Singer, B.L.: Cybersecurity for industrial control systems: SCADA, DCS. HMI, and SIS. Auerbach Publications, PLC (2016)
Stouffer, K., Falco, J., Scarfone, K.: Guide to Industrial Control Systems (ICS) Security, vol. 800, no. 82, p. 16. NIST Special Publication (2011)
Colbert, E.J.M., Kott, A.: Cyber-Security of SCADA and Other Industrial Control Systems, vol. 66. Springer (2016)
Johnson, A., Dempsey, K., Ross, R., Gupta, S., Bailey, D.: Guide for Security-Focused Configuration Management of Information Systems, vol. 800, no. 128, p. 16. NIST Special Publication (2011)
Cyware: Understanding the difference between risk, threat, and vulnerability (2019). https://cyware.com/news/understanding-the-difference-between-risk-threat-and-vulnerability-c5210e89
Blank, R.M.: Guide for conducting risk assessments (2011)
Lewis, T.G.: Network Science: Theory and Applications. Wiley (2011)
Haque, M.A., Gochhayat, S.P., Shetty, S., Krishnappa, B.: Simulation Foundations, Methods and Applications. SFMA) series, Cloud-Based Simulation Platform for Quantifying Cyber-Physical Systems Resilience. Springer (2020)
Chen, T., Abu-Nimeh, S.: Lessons from stuxnet. Computer 44(4), 91–93 (2011)
Mittal, S., Tolk, A.: Complexity Challenges in Cyber Physical Systems: Using Modeling and Simulation (M&S) to Support Intelligence. Wiley, Adaptation and Autonomy (2019)
Haque, M.A., Shetty, S., Krishnappa, B.: Cyber-physical system resilience. In: Complexity Challenges in Cyber Physical Systems: Using Modeling and Simulation (M&S) to Support Intelligence, Adaptation and Autonomy (2019)
Laing, C.: Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection. IGI Global (2012)
Bruneau, M., Chang, S.E., Eguchi, R.T., Lee, G.C., O’Rourke, T.D., Reinhorn, A.M., Shinozuka, M., Tierney, K., Wallace, W.A., Winterfeldt, D.V.: A framework to quantitatively assess and enhance the seismic resilience of communities. Earthquake Spectra 19(4), 733–752 (2003)
Tierney, K., Bruneau, M.: Conceptualizing and measuring resilience: a key to disaster loss reduction. TR News (250) (2007)
National Research Council et al.: Disaster resilience: a national imperative (2012)
Ross, R.S.: Recommended security controls for federal information systems and organizations [includes updates through 9/14/2009]. Technical report (2009)
Sedgewick, A.: Framework for improving critical infrastructure cybersecurity, version 1.0. Technical report (2014)
Haque, M.A., De Teyou, G.K., Shetty, S., Krishnappa, B.: Cyber resilience framework for industrial control systems: concepts, metrics, and insights. In: 2018 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 25–30. IEEE (2018)
Haque, M.A., Shetty, S., Krishnappa, B.: ICS-CRAT: a cyber resilience assessment tool for industrial control systems. In: 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), pp. 273–281. IEEE (2019)
Barker, K., Lambert, J.H., Zobel, C.W., Tapia, A.H., Ramirez-Marquez, J.E., Albert, L., Nicholson, C.D., Caragea, C.: Defining resilience analytics for interdependent cyber-physical-social networks. Sustain. Resilient Infrastructu. 2(2), 59–67 (2017)
DiMase, D., Collier, Z.A., Heffner, K., Linkov, I.: Systems engineering framework for cyber physical security and resilience. Environ. Syst. Decis. 35(2), 291–300 (2015)
Haque, M.A., Shetty, S., Kamdem, G.: Improving bulk power system resilience by ranking critical nodes in the vulnerability graph. In: Proceedings of the Annual Simulation Symposium, p. 8. Society for Computer Simulation International (2018)
Haque, M.A., Shetty, S., Krishnappa, B.: Modeling cyber resilience for energy delivery systems using critical system functionality. In: IEEE Resilience Week 2019, pp. 33–41. IEEE (2019)
Clark, A., Zonouz, S.: Cyber-physical resilience: definition and assessment metric. IEEE Trans. Smart Grid 10(2), 1671–1684 (2017)
Wei, D., Ji, K.: Resilient industrial control system (RICS): concepts, formulation, metrics, and insights. In: 2010 3rd International Symposium on Resilient Control Systems, pp. 15–22. IEEE (2010)
Linkov, I., Eisenberg, D.A., Bates, M.E., Chang, D., Convertino, M., Allen, J.H., Flynn, S.E., Seager, T.P.: Measurable resilience for actionable policy (2013)
JOINT TASK FORCE: Risk Management Framework for Information Systems and Organizations, vol. 800, p. 37. NIST Special Publication (2018)
Bodeau, D., Graubart., R.: Cyber Resiliency Engineering Framework. MTR110237, MITRECorporation (2011)
Cornelius, E., Fabro, M.: Recommended practice: Creating cyber forensics plans for control systems. Technical report, Idaho National Laboratory (INL) (2008)
Fabro, M., Gorski, E., Spiers, N.: Recommended practice: improving industrial control system cybersecurity with defense-in-depth strategies. In: DHS Industrial Control Systems Cyber Emergency Response Team (2016)
Watson, J.-P., Guttromson, R., Silva-Monroy, C., Jeffers, R., Jones, K., Ellison, J., Rath, C., Gearhart, J., Jones, D., Corbet, T., et al.: Conceptual framework for developing resilience metrics for the electricity oil and gas sectors in the united states. Technical report, Sandia National Laboratories, Albuquerque, NM, USA (2014)
ICS-CERT: Recommended practice: developing an industrial control systems cybersecurity incident response capability (2009)
Tom, S., Christiansen, D., Berrett, D.: Recommended practice for patch management of control systems. Technical report, Idaho National Laboratory (INL) (2008)
ICS-CERT: Recommended practice: updating antivirus in an industrial control system (2018)
Saaty, T.L.: Relative measurement and its generalization in decision making why pairwise comparisons are central in mathematics for the measurement of intangible factors the analytic hierarchy/network process. RACSAM-Revista de la Real Academia de Ciencias Exactas, Fisicas y Naturales. Serie A. Matematicas 102(2), 251–318 (2008)
Wilamowski, G.C., Dever, J.R., Stuban, S.M.F.: Using analytical hierarchy and analytical network processes to create cyber security metrics. Def. Acquisit. Res. J.: Publicat. Def.e Acquisit. Univ. 24(2) (2017)
Sun, K., Jajodia, S., Li, J., Cheng, Y., Tang, W., Singhal, A.: Automatic security analysis using security metrics. In: 2011-MILCOM 2011 Military Communications Conference, pp. 1207–1212. IEEE (2011)
Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. In: Published by FIRST-Forum of Incident Response and Security Teams, vol. 1, p. 23 (2007)
Haque, M.A.: Analysis of bulk power system resilience using vulnerability graph (2018)
Garvey, P.R., Ariel Pinto, C.: Introduction to functional dependency network analysis. In: The MITRE Corporation and Old Dominion, Second International Symposium on Engineering Systems, vol. 5. MIT, Cambridge, MA (2009)
NIST: National vulnerability database. https://nvd.nist.gov/vuln/data-feeds. Accessed 14 Jan 2020
Arghandeh, R., Von Meier, A., Mehrmanesh, L., Mili, L.: On the definition of cyber-physical resilience in power systems. Renew. Sustain. Energy Rev. 58, 1060–1069 (2016)
Bharali, A., Baruah, D.: On network criticality in robustness analysis of a network structure. Malaya J. Matematik (MJM) 7(2), 223–229 (2019)
Roberson, D., Clarisse Kim, H., Chen, B., Page, C., Nuqui, R., Valdes, A., Macwan, R., Johnson, B.K.: Improving grid resilience using high-voltage dc: strengthening the security of power system stability. IEEE Power Energy Mag. 17(3), 38–47 (2019)
Zobel, C.W.: Quantitatively representing nonlinear disaster recovery. Decis. Sci. 45(6), 1053–1082 (2014)
Tizghadam, A., Leon-Garcia, A.: On robust traffic engineering in transport networks. In: IEEE GLOBECOM 2008—2008 IEEE Global Telecommunications Conference, pp. 1–6. IEEE (2008)
Chung, F.: Laplacians and the cheeger inequality for directed graphs. Ann. Combinatorics 9(1), 1–19 (2005)
Bernstein, D.S.: Scalar, Vector, and Matrix Mathematics: Theory, Facts, and Formulas-Revised and, Expanded edn. Princeton University Press (2018)
Hwang, C.-L., Lai, Y.-J., Liu, T.-Y.: A new approach for multiple objective decision making. Comput. Oper. Res. 20(8), 889–899 (1993)
Kim, A., Kang, M.H.: Determining asset criticality for cyber defense. Technical report, Naval Research Lab, Washington, DC (2011)
Acknowledgments
This material is based upon work supported by the Department of Energy under Award Number DE-OE0000780.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Haque, M.A., Shetty, S., Gold, K., Krishnappa, B. (2021). Realizing Cyber-Physical Systems Resilience Frameworks and Security Practices. In: Awad, A.I., Furnell, S., Paprzycki, M., Sharma, S.K. (eds) Security in Cyber-Physical Systems. Studies in Systems, Decision and Control, vol 339. Springer, Cham. https://doi.org/10.1007/978-3-030-67361-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-67361-1_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-67360-4
Online ISBN: 978-3-030-67361-1
eBook Packages: EngineeringEngineering (R0)