Contemporary Critical Infrastructures (CIs), such as the power grid, comprise cyber physical systems that are tightly coupled, to form a complex system of interconnected components with interacting dependencies. Modelling methodologies have been suggested as proper tools to provide better insight into the dependencies and behavioural characteristics of these complex systems. In order to facilitate the study of interconnections in and among critical infrastructures, and to provide a clear view of the interdependencies among their cyber and physical components, this paper proposes a novel method, based on a graphical model called Modified Dependency Structure Matrix (MDSM). The MDSM provides a compact perspective of both inter-dependency and intra-dependency between subsystems of one complex system or two distinct systems. Additionally, we propose four parameters that allow the quantitative assessment of the characteristics of dependencies, including multi-order dependencies in large scale CIs. We illustrate the workings of the proposed method by applying it to a micro-distribution network based on the G2ELAB 14-Bus model. The results provide valuable insight into the dependencies among the network components and substantiate the applicability of the proposed method for analyzing large scale cyber physical systems.
A cyber-physical attack is a security breach in cyber space that impacts on the physical environment. The number and diversity of such attacks against Cyber-Physical Systems (CPSs) are increasing at impressive rates. In times of Industry 4.0 and Cyber-Physical Systems, providing security against cyber-physical attacks is a serious challenge which calls for cybersecurity risk assessment methods capable of investigating the tight interactions and interdependencies between the cyber and the physical components in such systems. However, existing risk assessment methods do not consider this specific characteristic of CPSs. In this paper, we propose a dependency-based, domain-agnostic cybersecurity risk assessment method that leverages a model of the CPS under study that captures dependencies among the system components. The proposed method identifies possible attack paths against critical components of a CPS by taking an attacker’s viewpoint and prioritizes these paths according to their risk to materialize, thus allowing the defenders to define efficient security controls. We illustrate the workings of the proposed method by applying it to a case study of a CPS in the energy domain, and we highlight the advantages that the proposed method offers when used to assess cybersecurity risks in CPSs.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.