Impact Propagation in Airport Systems

Köpke, Corinna; Srivastava, Kushal; König, Louis; Miller, Natalie; Fehling-Kaschek, M.; Burke, Kelly; Mangini, Matteo; Praça, Isabel; Canito, Alda; Carvalho, Olga; Apolinário, Filipe; Escravana, Nelson; Carstengerdes, Nils; Stelkens-Kobsch, Tim H.

doi:10.1007/978-3-030-69781-5_13

Cited by 7 publications

(2 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[44], cyber and/or physical attacks [47]- [49], [51], [55], etc. Some research works concentrate on a type of asset whatever its granularity (healthcare [44], civil aviation [46], power systems [50], [51], [53], [56], port infrastructure [48], airport infrastructure [57], supply chain [56], ADS-B system [46], etc.). However, to our knowledge, no research work is dedicated to the definition of an approach for cyber or physical incident propagation in a healthcare infrastructure as a whole.…”

Section: B Incident Propagation Models and Approachesmentioning

confidence: 99%

Semantic-Based Approach for Cyber-Physical Cascading Effects Within Healthcare Infrastructures

et al. 2022

View full text Add to dashboard Cite

This paper presents a framework for integrated cyber-physical security propagation study within critical infrastructures (hospitals use case). The framework includes an ontology for the semantic modeling of cyber-physical security. The impact propagation approach relies on propagation rules inferring the cascading effects of security incidents occurring in hospitals. An impact score module allows evaluating impacts' severity, considering implemented protection measures. This work is part of the European project SAFECARE, which provides a set of tests and demonstration sessions in partnership with 3 hospitals in Europe. During these tests, we measured effectiveness and efficiency metrics, as well as end users' satisfaction feedback. Experiments performed on real attack scenarios, show high effectiveness rates and a common agreement from end-users about the added value of the solution to enhance risks analysis practice and increase hospitals mitigation strategies efficiency.

show abstract

Section: B Incident Propagation Models and Approachesmentioning

confidence: 99%

Semantic-Based Approach for Cyber-Physical Cascading Effects Within Healthcare Infrastructures

et al. 2022

View full text Add to dashboard Cite

show abstract

“…In this work, we describe the SMS-I tool, which deals with the analysis of data from heterogeneous systems over different time frames, correlates them to find evidence of the causes of an attack, and supports the definition of remediation measures in a collabora-tive way. SMS-I was firstly designed in the scope of the SATIE project, which aimed to build a security Toolkit [21] in order to protect critical air transport infrastructure against combined cyber-physical threats by improving the cyber-physical correlations, forensics investigations and dynamic impact assessment at airports. However, SMS-I can work with data from any security CPS since it analyses additional security details, providing contextual and semantic data to identify causes for security events and threats.…”

Section: Introductionmentioning

confidence: 99%

SMS-I: Intelligent Security for Cyber–Physical Systems

et al. 2022

View full text Add to dashboard Cite

Critical infrastructures are an attractive target for attackers, mainly due to the catastrophic impact of these attacks on society. In addition, the cyber–physical nature of these infrastructures makes them more vulnerable to cyber–physical threats and makes the detection, investigation, and remediation of security attacks more difficult. Therefore, improving cyber–physical correlations, forensics investigations, and Incident response tasks is of paramount importance. This work describes the SMS-I tool that allows the improvement of these security aspects in critical infrastructures. Data from heterogeneous systems, over different time frames, are received and correlated. Both physical and logical security are unified and additional security details are analysed to find attack evidence. Different Artificial Intelligence (AI) methodologies are used to process and analyse the multi-dimensional data exploring the temporal correlation between cyber and physical Alerts and going beyond traditional techniques to detect unusual Events, and then find evidence of attacks. SMS-I’s Intelligent Dashboard supports decision makers in a deep analysis of how the breaches and the assets were explored and compromised. It assists and facilitates the security analysts using graphical dashboards and Alert classification suggestions. Therefore, they can more easily identify anomalous situations that can be related to possible Incident occurrences. Users can also explore information, with different levels of detail, including logical information and technical specifications. SMS-I also integrates with a scalable and open Security Incident Response Platform (TheHive) that enables the sharing of information about security Incidents and helps different organizations better understand threats and proactively defend their systems and networks.

show abstract