A Methodology to Measure the "Cost" of CPS Attacks: Not all CPS Networks are Created Equal

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

17 Downloads (Pure)

Abstract

Cyber-Physical Systems (CPS) are (connected) computer systems used to monitor and control physical processes using digital control programs. Cyberattacks targeting CPS can cause physical impact with potentially devastating consequences. While some past attacks required expert CPS knowledge (e.g., Stuxnet), other attacks could be implemented by anyone, solely with pure IT knowledge. Understanding what causes these differences is essential in effectively defending CPS, however, as of now, there is no way of qualifying let alone quantifying them. In this paper, we first define a notion of (non-monetary) attack 'cost' focusing on the required CPS-specific attacker knowledge. We then identify several context factors that may influence this cost and, finally, provide a methodology to analyze the relation between attack cost and CPS-context using past cyberattacks. To validate the methodology in a reproducible way, we apply it to publicly reported CPS incidents with physical impact. Though this constitutes only a small set of attacks, our methodology is able to find correlations between context factors and the attack cost, as well as significant differences in context factors between CPS domains.

Original languageEnglish
Title of host publicationIEEE European Symposium on Security and Privacy Workshops
Pages112-129
Number of pages18
ISBN (Electronic)979-8-3503-6729-4
DOIs
Publication statusPublished - 20 Aug 2024
Event6th Workshop on Attackers and Cyber-Crime Operations - Vienna, Austria
Duration: 8 Jul 20248 Jul 2024
Conference number: 6
https://wacco-workshop.org/past/2024/index.html

Publication series

Name
PublisherIEEE
ISSN (Electronic)2768-0657

Workshop

Workshop6th Workshop on Attackers and Cyber-Crime Operations
Abbreviated titleWACCO 2024
Country/TerritoryAustria
CityVienna
Period8/07/248/07/24
Internet address

Funding

This research was funded by the Dutch Research Council (NWO), grant number 628.001.032 (DEPICT) and NWA.1160.18.301 (INTERSECT). We thank Daniel dos Santos from Forescout and Stash Kempinski (TU/e) for sharing feedback and domain expertise. We thank the anonymous reviewers for their helpful comments and pointers to relevant literature. As part of the openreport model followed by the Workshop on Attackers & CyberCrime Operations (WACCO), all the reviews for this paper are publicly available at https://github.com/wacco-workshop/WACCO/tree/main/WACCO-2024. For the purpose of open access, a CC-BY-4.0 public copyright licence is applied to any Author Accepted Manuscript.

FundersFunder number
Nederlandse Organisatie voor Wetenschappelijk Onderzoek628.001.032, NWA.1160.18.301

    Keywords

    • attacker capabilities
    • attacker cost
    • attacker knowledge
    • cyber-physical system
    • industrial control system

    Fingerprint

    Dive into the research topics of 'A Methodology to Measure the "Cost" of CPS Attacks: Not all CPS Networks are Created Equal'. Together they form a unique fingerprint.

    Cite this