Projecten per jaar
Samenvatting
Cyber-Physical Systems (CPS) are (connected) computer systems used to monitor and control physical processes using digital control programs. Cyberattacks targeting CPS can cause physical impact with potentially devastating consequences. While some past attacks required expert CPS knowledge (e.g., Stuxnet), other attacks could be implemented by anyone, solely with pure IT knowledge. Understanding what causes these differences is essential in effectively defending CPS, however, as of now, there is no way of qualifying let alone quantifying them. In this paper, we first define a notion of (non-monetary) attack 'cost' focusing on the required CPS-specific attacker knowledge. We then identify several context factors that may influence this cost and, finally, provide a methodology to analyze the relation between attack cost and CPS-context using past cyberattacks. To validate the methodology in a reproducible way, we apply it to publicly reported CPS incidents with physical impact. Though this constitutes only a small set of attacks, our methodology is able to find correlations between context factors and the attack cost, as well as significant differences in context factors between CPS domains.
Originele taal-2 | Engels |
---|---|
Titel | IEEE European Symposium on Security and Privacy Workshops |
Pagina's | 112-129 |
Aantal pagina's | 18 |
ISBN van elektronische versie | 979-8-3503-6729-4 |
DOI's | |
Status | Gepubliceerd - 20 aug. 2024 |
Evenement | 6th Workshop on Attackers and Cyber-Crime Operations - Vienna, Oostenrijk Duur: 8 jul. 2024 → 8 jul. 2024 Congresnummer: 6 https://wacco-workshop.org/past/2024/index.html |
Publicatie series
Naam | |
---|---|
Uitgeverij | IEEE |
ISSN van elektronische versie | 2768-0657 |
Workshop
Workshop | 6th Workshop on Attackers and Cyber-Crime Operations |
---|---|
Verkorte titel | WACCO 2024 |
Land/Regio | Oostenrijk |
Stad | Vienna |
Periode | 8/07/24 → 8/07/24 |
Internet adres |
Financiering
This research was funded by the Dutch Research Council (NWO), grant number 628.001.032 (DEPICT) and NWA.1160.18.301 (INTERSECT). We thank Daniel dos Santos from Forescout and Stash Kempinski (TU/e) for sharing feedback and domain expertise. We thank the anonymous reviewers for their helpful comments and pointers to relevant literature. As part of the openreport model followed by the Workshop on Attackers & CyberCrime Operations (WACCO), all the reviews for this paper are publicly available at https://github.com/wacco-workshop/WACCO/tree/main/WACCO-2024. For the purpose of open access, a CC-BY-4.0 public copyright licence is applied to any Author Accepted Manuscript.
Financiers | Financiernummer |
---|---|
Nederlandse Organisatie voor Wetenschappelijk Onderzoek | 628.001.032, NWA.1160.18.301 |
Vingerafdruk
Duik in de onderzoeksthema's van 'A Methodology to Measure the "Cost" of CPS Attacks: Not all CPS Networks are Created Equal'. Samen vormen ze een unieke vingerafdruk.Projecten
- 1 Actief
-
INTERSECT: NWA.1160.18.301 An Internet of Secure Things - INTERSECT (SENS)
Luyk, M. (Project communicatie medewerker), Allodi, L. (Projectmedewerker), Leite, C. (Projectmedewerker), Sciancalepore, S. (Projectmedewerker), Kempinski, S. (Projectmedewerker), George, D. R. (Projectmedewerker), den Hartog, J. I. (Projectmedewerker), Matthijsse-van Geenen, J. (Projectmedewerker), Gankhuyag, G. (Projectmedewerker), Weffers, H. (Project Manager) & Etalle, S. (Projectmedewerker)
20/02/20 → 31/08/28
Project: Second tier
Datasets
-
Measuring the "Cost" of CPS Attacks: Not all CPS Networks are Created Equal Dataset
Rosso, M. (Ontwerper), Eindhoven University of Technology, 2024
DOI: 10.4121/2cd80dea-9eea-4dfb-b0d3-3e72c0e47804
Dataset