Abstract
This research contributes to the lifecycle assessment of complex cyber-physical systems (CCPSs) to better understand and mitigate risks of malicious attacks through design. This assessment capability is proposed during the early phase of engineering design where significant decision-making flexibility exists. This is done by assessing potential malicious attacks carried out by humans interacting with the system across all phases of the system's lifecycle. We propose a novel quantification of an attacker-centric risk, then optimize the large set of attacks using a genetic algorithm. This research is motivated by the increased vulnerability of CCPSs due to their increasingly complex interconnected and digitally connected nature. A specific area of interest for CCPSs has been the increasing degree of connectedness. For example, several recent federal reports indicate that significant risk exists in the design of commercial aircraft where the entertainment system is connected to the avionics through a central network. The result is an increased ability to attack a specific subsystem or component to produce system failure. These findings, as well as others, have led to a significant concern with malicious attacks to target critical components of the CCPS. While assessments can be performed on a CCPS during the later phases of engineering design, techniques are currently not available during the early phase. We propose an assessment technique which is useful to practitioners during conceptual design. In this research, we assess a nuclear power plant as an example CCPS. The resulting methodology provides useful insight to the risks of malicious attacks throughout the system's lifecycle.
Original language | English |
---|---|
Title of host publication | Proceedings of 16th International Conference on Industrial Informatics |
Subtitle of host publication | INDIN 2018 |
Publisher | IEEE Institute of Electrical and Electronic Engineers |
Pages | 733-740 |
Number of pages | 8 |
ISBN (Electronic) | 978-1-5386-4829-2, 978-1-5386-4828-5 |
ISBN (Print) | 978-1-5386-4830-8 |
DOIs | |
Publication status | Published - 27 Sept 2018 |
MoE publication type | Not Eligible |
Event | 16th IEEE International Conference on Industrial Informatics, INDIN 2018 - Porto, Portugal Duration: 18 Jul 2018 → 20 Jul 2018 Conference number: 16 |
Conference
Conference | 16th IEEE International Conference on Industrial Informatics, INDIN 2018 |
---|---|
Abbreviated title | INDIN 2018 |
Country/Territory | Portugal |
City | Porto |
Period | 18/07/18 → 20/07/18 |
Keywords
- Cyber-physical systems
- Design methods
- Engineering design
- Failure propagation
- Systems engineering