Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design

Bryan M. Orhalloran, Nikolaos Papakonstantinou, Douglas L. Van Bossuyt

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

This research contributes to the lifecycle assessment of complex cyber-physical systems (CCPSs) to better understand and mitigate risks of malicious attacks through design. This assessment capability is proposed during the early phase of engineering design where significant decision-making flexibility exists. This is done by assessing potential malicious attacks carried out by humans interacting with the system across all phases of the system's lifecycle. We propose a novel quantification of an attacker-centric risk, then optimize the large set of attacks using a genetic algorithm. This research is motivated by the increased vulnerability of CCPSs due to their increasingly complex interconnected and digitally connected nature. A specific area of interest for CCPSs has been the increasing degree of connectedness. For example, several recent federal reports indicate that significant risk exists in the design of commercial aircraft where the entertainment system is connected to the avionics through a central network. The result is an increased ability to attack a specific subsystem or component to produce system failure. These findings, as well as others, have led to a significant concern with malicious attacks to target critical components of the CCPS. While assessments can be performed on a CCPS during the later phases of engineering design, techniques are currently not available during the early phase. We propose an assessment technique which is useful to practitioners during conceptual design. In this research, we assess a nuclear power plant as an example CCPS. The resulting methodology provides useful insight to the risks of malicious attacks throughout the system's lifecycle.
Original languageEnglish
Title of host publicationProceedings of 16th International Conference on Industrial Informatics
Subtitle of host publicationINDIN 2018
PublisherInstitute of Electrical and Electronic Engineers IEEE
Pages733-740
Number of pages8
ISBN (Electronic)978-1-5386-4829-2, 978-1-5386-4828-5
ISBN (Print)978-1-5386-4830-8
DOIs
Publication statusPublished - 27 Sep 2018
MoE publication typeNot Eligible
Event16th IEEE International Conference on Industrial Informatics, INDIN 2018 - Porto, Portugal
Duration: 18 Jul 201820 Jul 2018
Conference number: 16

Conference

Conference16th IEEE International Conference on Industrial Informatics, INDIN 2018
Abbreviated titleINDIN 2018
CountryPortugal
CityPorto
Period18/07/1820/07/18

Fingerprint

Systems analysis
Avionics
Conceptual design
Nuclear power plants
Cyber Physical System
System design
Attack
Genetic algorithms
Decision making
Aircraft

Keywords

  • Cyber-physical systems
  • Design methods
  • Engineering design
  • Failure propagation
  • Systems engineering

Cite this

Orhalloran, B. M., Papakonstantinou, N., & Van Bossuyt, D. L. (2018). Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design. In Proceedings of 16th International Conference on Industrial Informatics: INDIN 2018 (pp. 733-740). [8471937] Institute of Electrical and Electronic Engineers IEEE. https://doi.org/10.1109/INDIN.2018.8471937
Orhalloran, Bryan M. ; Papakonstantinou, Nikolaos ; Van Bossuyt, Douglas L. / Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design. Proceedings of 16th International Conference on Industrial Informatics: INDIN 2018. Institute of Electrical and Electronic Engineers IEEE, 2018. pp. 733-740
@inproceedings{752daa65bd1f4f80bd194fbed81f2276,
title = "Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design",
abstract = "This research contributes to the lifecycle assessment of complex cyber-physical systems (CCPSs) to better understand and mitigate risks of malicious attacks through design. This assessment capability is proposed during the early phase of engineering design where significant decision-making flexibility exists. This is done by assessing potential malicious attacks carried out by humans interacting with the system across all phases of the system's lifecycle. We propose a novel quantification of an attacker-centric risk, then optimize the large set of attacks using a genetic algorithm. This research is motivated by the increased vulnerability of CCPSs due to their increasingly complex interconnected and digitally connected nature. A specific area of interest for CCPSs has been the increasing degree of connectedness. For example, several recent federal reports indicate that significant risk exists in the design of commercial aircraft where the entertainment system is connected to the avionics through a central network. The result is an increased ability to attack a specific subsystem or component to produce system failure. These findings, as well as others, have led to a significant concern with malicious attacks to target critical components of the CCPS. While assessments can be performed on a CCPS during the later phases of engineering design, techniques are currently not available during the early phase. We propose an assessment technique which is useful to practitioners during conceptual design. In this research, we assess a nuclear power plant as an example CCPS. The resulting methodology provides useful insight to the risks of malicious attacks throughout the system's lifecycle.",
keywords = "Cyber-physical systems, Design methods, Engineering design, Failure propagation, Systems engineering",
author = "Orhalloran, {Bryan M.} and Nikolaos Papakonstantinou and {Van Bossuyt}, {Douglas L.}",
year = "2018",
month = "9",
day = "27",
doi = "10.1109/INDIN.2018.8471937",
language = "English",
isbn = "978-1-5386-4830-8",
pages = "733--740",
booktitle = "Proceedings of 16th International Conference on Industrial Informatics",
publisher = "Institute of Electrical and Electronic Engineers IEEE",
address = "United States",

}

Orhalloran, BM, Papakonstantinou, N & Van Bossuyt, DL 2018, Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design. in Proceedings of 16th International Conference on Industrial Informatics: INDIN 2018., 8471937, Institute of Electrical and Electronic Engineers IEEE, pp. 733-740, 16th IEEE International Conference on Industrial Informatics, INDIN 2018, Porto, Portugal, 18/07/18. https://doi.org/10.1109/INDIN.2018.8471937

Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design. / Orhalloran, Bryan M.; Papakonstantinou, Nikolaos; Van Bossuyt, Douglas L.

Proceedings of 16th International Conference on Industrial Informatics: INDIN 2018. Institute of Electrical and Electronic Engineers IEEE, 2018. p. 733-740 8471937.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design

AU - Orhalloran, Bryan M.

AU - Papakonstantinou, Nikolaos

AU - Van Bossuyt, Douglas L.

PY - 2018/9/27

Y1 - 2018/9/27

N2 - This research contributes to the lifecycle assessment of complex cyber-physical systems (CCPSs) to better understand and mitigate risks of malicious attacks through design. This assessment capability is proposed during the early phase of engineering design where significant decision-making flexibility exists. This is done by assessing potential malicious attacks carried out by humans interacting with the system across all phases of the system's lifecycle. We propose a novel quantification of an attacker-centric risk, then optimize the large set of attacks using a genetic algorithm. This research is motivated by the increased vulnerability of CCPSs due to their increasingly complex interconnected and digitally connected nature. A specific area of interest for CCPSs has been the increasing degree of connectedness. For example, several recent federal reports indicate that significant risk exists in the design of commercial aircraft where the entertainment system is connected to the avionics through a central network. The result is an increased ability to attack a specific subsystem or component to produce system failure. These findings, as well as others, have led to a significant concern with malicious attacks to target critical components of the CCPS. While assessments can be performed on a CCPS during the later phases of engineering design, techniques are currently not available during the early phase. We propose an assessment technique which is useful to practitioners during conceptual design. In this research, we assess a nuclear power plant as an example CCPS. The resulting methodology provides useful insight to the risks of malicious attacks throughout the system's lifecycle.

AB - This research contributes to the lifecycle assessment of complex cyber-physical systems (CCPSs) to better understand and mitigate risks of malicious attacks through design. This assessment capability is proposed during the early phase of engineering design where significant decision-making flexibility exists. This is done by assessing potential malicious attacks carried out by humans interacting with the system across all phases of the system's lifecycle. We propose a novel quantification of an attacker-centric risk, then optimize the large set of attacks using a genetic algorithm. This research is motivated by the increased vulnerability of CCPSs due to their increasingly complex interconnected and digitally connected nature. A specific area of interest for CCPSs has been the increasing degree of connectedness. For example, several recent federal reports indicate that significant risk exists in the design of commercial aircraft where the entertainment system is connected to the avionics through a central network. The result is an increased ability to attack a specific subsystem or component to produce system failure. These findings, as well as others, have led to a significant concern with malicious attacks to target critical components of the CCPS. While assessments can be performed on a CCPS during the later phases of engineering design, techniques are currently not available during the early phase. We propose an assessment technique which is useful to practitioners during conceptual design. In this research, we assess a nuclear power plant as an example CCPS. The resulting methodology provides useful insight to the risks of malicious attacks throughout the system's lifecycle.

KW - Cyber-physical systems

KW - Design methods

KW - Engineering design

KW - Failure propagation

KW - Systems engineering

UR - http://www.scopus.com/inward/record.url?scp=85055542833&partnerID=8YFLogxK

U2 - 10.1109/INDIN.2018.8471937

DO - 10.1109/INDIN.2018.8471937

M3 - Conference article in proceedings

AN - SCOPUS:85055542833

SN - 978-1-5386-4830-8

SP - 733

EP - 740

BT - Proceedings of 16th International Conference on Industrial Informatics

PB - Institute of Electrical and Electronic Engineers IEEE

ER -

Orhalloran BM, Papakonstantinou N, Van Bossuyt DL. Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design. In Proceedings of 16th International Conference on Industrial Informatics: INDIN 2018. Institute of Electrical and Electronic Engineers IEEE. 2018. p. 733-740. 8471937 https://doi.org/10.1109/INDIN.2018.8471937