Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design

Bryan M. Orhalloran, Nikolaos Papakonstantinou, Douglas L. Van Bossuyt

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    2 Citations (Scopus)

    Abstract

    This research contributes to the lifecycle assessment of complex cyber-physical systems (CCPSs) to better understand and mitigate risks of malicious attacks through design. This assessment capability is proposed during the early phase of engineering design where significant decision-making flexibility exists. This is done by assessing potential malicious attacks carried out by humans interacting with the system across all phases of the system's lifecycle. We propose a novel quantification of an attacker-centric risk, then optimize the large set of attacks using a genetic algorithm. This research is motivated by the increased vulnerability of CCPSs due to their increasingly complex interconnected and digitally connected nature. A specific area of interest for CCPSs has been the increasing degree of connectedness. For example, several recent federal reports indicate that significant risk exists in the design of commercial aircraft where the entertainment system is connected to the avionics through a central network. The result is an increased ability to attack a specific subsystem or component to produce system failure. These findings, as well as others, have led to a significant concern with malicious attacks to target critical components of the CCPS. While assessments can be performed on a CCPS during the later phases of engineering design, techniques are currently not available during the early phase. We propose an assessment technique which is useful to practitioners during conceptual design. In this research, we assess a nuclear power plant as an example CCPS. The resulting methodology provides useful insight to the risks of malicious attacks throughout the system's lifecycle.
    Original languageEnglish
    Title of host publicationProceedings of 16th International Conference on Industrial Informatics
    Subtitle of host publicationINDIN 2018
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Pages733-740
    Number of pages8
    ISBN (Electronic)978-1-5386-4829-2, 978-1-5386-4828-5
    ISBN (Print)978-1-5386-4830-8
    DOIs
    Publication statusPublished - 27 Sep 2018
    MoE publication typeNot Eligible
    Event16th IEEE International Conference on Industrial Informatics, INDIN 2018 - Porto, Portugal
    Duration: 18 Jul 201820 Jul 2018
    Conference number: 16

    Conference

    Conference16th IEEE International Conference on Industrial Informatics, INDIN 2018
    Abbreviated titleINDIN 2018
    CountryPortugal
    CityPorto
    Period18/07/1820/07/18

    Fingerprint

    Systems analysis
    Avionics
    Conceptual design
    Nuclear power plants
    Cyber Physical System
    System design
    Attack
    Genetic algorithms
    Decision making
    Aircraft

    Keywords

    • Cyber-physical systems
    • Design methods
    • Engineering design
    • Failure propagation
    • Systems engineering

    Cite this

    Orhalloran, B. M., Papakonstantinou, N., & Van Bossuyt, D. L. (2018). Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design. In Proceedings of 16th International Conference on Industrial Informatics: INDIN 2018 (pp. 733-740). [8471937] IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/INDIN.2018.8471937
    Orhalloran, Bryan M. ; Papakonstantinou, Nikolaos ; Van Bossuyt, Douglas L. / Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design. Proceedings of 16th International Conference on Industrial Informatics: INDIN 2018. IEEE Institute of Electrical and Electronic Engineers , 2018. pp. 733-740
    @inproceedings{752daa65bd1f4f80bd194fbed81f2276,
    title = "Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design",
    abstract = "This research contributes to the lifecycle assessment of complex cyber-physical systems (CCPSs) to better understand and mitigate risks of malicious attacks through design. This assessment capability is proposed during the early phase of engineering design where significant decision-making flexibility exists. This is done by assessing potential malicious attacks carried out by humans interacting with the system across all phases of the system's lifecycle. We propose a novel quantification of an attacker-centric risk, then optimize the large set of attacks using a genetic algorithm. This research is motivated by the increased vulnerability of CCPSs due to their increasingly complex interconnected and digitally connected nature. A specific area of interest for CCPSs has been the increasing degree of connectedness. For example, several recent federal reports indicate that significant risk exists in the design of commercial aircraft where the entertainment system is connected to the avionics through a central network. The result is an increased ability to attack a specific subsystem or component to produce system failure. These findings, as well as others, have led to a significant concern with malicious attacks to target critical components of the CCPS. While assessments can be performed on a CCPS during the later phases of engineering design, techniques are currently not available during the early phase. We propose an assessment technique which is useful to practitioners during conceptual design. In this research, we assess a nuclear power plant as an example CCPS. The resulting methodology provides useful insight to the risks of malicious attacks throughout the system's lifecycle.",
    keywords = "Cyber-physical systems, Design methods, Engineering design, Failure propagation, Systems engineering",
    author = "Orhalloran, {Bryan M.} and Nikolaos Papakonstantinou and {Van Bossuyt}, {Douglas L.}",
    year = "2018",
    month = "9",
    day = "27",
    doi = "10.1109/INDIN.2018.8471937",
    language = "English",
    isbn = "978-1-5386-4830-8",
    pages = "733--740",
    booktitle = "Proceedings of 16th International Conference on Industrial Informatics",
    publisher = "IEEE Institute of Electrical and Electronic Engineers",
    address = "United States",

    }

    Orhalloran, BM, Papakonstantinou, N & Van Bossuyt, DL 2018, Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design. in Proceedings of 16th International Conference on Industrial Informatics: INDIN 2018., 8471937, IEEE Institute of Electrical and Electronic Engineers , pp. 733-740, 16th IEEE International Conference on Industrial Informatics, INDIN 2018, Porto, Portugal, 18/07/18. https://doi.org/10.1109/INDIN.2018.8471937

    Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design. / Orhalloran, Bryan M.; Papakonstantinou, Nikolaos; Van Bossuyt, Douglas L.

    Proceedings of 16th International Conference on Industrial Informatics: INDIN 2018. IEEE Institute of Electrical and Electronic Engineers , 2018. p. 733-740 8471937.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design

    AU - Orhalloran, Bryan M.

    AU - Papakonstantinou, Nikolaos

    AU - Van Bossuyt, Douglas L.

    PY - 2018/9/27

    Y1 - 2018/9/27

    N2 - This research contributes to the lifecycle assessment of complex cyber-physical systems (CCPSs) to better understand and mitigate risks of malicious attacks through design. This assessment capability is proposed during the early phase of engineering design where significant decision-making flexibility exists. This is done by assessing potential malicious attacks carried out by humans interacting with the system across all phases of the system's lifecycle. We propose a novel quantification of an attacker-centric risk, then optimize the large set of attacks using a genetic algorithm. This research is motivated by the increased vulnerability of CCPSs due to their increasingly complex interconnected and digitally connected nature. A specific area of interest for CCPSs has been the increasing degree of connectedness. For example, several recent federal reports indicate that significant risk exists in the design of commercial aircraft where the entertainment system is connected to the avionics through a central network. The result is an increased ability to attack a specific subsystem or component to produce system failure. These findings, as well as others, have led to a significant concern with malicious attacks to target critical components of the CCPS. While assessments can be performed on a CCPS during the later phases of engineering design, techniques are currently not available during the early phase. We propose an assessment technique which is useful to practitioners during conceptual design. In this research, we assess a nuclear power plant as an example CCPS. The resulting methodology provides useful insight to the risks of malicious attacks throughout the system's lifecycle.

    AB - This research contributes to the lifecycle assessment of complex cyber-physical systems (CCPSs) to better understand and mitigate risks of malicious attacks through design. This assessment capability is proposed during the early phase of engineering design where significant decision-making flexibility exists. This is done by assessing potential malicious attacks carried out by humans interacting with the system across all phases of the system's lifecycle. We propose a novel quantification of an attacker-centric risk, then optimize the large set of attacks using a genetic algorithm. This research is motivated by the increased vulnerability of CCPSs due to their increasingly complex interconnected and digitally connected nature. A specific area of interest for CCPSs has been the increasing degree of connectedness. For example, several recent federal reports indicate that significant risk exists in the design of commercial aircraft where the entertainment system is connected to the avionics through a central network. The result is an increased ability to attack a specific subsystem or component to produce system failure. These findings, as well as others, have led to a significant concern with malicious attacks to target critical components of the CCPS. While assessments can be performed on a CCPS during the later phases of engineering design, techniques are currently not available during the early phase. We propose an assessment technique which is useful to practitioners during conceptual design. In this research, we assess a nuclear power plant as an example CCPS. The resulting methodology provides useful insight to the risks of malicious attacks throughout the system's lifecycle.

    KW - Cyber-physical systems

    KW - Design methods

    KW - Engineering design

    KW - Failure propagation

    KW - Systems engineering

    UR - http://www.scopus.com/inward/record.url?scp=85055542833&partnerID=8YFLogxK

    U2 - 10.1109/INDIN.2018.8471937

    DO - 10.1109/INDIN.2018.8471937

    M3 - Conference article in proceedings

    AN - SCOPUS:85055542833

    SN - 978-1-5386-4830-8

    SP - 733

    EP - 740

    BT - Proceedings of 16th International Conference on Industrial Informatics

    PB - IEEE Institute of Electrical and Electronic Engineers

    ER -

    Orhalloran BM, Papakonstantinou N, Van Bossuyt DL. Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design. In Proceedings of 16th International Conference on Industrial Informatics: INDIN 2018. IEEE Institute of Electrical and Electronic Engineers . 2018. p. 733-740. 8471937 https://doi.org/10.1109/INDIN.2018.8471937