Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design

Bryan M. Orhalloran, Nikolaos Papakonstantinou, Douglas L. Van Bossuyt

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    6 Citations (Scopus)


    This research contributes to the lifecycle assessment of complex cyber-physical systems (CCPSs) to better understand and mitigate risks of malicious attacks through design. This assessment capability is proposed during the early phase of engineering design where significant decision-making flexibility exists. This is done by assessing potential malicious attacks carried out by humans interacting with the system across all phases of the system's lifecycle. We propose a novel quantification of an attacker-centric risk, then optimize the large set of attacks using a genetic algorithm. This research is motivated by the increased vulnerability of CCPSs due to their increasingly complex interconnected and digitally connected nature. A specific area of interest for CCPSs has been the increasing degree of connectedness. For example, several recent federal reports indicate that significant risk exists in the design of commercial aircraft where the entertainment system is connected to the avionics through a central network. The result is an increased ability to attack a specific subsystem or component to produce system failure. These findings, as well as others, have led to a significant concern with malicious attacks to target critical components of the CCPS. While assessments can be performed on a CCPS during the later phases of engineering design, techniques are currently not available during the early phase. We propose an assessment technique which is useful to practitioners during conceptual design. In this research, we assess a nuclear power plant as an example CCPS. The resulting methodology provides useful insight to the risks of malicious attacks throughout the system's lifecycle.
    Original languageEnglish
    Title of host publicationProceedings of 16th International Conference on Industrial Informatics
    Subtitle of host publicationINDIN 2018
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Number of pages8
    ISBN (Electronic)978-1-5386-4829-2, 978-1-5386-4828-5
    ISBN (Print)978-1-5386-4830-8
    Publication statusPublished - 27 Sept 2018
    MoE publication typeNot Eligible
    Event16th IEEE International Conference on Industrial Informatics, INDIN 2018 - Porto, Portugal
    Duration: 18 Jul 201820 Jul 2018
    Conference number: 16


    Conference16th IEEE International Conference on Industrial Informatics, INDIN 2018
    Abbreviated titleINDIN 2018


    • Cyber-physical systems
    • Design methods
    • Engineering design
    • Failure propagation
    • Systems engineering


    Dive into the research topics of 'Assessing the Consequence of Cyber and Physical Malicious Attacks in Complex, Cyber-Physical Systems during Early System Design'. Together they form a unique fingerprint.

    Cite this