Show simple item record

dc.contributor.authorAmro, Ahmed Walid
dc.contributor.authorGkioulos, Vasileios
dc.contributor.authorKatsikas, Sokratis
dc.date.accessioned2023-03-14T07:32:10Z
dc.date.available2023-03-14T07:32:10Z
dc.date.created2023-01-09T12:18:44Z
dc.date.issued2022
dc.identifier.issn2471-2566
dc.identifier.urihttps://hdl.handle.net/11250/3058042
dc.description.abstractAutonomous transport is receiving increasing attention, with research and development activities already providing prototype implementations. In this article we focus on Autonomous Passenger Ships (APS), which are being considered as a solution for passenger transport across urban waterways. The ambition of the authors has been to examine the safety and security implications of such a Cyber Physical System (CPS), particularly focusing on threats that endanger the passengers and the operational environment of the APS. Accordingly, the article presents a new risk assessment approach based on a Failure Modes Effects and Criticality Analysis (FMECA) that is enriched with selected semantics and components of the MITRE ATT&CK framework, in order to utilize the encoded common knowledge and facilitate the expression of attacks. Then, the proposed approach is demonstrated through conducting a risk assessment for a communication architecture tailored to the requirements of APSs that were proposed in earlier work. Moreover, we propose a group of graph theory-based metrics for estimating the impact of the identified risks. The use of this method has resulted in the identification of risks and their corresponding countermeasures, in addition to identifying risks with limited existing mitigation mechanisms. The benefits of the proposed approach are the comprehensive, atomic, and descriptive nature of the identified threats, which reduce the need for expert judgment, and the granular impact estimation metrics that reduce the impact of bias. All these features are provided in a semi-automated approach to reduce the required effort and collectively are argued to enrich the design-level risk assessment processes with an updatable industry threat model standard, namely ATT&CK.en_US
dc.language.isoengen_US
dc.publisherAssociation for Computing Machinery (ACM)en_US
dc.titleAssessing Cyber Risk in Cyber-Physical Systems Using the ATT&CK Frameworken_US
dc.title.alternativeAssessing Cyber Risk in Cyber-Physical Systems Using the ATT&CK Frameworken_US
dc.typePeer revieweden_US
dc.typeJournal articleen_US
dc.description.versionacceptedVersionen_US
dc.source.journalACM Transactions on Privacy and Security (TOPS)en_US
dc.identifier.doi10.1145/3571733
dc.identifier.cristin2103183
cristin.ispublishedtrue
cristin.fulltextoriginal
cristin.qualitycode2


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record