Dependency based risk analysis in Cyber-Physical Systems
Abstract
The term ”cyber-physical systems” was introduced by Helen Gill at the National Science Foundation around 2006. Cyber-Physical Systems (CPSs) are systems that integrate computation, communication, and controlling capabilities of Information and Communication Technology (ICT), with the traditional infrastructures. This integration aims to facilitate the monitoring and controlling of objects in the physical world as one of the essential requirements of different Critical Infrastructures (CIs), such as manufacturing, healthcare, transportation, and the energy sector [1]. CPSs can be seen as the forerunners of ‘smart’ solutions, such as smart grids, and smart cities.
By moving towards Industry 4.0, the integration between Information Technology (IT) and Operational Technology (OT) has significantly increased and exacerbated the complexity of CPSs. This hinders the comprehensive understanding of interactions in CPSs and causes many interdependencies. An interdependency in a CPS, which mainly refers to the relationship between the IT and OT parts, implies that a failure in the IT part might impact the functionality of the OT and vice versa. While we are witnessing the growing number of cyber attacks that target IT systems on a daily basis and, as the border between OT
and IT is disappearing, CPSs are turning into attractive targets for cyber attacks. Adversaries can take advantage of complex interdependencies in such systems to infiltrate the OT part, affect the operational part of CPSs, and impose safety risks. Indeed, the security of CPSs highly demands a paradigm shift in conventional security methods in particular risk assessment methods. To enhance the security of CPSs and protect them against emerging cyber attacks, an end-to-end mechanism is needed to analyze interactions within the system components to reveal the hidden dependencies as the potential infiltration points across the systems that might be leveraged by adversaries. To this end, this PhD research aims to contribute to improving the security of cyber-physical systems by concentrating on the concept of interdependency and providing a risk assessment method. Interdependency analysis in CPSs is a multifaceted objective that encompasses identification, modeling, and feature extraction in such a way as to support the process of security risk assessment in cyber-physical systems from a unified IT and OT perspective.
The results of this PhD research have been published in three journal articles and three articles in conference proceedings, included in the second part of the thesis.
Has parts
Paper 1: Akbarzadeh, Aida; Pandey, Pankaj; Katsikas, Sokratis. Cyber-Physical Interdependencies in Power Plant Systems: A Review of Cyber Security Risks. I: 2019 IEEE Conference on Information and Communication Technology https://doi.org/10.1109/CICT48419.2019.9066188Paper 2: Akbarzadeh, Aida; Katsikas, Sokratis. Identifying Critical Components in Large Scale Cyber Physical Systems. I: ICSEW'20: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops. Association for Computing Machinery (ACM) https://doi.org/10.1145/3387940.3391473
Paper 3: Akbarzadeh, Aida; Katsikas, Sokratis. Identifying and Analyzing Dependencies in and among Complex Cyber Physical Systems. Sensors 2021 ;Volum 21.(5) https://doi.org/10.3390/s21051685 This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Paper 4: Akbarzadeh, Aida; Katsikas, Sokratis. Dependency-based security risk assessment for cyber-physical systems. International Journal of Information Security 2022 https://doi.org/10.1007/s10207-022-00608-4 This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Paper 5: Akbarzadeh, Aida; Katsikas, Sokratis. Unified IT&OT Modeling for Cybersecurity Analysis of Cyber-Physical Systems. IEEE Open Journal of the Industrial Electronics Society (OJ-IES) 2022 ;Volum 3. s. 318-328 https://doi.org/10.1109/OJIES.2022.3178834 Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Paper 6: Akbarzadeh, Aida; Katsikas, Sokratis. Towards Comprehensive Modeling of CPSs to Discover and Study Interdependencies. Springer 2023 - The final published version is available at https://doi.org/10.1007/978-3-031-25460-4_1