A Methodology to Measure the "Cost" of CPS Attacks: Not all CPS Networks are Created Equal

Abstract

Cyber-Physical Systems (CPS) are (connected) computer systems used to monitor and control physical processes using digital control programs. Cyberattacks against CPS can cause physical impact with potentially devastating consequences. While some past attacks required expert CPS knowledge (e.g., Stuxnet), other attacks could be done by anyone, solely with pure IT knowledge. Understanding what causes these differences is essential in effectively defending systems, but there is currently no way of qualifying let alone quantifying them. In this paper, we first define a notion of attack “cost” focusing on the required CPS-specific attacker knowledge. We then identify several context factors that may influence this cost and, finally, provide a methodology to analyze the relation between attack cost and CPS-context factors using past cyberattacks. To validate the methodology in a reproducible way, we apply it to publicly reported CPS incidents with physical impact. Though this constitutes only a small set of attacks, our methodology is able to find correlations between context factors and the attack cost, as well as significant differences in context factors between CPS domains.

Emmanuele Zambon

Assistant Professor

My research interests include Industrial Control System security and network intrusion detection.