Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Model-Based Cybersecurity Analysis: Extending Enterprise Modeling to Critical Infrastructure Cybersecurity
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. Nanyang Technological University, Singapore. (Distributed Real-Time Systems (DRTS))ORCID iD: 0000-0003-4791-8452
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Information Systems (IS))ORCID iD: 0000-0002-9421-8566
Blekinge Institute of Technology, Karlskrona, Sweden.ORCID iD: 0000-0002-8927-0968
Norgald AB, Göteborg, Sweden.
2023 (English)In: Business & Information Systems Engineering, ISSN 2363-7005, E-ISSN 1867-0202, Vol. 65, no 6, p. 643-676Article in journal (Refereed) Published
Abstract [en]

Critical infrastructure (CIs) such as power grids link a plethora of physical components from many different vendors to the software systems that control them. These systems are constantly threatened by sophisticated cyber attacks. The need to improve the cybersecurity of such CIs, through holistic system modeling and vulnerability analysis, cannot be overstated. This is challenging since a CI incorporates complex data from multiple interconnected physical and computation systems. Meanwhile, exploiting vulnerabilities in different information technology (IT) and operational technology (OT) systems leads to various cascading effects due to interconnections between systems. The paper investigates the use of a comprehensive taxonomy to model such interconnections and the implied dependencies within complex CIs, bridging the knowledge gap between IT security and OT security. The complexity of CI dependence analysis is harnessed by partitioning complicated dependencies into cyber and cyber-physical functional dependencies. These defined functional dependencies further support cascade modeling for vulnerability severity assessment and identification of critical components in a complex system. On top of the proposed taxonomy, the paper further suggests power-grid reference models that enhance the reproducibility and applicability of the proposed method. The methodology followed was design science research (DSR) to support the designing and validation of the proposed artifacts. More specifically, the structural, functional adequacy, compatibility, and coverage characteristics of the proposed artifacts are evaluated through a three-fold validation (two case studies and expert interviews). The first study uses two instantiated power-grid models extracted from existing architectures and frameworks like the IEC 62351 series. The second study involves a real-world municipal power grid.

Place, publisher, year, edition, pages
Springer Nature Switzerland AG , 2023. Vol. 65, no 6, p. 643-676
Keywords [en]
critical infrastructure, domain-specific language, cybersecurity, power grids
National Category
Information Systems
Research subject
Distributed Real-Time Systems; Information Systems
Identifiers
URN: urn:nbn:se:his:diva-22495DOI: 10.1007/s12599-023-00811-0ISI: 000982391100001Scopus ID: 2-s2.0-85158156411OAI: oai:DiVA.org:his-22495DiVA, id: diva2:1755265
Part of project
CPS-based resilience for critical infrastructure protection, Vinnova
Funder
University of Skövde
Note

CC BY 4.0

© 2023 Springer Nature Switzerland AG. Part of Springer Nature.

Paper is partly based on the results of the EU ISF project ELVIRA, his.se/elvira

We thank the colleagues from the ELVIRA project for their contributions to earlier versions of the taxonomy. We are in particular grateful to Yacine Atif for his support and encouragement. Many thanks also to the interview partners for helping to validate the usefulness of our approach. Finally, we thank the anonymous reviewers for their diligent and constructive evaluations

Open access funding provided by University of Skövde.

Available from: 2023-05-07 Created: 2023-05-07 Last updated: 2023-12-13Bibliographically approved

Open Access in DiVA

fulltext(15778 kB)141 downloads
File information
File name FULLTEXT02.pdfFile size 15778 kBChecksum SHA-512
9730c72d9f2f64a2ababedf6ce82a2fc54cf819188c7c29182904e8abcb0667714517d93a6064a7dd4718d9718d3d980b99ca5c8fb7646977dfccfd30ffc933a
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Jiang, YuningJeusfeld, Manfred A.Ding, Jianguo

Search in DiVA

By author/editor
Jiang, YuningJeusfeld, Manfred A.Ding, Jianguo
By organisation
School of InformaticsInformatics Research Environment
In the same journal
Business & Information Systems Engineering
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 246 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 678 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf