his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards Threat Modeling for CPS-based Critical Infrastructure Protection
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Distribuerade realtidssystem (DRTS), Distributed Real-Time Systems)ORCID iD: 0000-0002-8927-0968
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Distribuerade realtidssystem (DRTS), Distributed Real-Time Systems)ORCID iD: 0000-0002-1039-5830
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Distribuerade realtidssystem (DRTS), Distributed Real-Time Systems)ORCID iD: 0000-0001-7106-0025
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Distribuerade realtidssystem (DRTS), Distributed Real-Time Systems)ORCID iD: 0000-0002-6662-9034
2015 (English)In: Proceedings of the International Emergency Management Society (TIEMS), 22nd TIEMS Annual Conference: Evolving threats and vulnerability landscape: new challenges for the emergency management / [ed] Snjezana Knezic & Meen Poudyal Chhetri, Brussels: TIEMS, The International Emergency Management Society , 2015, Vol. 22Conference paper (Refereed)
Abstract [en]

With the evolution of modern Critical Infrastructures (CI), more Cyber-Physical systems are integrated into the traditional CIs. This makes the CIs a multidimensional complex system, which is characterized by integrating cyber-physical systems into CI sectors (e.g., transportation, energy or food & agriculture). This integration creates complex interdependencies and dynamics among the system and its components. We suggest using a model with a multi-dimensional operational specification to allow detection of operational threats. Embedded (and distributed) information systems are critical parts of the CI where disruption can lead to serious consequences. Embedded information system protection is therefore crucial. As there are many different stakeholders of a CI, comprehensive protection must be viewed as a cross-sector activity to identify and monitor the critical elements, evaluate and determine the threat, and eliminate potential vulnerabilities in the CI. A systematic approach to threat modeling is necessary to support the CI threat and vulnerability assessment. We suggest a Threat Graph Model (TGM) to systematically model the complex CIs. Such modeling is expected to help the understanding of the nature of a threat and its impact on throughout the system. In order to handle threat cascading, the model must capture local vulnerabilities as well as how a threat might propagate to other components. The model can be used for improving the resilience of the CI by encouraging a design that enhances the system's ability to predict threats and mitigate their damages. This paper surveys and investigates the various threats and current approaches to threat modeling of CI. We suggest integrating both a vulnerability model and an attack model, and we incorporate the interdependencies within CI cross CI sectors. Finally, we present a multi-dimensional threat modeling approach for critical infrastructure protection.

Place, publisher, year, edition, pages
Brussels: TIEMS, The International Emergency Management Society , 2015. Vol. 22
Keyword [en]
Critical infrastructure protection (CIP), threat modeling, threat cascading, threat mitigation
National Category
Computer and Information Science
Research subject
Natural sciences; Technology
Identifiers
URN: urn:nbn:se:his:diva-11622ISBN: 978-94-90297-13-8 OAI: oai:DiVA.org:his-11622DiVA: diva2:862516
Conference
The 22nd International Emergency Management Society (TIEMS) Annual Conference, Rome, Italy, 30th September – 2nd October 2015
Available from: 2015-10-22 Created: 2015-10-22 Last updated: 2016-06-22Bibliographically approved

Open Access in DiVA

No full text

Search in DiVA

By author/editor
Ding, JianguoLindström, BirgittaMathiason, GunnarAndler, Sten F.
By organisation
School of InformaticsThe Informatics Research Centre
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar

Total: 1053 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf