Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies. Existing risk assessment methodologies consider physical security and cyber security separately. As such, they do not accurately model attacks that involve defeating both physical protection and cyber protection elements (e.g., hackers turning off alarm systems prior to forced entry). Previous research has developed a risk assessment methodology that accounts for both physical and cyber security, while preserving the traditional security paradigm of detect, delay and respond and accounting for the possibility that a facility may be able to recover from or mitigate the results of a successful attack before serious consequences occur. This research is focused on evidence-based techniques (which are a generalization of probability theory) for evaluating the security posture of the cyber protection systems typically found in critical infrastructure facilities. It presents category-based approaches to characterizing both cyber threats and security primitives such as authentication and network access control. A path-based approach is then used wherein various security primitives protect each link (e.g., attack step) in a given path. The end goal is to evaluate the conditional risk that a given adversary category can traverse an attack path and thereby cause a given consequence of concern. This paper's examples focus on cyber-based attack paths.
展开▼
