Cyber-Physical Attack Graphs

Abstract

An attack graph represents the possible scenarios (the possible paths) that an attacker can use to compromise and intrude into a network. The attack graph can be used to determine proactive and reactive security measures. Once an attack graph is generated for a system (which is, in general, a complicated process), it can be used in order to identify the system vulnerabilities, to find out where these vulnerabilities derive from, and, thereby, conduct a security risk assessment. Generally, in the bibliography there is an extensive research around cyber-attack graphs. What is in deficit is the scientific content around cyber-physical attack graphs. With the term “Cyber-Physical Attack Graphs”, we mean the AGs that take under consideration not only the cyber component of a possible attack, but the physical component too (malicious control of PLCs, machinery, physical harm). This research conducts an analysis of the vulnerabilities and the possible attacks in critical infrastructure systems (and we achieve that by analyzing a nuclear plant facility), and aims to provide a solution for the complex problem of defining the semantics and terms for a cyber-physical attack graph. Cyber-physical systems are characterized by a deep integration between cyber elements (e.g. network devices, algorithms, data), physical components (e.g. actuators) and processes. As such, CPS environments usually expose complex networks of dependencies among cyber and physical components designed to deliver a particular task. We call Cyber-Physical Attack Graphs to the class of attack graphs that are able to cover both cyber and physical aspects. The objective of this MSc project is to investigate and solve some of the challenges involved in the modelling of CPAGs. In particular, we are interested in the development of semantics and terms in order to develop CPAGs for modern cyber-physical systems. Cyber-physical systems are very broad, they include every physical system that can be controlled by cyber. In this thesis we focus on critical infrastructures specifically. Our goal is to build a model that is abstract enough to find application in various critical infrastructures –and even other cyber-physical– systems, and also be as specific as possible in order to study the case of a nuclear plant facility. The research is going to be conducted in the following 3 stages: At first, a thorough study around the Nuclear plants will be presented. This involves the machinery and the industrial components that a Nuclear facility involves, as well as the structure, management and security policies which are implemented. Then, we are going to spot the vulnerabilities that may occur and analyze the potential threats for the various systems of the infrastructure. At the third stage of our research, we will develop an attack graph, which will present the possible attack scenarios that a threat actor could execute in order to cause harm in some way. For this, all of the previous concepts (i.e. cyber kill chain, vulnerabilities, attack vectors, etc.) will be taken into account to develop a realistic and thorough attack graph. Also, real incidents of nuclear accidents will be presented.