managing cyber security risks in industrial control systems with … · 2017-10-27 · 1. asset...
TRANSCRIPT
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling
Konstantinos
Maraslis
Theodoros Spyridopoulos
Theo
Tryfonas
George
Oikonomou
Shancang
Li
© 2014 INCOSE UK Ltd.
What is it about? • Importance Industrial Control Systems (ICSs) can be considered as Critical Infrastructure (CI) and play a major role in Industry as they are used to control fundamental industrial processes such as power production, power distribution, transportation etc. Due to their national significance their protection is of vital importance. • Scope The creation of a method that provides cost-efficient Risk Management for an ICS. • Novelty The method takes into account the proprietary and interconnected nature of an ICS while combines Viable System Modelling (VSM) and Game Theory (GT).
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 2
VSM in Details
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 3
Risk Management
Asset Identification and Evaluation
1. Asset Identification
2. Asset Valuation
Risk Analysis
3. Thread Identification
4. Thread Assessment
5. Vulnerability and Strategy Identification
6. Vulnerability Assessment
7. Risk Evaluation
Strategies Proposed
8. Strategies Assessment and Outcome (GT)
A zero-sum Game is constructed where an attacker tries to harm an ICS as much as possible while a defender tries to defend the ICS in the best possible way. Both are rational players who seek for the strategy that will lead them to the highest individual reward.
Risk Management
Asset Identification and Evaluation
1. Asset Identification
2. Asset Valuation
Risk Analysis
3. Thread Identification
4. Thread Assessment
5. Vulnerability and Strategy Identification
6. Vulnerability Assessment
7. Risk Evaluation
Strategies Proposed
8. Strategies Assessment and Outcome (GT)
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 4
VSM in Details
Although we can easily identify the assets, valuating them requires: • Capturing the relationships between
the Asset of an ICS • Capturing the relationships between
the components of different ICSs • Consideration of the effect of a
component’s failure to the rest of the components (within the same and different ICSs)
Risk Management
Asset Identification and Evaluation
1. Asset Identification
2. Asset Valuation
Risk Analysis
3. Thread Identification
4. Thread Assessment
5. Vulnerability and Strategy Identification
6. Vulnerability Assessment
7. Risk Evaluation
Strategies Proposed
8. Strategies Assessment and Outcome (GT)
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 5
VSM in Details
Risk Management
Asset Identification and Evaluation
1. Asset Identification
2. Asset Valuation
Risk Analysis
3. Thread Identification
4. Thread Assessment
5. Vulnerability and Strategy Identification
6. Vulnerability Assessment
7. Risk Evaluation
Strategies Proposed
8. Strategies Assessment and Outcome (GT)
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 6
VSM in Details
1
3
2
4
Environment
3*
5
4 Communicates 5's Decisions
Audits its Operations
Manages/Controls its Units
Manages its Operations and Coordinates its Activities
Transfers Results of
Coordination
4 Identifies Changes in
the Environment
Transfers Results of Audit
Info about System’s Current Status
Makes and Delivers
Decisions about
Changes Need to be
Made
Proposes Approaches for
System’s Evolution
Data Exchange
Risk Management
Asset Identification and Evaluation
1. Asset Identification
2. Asset Valuation
Risk Analysis
3. Thread Identification
4. Thread Assessment
5. Vulnerability and Strategy Identification
6. Vulnerability Assessment
7. Risk Evaluation
Strategies Proposed
8. Strategies Assessment and Outcome (GT)
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 7
VSM in Details
Value of Asset = (Market price) x (Number of connections) x (Effect on other ICSs) x (Role of the Asset) where, Effect on other ICSs = (Role of the Asset) / (Number of devices with the same role)
Risk Management
Asset Identification and Evaluation
1. Asset Identification
2. Asset Valuation
Risk Analysis
3. Thread Identification
4. Thread Assessment
5. Vulnerability and Strategy Identification
6. Vulnerability Assessment
7. Risk Evaluation
Strategies Proposed
8. Strategies Assessment and Outcome (GT)
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 8
VSM in Details
Identification and Assessment of Threads and Vulnerabilities is now possible since all interconnections are known. We only need to know the probability that a thread/attack is successful
Risk Management
Asset Identification and Evaluation
1. Asset Identification
2. Asset Valuation
Risk Analysis
3. Thread Identification
4. Thread Assessment
5. Vulnerability and Strategy Identification
6. Vulnerability Assessment
7. Risk Evaluation
Strategies Proposed
8. Strategies Assessment and Outcome (GT)
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 9
VSM in Details Attacker’s Strategies
Espionage Yes or No
Security Attribute
Confidentiality
Integrity
Availability
Inveteracy of
Vulnerability
<1Year
>1Year
Difficulty of
Detection
Very difficult
Difficult
Easy
Difficulty of Recovery
(Cost of Healing)
Very Difficult
Difficult
Easy
Defender’s Strategies
R&D Yes or No
Patch Frequency
Never
1 Year
>1 Year
IDS Yes or No
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 10
VSM in Details Risk Management
Asset Identification and Evaluation
1. Asset Identification
2. Asset Valuation
Risk Analysis
3. Thread Identification
4. Thread Assessment
5. Vulnerability and Strategy Identification
6. Vulnerability Assessment
7. Risk Evaluation
Strategies Proposed
8. Strategies Assessment and Outcome (GT)
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 11
VSM in Details Risk Management
Asset Identification and Evaluation
1. Asset Identification
2. Asset Valuation
Risk Analysis
3. Thread Identification
4. Thread Assessment
5. Vulnerability and Strategy Identification
6. Vulnerability Assessment
7. Risk Evaluation
Strategies Proposed
8. Strategies Assessment and Outcome (GT)
Under the rules: • Attack against Confidentiality
cannot be very difficult to recover • Zero day attack cannot be easy to
detect • >1Years attacks can only be easy to
detect
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 12
Game Theory Risk Management
Asset Identification and Evaluation
1. Asset Identification
2. Asset Valuation
Risk Analysis
3. Thread Identification
4. Thread Assessment
5. Vulnerability and Strategy Identification
6. Vulnerability Assessment
7. Risk Evaluation
Strategies Proposed
8. Strategies Assessment and Outcome (GT)
Attacker’s Reward = Gain + Cost of Defense + Cost of Healing – Cost of Attack where, Gain = Value of Asset × Security Attribute × Probability of Successful Attack Cost of Defense = R&D + Patch Frequency + IDS Cost of Healing = Difficulty of Recovery Cost of Attack = Espionage + Inveteracy of Vulnerability × Difficulty of Detection
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 13
Game Theory Risk Management
Asset Identification and Evaluation
1. Asset Identification
2. Asset Valuation
Risk Analysis
3. Thread Identification
4. Thread Assessment
5. Vulnerability and Strategy Identification
6. Vulnerability Assessment
7. Risk Evaluation
Strategies Proposed
8. Strategies Assessment and Outcome (GT)
Attacker’s Strategies
Espionage 30,000
Security Attribute
Confidentiality 0.33
Integrity 1
Availability 1
Inveteracy of
Vulnerability
<1Year 1,000
>1Year 10
Difficulty of
Detection
Very difficult 4
Difficult 1
Easy 0.5
Difficulty of Recovery
(Cost of Healing)
Very Difficult 101,000
Difficult 1,000
Easy 10
Defender’s Strategies
R&D 10,000
Patch Frequency
Never 0
1 Year 1,000
>1 Year 100
IDS 10
Value of Asset Under Attack 90,000
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 14
Results Risk Management
Asset Identification and Evaluation
1. Asset Identification
2. Asset Valuation
Risk Analysis
3. Thread Identification
4. Thread Assessment
5. Vulnerability and Strategy Identification
6. Vulnerability Assessment
7. Risk Evaluation
Strategies Proposed
8. Strategies Assessment and Outcome (GT)
Two Nash Equilibria in the form:
A: (Attack, Espionage, Core Attribute, Inveteracy of Vulnerability, Difficulty of Detection, Difficulty of Recovery) D: (R&D, Patch Frequency, IDS) A: (Yes, No, Integrity, < 1 Year, Very Difficult, Very Difficult) D: (Yes, > 1 Year, No) A: (Yes, No, Availability, 1 Year, Very Difficult, Very Difficult) D: (Yes, > 1 Year, No)
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 15
Results Risk Management
Asset Identification and Evaluation
1. Asset Identification
2. Asset Valuation
Risk Analysis
3. Thread Identification
4. Thread Assessment
5. Vulnerability and Strategy Identification
6. Vulnerability Assessment
7. Risk Evaluation
Strategies Proposed
8. Strategies Assessment and Outcome (GT)
Both Nash Equilibria lead to a reward for the attacker equal to 182,000 which means 182,000 loss for the defender since it is a zero-sum game.
Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling 16
Summary
A novel cyber security risk management approach in ICSs which combines VSM with GT and takes into account the proprietary and interconnected nature of an ICS.
17
References [1] K. Stouffer, J. Falco, and K. Scarfone, "Guide to industrial control systems (ICS) security," NIST Special Publication, pp. 800-82, 2011. [2] G. Digioia, C. Foglietta, S. Panzieri, and A. Falleni, "Mixed holistic reductionistic approach for impact assessment of cyber attacks," in Intelligence and Security Informatics Conference (EISIC), 2012 European, 2012, pp. 123-130. [3] M. Esmalifalak, G. Shi, Z. Han, and L. Song, "Bad data injection attack and defense in electricity market using game theory study," 2013. [4] M. Tambe and B. An, "Game Theory for Security: A Real-World Challenge Problem for Multiagent Systems and Beyond," Association for the Advancement of Artificial Intelligence, 2011.
18
Questions?
19