Quantitative Cyber Risk Reduction Estimation Methodology for a Small Scada Control System

PDF Version Also Available for Download.

Description

We propose a new methodology for obtaining a quick quantitative measurement of the risk reduction achieved when a control system is modified with the intent to improve cyber security defense against external attackers. The proposed methodology employs a directed graph called a compromise graph, where the nodes represent stages of a potential attack and the edges represent the expected time-to-compromise for differing attacker skill levels. Time-to-compromise is modeled as a function of known vulnerabilities and attacker skill level. The methodology was used to calculate risk reduction estimates for a specific SCADA system and for a specific set of control system ... continued below

Creation Information

McQueen, Miles A.; Boyer, Wayne F.; Flynn, Mark A. & Beitel, George A. January 1, 2006.

Context

This article is part of the collection entitled: Office of Scientific & Technical Information Technical Reports and was provided by UNT Libraries Government Documents Department to Digital Library, a digital repository hosted by the UNT Libraries. It has been viewed 22 times . More information about this article can be viewed below.

Who

People and organizations associated with either the creation of this article or its content.

Publisher

Provided By

UNT Libraries Government Documents Department

Serving as both a federal and a state depository library, the UNT Libraries Government Documents Department maintains millions of items in a variety of formats. The department is a member of the FDLP Content Partnerships Program and an Affiliated Archive of the National Archives.

Contact Us

What

Descriptive information to help identify this article. Follow the links below to find similar items on the Digital Library.

Description

We propose a new methodology for obtaining a quick quantitative measurement of the risk reduction achieved when a control system is modified with the intent to improve cyber security defense against external attackers. The proposed methodology employs a directed graph called a compromise graph, where the nodes represent stages of a potential attack and the edges represent the expected time-to-compromise for differing attacker skill levels. Time-to-compromise is modeled as a function of known vulnerabilities and attacker skill level. The methodology was used to calculate risk reduction estimates for a specific SCADA system and for a specific set of control system security remedial actions. Despite an 86% reduction in the total number of vulnerabilities, the estimated time-to-compromise was increased only by about 3 to 30% depending on target and attacker skill level.

Source

  • Hawaii International Conference On System Science,Kauai, Hawaii,01/04/2006,01/07/2006

Language

Item Type

Identifier

Unique identifying numbers for this article in the Digital Library or other systems.

  • Report No.: INL/CON-06-01133
  • Grant Number: DE-AC07-99ID-13727
  • Office of Scientific & Technical Information Report Number: 911188
  • Archival Resource Key: ark:/67531/metadc886351

Collections

This article is part of the following collection of related materials.

Office of Scientific & Technical Information Technical Reports

Reports, articles and other documents harvested from the Office of Scientific and Technical Information.

Office of Scientific and Technical Information (OSTI) is the Department of Energy (DOE) office that collects, preserves, and disseminates DOE-sponsored research and development (R&D) results that are the outcomes of R&D projects or other funded activities at DOE labs and facilities nationwide and grantees at universities and other institutions.

What responsibilities do I have when using this article?

When

Dates and time periods associated with this article.

Creation Date

  • January 1, 2006

Added to The UNT Digital Library

  • Sept. 22, 2016, 2:13 a.m.

Description Last Updated

  • Nov. 30, 2016, 7:10 p.m.

Usage Statistics

When was this article last used?

Yesterday: 0
Past 30 days: 1
Total Uses: 22

Interact With This Article

Here are some suggestions for what to do next.

Start Reading

PDF Version Also Available for Download.

International Image Interoperability Framework

IIF Logo

We support the IIIF Presentation API

McQueen, Miles A.; Boyer, Wayne F.; Flynn, Mark A. & Beitel, George A. Quantitative Cyber Risk Reduction Estimation Methodology for a Small Scada Control System, article, January 1, 2006; [Idaho Falls, Idaho]. (digital.library.unt.edu/ark:/67531/metadc886351/: accessed June 22, 2018), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT Libraries Government Documents Department.