Abstract
Adversaries with the appropriate expertise and access can potentially exploit the large attack surface provided by the cyber component of critical infrastructure assets to target operations across the various sectors and significantly impact society. This paper describes a family of cyber risk methodologies known as “mission-based analysis” (MBA) that assist system designers in identifying the threats that pose the highest risk to mission execution and in prioritizing mitigation actions against the threats. This paper describes our experiences applying MBA and discusses its benefits and limitations. Also, it describes future enhancements of MBA and compares the approach with other assurance methodologies.
Chapter PDF
Similar content being viewed by others
References
S. Alibrahim and T. Tse, Signal and Train Control, Federal Railroad Administration Research and Development Program Review, Federal Railroad Administration, Washington, DC, 2008.
C. Burris, J.McEver, H. Schoenborn and D. Signori, Steps toward improved analysis for network mission assurance, Proceedings of the Second IEEE International Conference on Social Computing, pp. 1177–1182, 2010.
P. Katsumata, J. Hemenway and W. Gavins, Cybersecurity risk management, Proceedings of the Military Communications Conference, pp. 890–895, 2010.
M. Keefe, Timeline: Critical infrastructure attacks increase steadily in past decade, Computerworld, November 5, 2012.
T. Llanso, CIAM: A data-driven approach for selecting and prioritizing security controls, Proceedings of the IEEE International Systems Conference, 2012.
T. Llanso, P. Hamilton and M. Silberglitt, MAAP: Mission Assurance Analytics Platform, Proceedings of the IEEE Conference on Technologies for Homeland Security, pp. 549–555, 2012.
M. McQueen, W. Boyer, M. Flynn and G. Beitel, Quantitative cyber risk reduction estimation methodology for a small SCADA control system, Proceedings of the Thirty-Ninth Annual Hawaii International Conference on System Sciences, p. 226, 2006.
Metrolink, An introduction to positive train control, Los Angeles, California ( www.metrolinktrains.com/agency/page/title/ptc ).
C. Mokkapati, T. Tse and A. Rao, A practical risk assessment methodology for safety-critical train control systems, Proceedings of the Annual Conference of the American Railway Engineering and Maintenance-of-Way Association, 2009.
National Institute of Standards and Technology, Recommended Security Controls for Federal Information Systems and Organizations, NIST Special Publication 800-53, Revision 3, Gaithersburg, Maryland, 2009.
National Institute of Standards and Technology, Guide for Conducting Risk Assessments, NIST Special Publication 800-30, Revision 1, Gaithersburg, Maryland, 2012.
P. Ralston, J. Graham and J. Hieb, Cyber security risk assessment for SCADA and DCS networks, ISA Transactions, vol. 46(4), pp. 583–594, 2007.
Reuters, Aramco says cyberattack was aimed at production, New York Times, December 9, 2012.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Llanso, T., Tally, G., Silberglitt, M., Anderson, T. (2013). Mission-Based Analysis for Assessing Cyber Risk in Critical Infrastructure Systems. In: Butts, J., Shenoi, S. (eds) Critical Infrastructure Protection VII. ICCIP 2013. IFIP Advances in Information and Communication Technology, vol 417. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-45330-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-45330-4_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-45329-8
Online ISBN: 978-3-642-45330-4
eBook Packages: Computer ScienceComputer Science (R0)