Technique for the risk assessing of the cyberphysical systems’ information security based on the vulnerabilities’ interconnect

Abstract

Information security has been growing steadily in recent times. Every organization depends on information technology and information security of cyberphysical systems to successfully perform its work. This has become not just a condition for the stability of doing business, but the most important strategic factor for its future development, even in the current, very turbulent environment. Cyberphysical systems can contain a wide variety of entities, ranging from office networks, financial and personnel systems to highly specialized systems. The rapid development of cyber-physical systems has become due to the large number of cyberattacks, which have become one of the most powerful threats to the security of cyber-physical systems. Many studies have been conducted on the risk assessment method, and limited work has been published on quantifying the security risk of cyber-physical systems. In this paper, a technique for the risk assessing of the cyber-physical systems’ information security based on the vulnerabilities’ interconnect is proposed. Technique operates with two indicators to quantify the risk: the probability of attack success and the index of the consequences of the attack based on the graph of the vulnerability. The first indicator - the index of the probability of a successful attack is calculated taking into account the interdependencies between vulnerabilities, the second indicator when calculating the index of the consequences of the attack takes into account the impact on the physical area resulting from cyberattack. A quantitative experimental example showed whether a system risk and an optimal attack target are possible.