Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System

	This Article
	PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Miles A. McQueen Articles by Wayne F. Boyer Articles by Mark A. Flynn Articles by George A. Beitel

Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06) Track 9

Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System (PDF)

Kauai, Hawaii

January 04-January 07

ISBN: 0-7695-2507-5

	ASCII Text	x
	Miles A. McQueen, Wayne F. Boyer, Mark A. Flynn, George A. Beitel, "Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System," Hawaii International Conference on System Sciences, vol. 9, pp. 226, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06) Track 9, 2006.

	BibTex	x
	@article{ 10.1109/HICSS.2006.405, author = {Miles A. McQueen and Wayne F. Boyer and Mark A. Flynn and George A. Beitel}, title = {Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System}, journal ={Hawaii International Conference on System Sciences}, volume = {9}, year = {2006}, issn = {1530-1605}, pages = {226}, doi = {http://doi.ieeecomputersociety.org/10.1109/HICSS.2006.405}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Hawaii International Conference on System Sciences TI - Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System SN - 1530-1605 SP EP A1 - Miles A. McQueen, A1 - Wayne F. Boyer, A1 - Mark A. Flynn, A1 - George A. Beitel, PY - 2006 KW - null VL - 9 JA - Hawaii International Conference on System Sciences ER -

Miles A. McQueen, Idaho National Laboratory

Wayne F. Boyer, Idaho National Laboratory

Mark A. Flynn, Idaho National Laboratory

George A. Beitel, Idaho National Laboratory

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/HICSS.2006.405

We propose a new methodology for obtaining a quantitative measurement of the risk reduction achieved when a control system is modified with the intent to improve cyber security defense against external attackers. The proposed methodology employs a directed graph called a compromise graph, where the nodes represent stages of a potential attack and the edges represent the expected time-to-compromise for differing attacker skill levels. Time-to-compromise is modeled as a function of known vulnerabilities and attacker skill level. The methodology was used to calculate risk reduction estimates for a specific SCADA system and for a specific set of control system security remedial actions. Despite an 86% reduction in the total number of vulnerabilities, the estimated time-to-compromise was increased only by about 3 to 30% depending on target and attacker skill level.

Citation:

Miles A. McQueen, Wayne F. Boyer, Mark A. Flynn, George A. Beitel, "Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System," hicss, vol. 9, pp.226, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06) Track 9, 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.