Advisor

Smith, Brian

Committee Member

Medal, Hugh R.

Committee Member

Hamilton, John A., Jr.

Committee Member

Griendling, Kelly

Date of Degree

1-1-2017

Document Type

Dissertation - Open Access

Abstract

The need to secure critical infrastructure (CI) systems against attacks is a topic that has been discussed recently in literature. Many examples of attacks against CI exist, such as the physical attack on the Pacific Gas and Electric Metcalf substation in 2013 that caused millions of dollars in damage or the Stuxnet cyber-attack which was identified in 2010 that caused damage to Iran’s nuclear program and alerted the world to the existence of cyber weapons. As a result of these types of events in which vulnerabilities in CI are exploited, it is important to have a comprehensive systems approach for assessing the vulnerabilities in CI systems. This dissertation seeks to provide a method for engineers to use system and human architectures to perform vulnerability assessment (VA) and decision analysis to enable decision makers to make tradeoffs on how to use their resources to protect CI against attacks.There are several gaps in literature in how to use system and human architectures to perform VA to protect CI from damage. First, no method exists that uses a model based approach and human and system architectures to perform a comprehensive analysis of CI to develop decision analysis models to aid decision makers in determining the most effective use of security resources to secure their CI systems. It is important that such models be comprehensive by including industry standards, system and human architectures, attack scenarios, subject matter expert opinion and models for analysis to help decision makers determine the best security investments. Second, there is not an established method to develop detailed mathematical models from an operational activity diagram that represents an attack scenario. This is important because the translation from architecture to high fidelity models will enable CI asset owners to make tradeoffs on security resource use. Finally, there is no method to evaluate the role of humans in a CI VA based on human views of the system. This dissertation provides an approach to use human and system architectures to perform VA and decision analysis to fill these gaps.

URI

https://hdl.handle.net/11668/17590

Share

COinS