Author

Peyton Price

Advisor

Marufuzzaman, Mohammad

Committee Member

Ma, Jongfeng

Committee Member

Gondree, Mark

Committee Member

Bian, Linkan

Date of Degree

5-1-2020

Document Type

Dissertation - Open Access

Major

Industrial and Systems Engineering

Degree Name

Doctor of Philosophy

College

James Worth Bagley College of Engineering

Department

Department of Industrial and Systems Engineering

Abstract

Risk assessment is a critical aspect of all businesses, and leaders are tasked with limiting risk to the lowest reasonable level within their systems. Industrial Control Systems (ICS) operate in a different cybersecurity risk environment than business systems due to the possibility of second and third-order effects when an attack occurs. We present a process for predicting when an adversary gains the ability to attack an industrial control system. We assist leaders in understanding how attackers are targeting ICS by providing visualizations and percentages that can be applied to updating infrastructure or shifting personnel responsibilities to counter the threat. This new process seeks to integrate defenders and threat intelligence providers, allowing defenders to proactively defend their networks prior to devastating attacks. We apply the process by observing it under randomness with constraints and through a case study of the 2015 attack on the Ukrainian power grid. We find that this process answers the question of what an attacker can do, provides the ability for the defender to possess an updated understanding of the threat’s capability, and can both increase and decrease the probability that an attacker has a capability against a control system. This process will allow leaders to provide strategic vision to the businesses and systems that they manage.

URI

https://hdl.handle.net/11668/16544

Comments

industrial control system||risk||threat capability prediction||dempster combinations||cyber physical systems

Share

COinS