research-article

Open access

CIIA: critical infrastructure impact assessment

Authors:

Filipe Apolinário,

Nelson Escravana,

Carlos RibeiroAuthors Info & Claims

SAC '22: Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing

Pages 124 - 132

https://doi.org/10.1145/3477314.3507313

Published: 06 May 2022 Publication History

Abstract

As adversaries continue to develop new attack techniques to undermine organizations' business goals, there is an increase necessity for defenders to understand how a cyber-incident can impact those goals, which has motivated research in mission impact assessment (MIA). This paper presents CIIA (Critical Infrastructure Impact Assessment), an integrated approach for understanding the mission impact of cyber-threats. CIIA was developed to offer a mission-oriented evaluation model to profile the organization, and, upon it, a simulation platform to simulate mission impact of a user-chosen exploited threat. Our experimental evaluation has shown CIIA is successful in generating a relevant report on mission impact for several organizational settings.

References

[1]

Communication network dependencies for ICS/SCADA systems. European Network and Information Security Agency (ENISA), 2016.

[2]

M. Abedin, S. Nessa, L. Khan, and B. Thuraisingham. Detection and resolution of anomalies in firewall policy rules. In IFIP Annual Conference on Data and Applications Security and Privacy, pages 15--29. Springer, 2006.

[3]

S. Adepu, N. K. Kandasamy, and A. Mathur. Epic: An electric power testbed for research and training in cyber physical systems security. In Computer Security, pages 37--52. Springer, 2018.

[4]

E. Al-Shaer, H. Hamed, R. Boutaba, and M. Hasan. Conflict classification and analysis of distributed firewall policies. IEEE Journal on Selected Areas in Communications, 23(10):2069--2084, 2005.

Digital Library

[5]

B. J. Argauer and S. J. Yang. Vtac: Virtual terrain assisted impact assessment for cyber attacks. In Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008, volume 6973, page 69730F. International Society for Optics and Photonics, 2008.

[6]

C. Cao, L.-P. Yuan, A. Singhal, P. Liu, X. Sun, and S. Zhu. Assessing attack impact on business processes by interconnecting attack graphs and entity dependency graphs. In IFIP Annual Conference on Data and Applications Security and Privacy, pages 330--348. Springer, 2018.

Digital Library

[7]

A. Cherepanov and R. Lipovsky. Industroyer: Biggest threat to industrial control systems since stuxnet. WeLiveSecurity ESET, 12, 2017.

[8]

P. Cichonski, T. Millar, T. Grance, K. Scarfone, et al. Computer security incident handling guide. NIST Special Publication, 800(61):1--147, 2012.

[9]

A. de Barros Barreto, P. Costa, and M. Hieb. Cyber-argus: Modeling c2 impacts of cyber attacks. Technical report, George Mason Unversity Faifax VA Center for Excellene in Command and Control Communication Computers - Intelligence, 2014.

[10]

A. de Barros Barreto, P. C. G. Costa, and E. T. Yano. A semantic approach to evaluate the impact of cyber actions on the physical domain. In 7th International Conference on Semantic Technologies for Intelligence, Defense, and Security (STIDS 2012). CEUR-WS. org, 2012.

[11]

B. Genge, I. Kiss, and P. Haller. A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures. International Journal of Critical Infrastructure Protection, 10:3--17, 2015.

Digital Library

[12]

J. R. Goodall, A. D'Amico, and J. K. Kopylec. Camus: automatically mapping cyber assets to missions and users. In MILCOM 2009-2009 IEEE Military Communications Conference, pages 1--7. IEEE, 2009.

[13]

M. R. Grimaila and L. W. Fortson. Towards an information asset-based defensive cyber damage assessment process. In 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications, pages 206--212. IEEE, 2007.

[14]

M. R. Grimaila, L. W. Fortson, and J. L. Sutton. Design considerations for a cyber incident mission impact assessment (cimia) process. Technical report, Air force Institute of Technology Wright-Patterson AFB OH Center for Cyberspace Research, 2009.

[15]

X. He. Threat Assessment for Multistage Cyber Attacks in Smart Grid Communication Networks. PhD thesis, Universität Passau, 2017.

[16]

H. Holm, K. Shahzad, M. Buschle, and M. Ekstedt. P² CySeMoL: Predictive, probabilistic cyber security modeling language. IEEE Transactions on Dependable and Secure Computing, 12(6):626--639, 2015.

Digital Library

[17]

J. Holsopple and S. J. Yang. Fusia: Future situation and impact awareness. In 2008 11th International Conference on Information Fusion, pages 1--8. IEEE, 2008.

[18]

A. A. Jabal, M. Davari, E. Bertino, C. Makaya, S. Calo, D. Verma, A. Russo, and C. Williams. Methods and tools for policy analysis. ACM Comput. Surv., 51(6), feb 2019.

[19]

S. Jajodia, S. Noel, P. Kalapa, M. Albanese, and J. Williams. Cauldron mission-centric cyber situational awareness with defense in depth. In 2011-MILCOM 2011 Military Communications Conference, pages 1339--1344. IEEE, 2011.

[20]

G. Jakobson. Extending situation modeling with inference of plausible future cyber situations. In 2011 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), pages 48--55. IEEE, 2011.

[21]

G. Jakobson. Mission cyber security situation assessment using impact dependency graphs. In 14th international conference on information fusion, pages 1--8. IEEE, 2011.

[22]

P. Johnson, R. Lagerström, and M. Ekstedt. A meta language for threat modeling and attack simulations. In Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 2018, New York, NY, USA, 2018. Association for Computing Machinery.

Digital Library

[23]

A. Khalili, B. Michalk, L. Alford, C. Henney, and L. Gilbert. Impact modeling and prediction of attacks on cyber targets. In Cyber Security, Situation Management, and Impact Assessment II; and Visual Analytics for Homeland Defense and Security II, volume 7709, page 77090M. International Society for Optics and Photonics, 2010.

[24]

N. Kheir, A. R. Mahjoub, M. Y. Naghmouchi, N. Perrot, and J.-P. Wary. Assessing the risk of complex ict systems. Annals of Telecommunications, 73(1):95--109, 2018.

[25]

A. Kim, M. H. Kang, J. Z. Luo, and A. Velasquez. A framework for event prioritization in cyber network defense. Technical report, Naval Research laboratory Washington-DC Center for High Assurance Computing (CHACS), 2014.

[26]

I. Kotenko and A. Chechulin. A cyber attack modeling and impact assessment framework. In 2013 5th International Conference on Cyber Conflict (CYCON 2013), pages 1--24. IEEE, 2013.

[27]

I. V. Kotenko and E. Doynikova. Evaluation of computer network security based on attack graphs and security event processing. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 5(3):14--29, 2014.

[28]

A. Kott, J. Ludwig, and M. Lange. Assessing mission impact of cyberattacks: toward a model-driven paradigm. IEEE Security & Privacy, 15(5):65--74, 2017.

Digital Library

[29]

M. Lange, M. Krotofil, and R. Möller. Mission impact assessment in power grids. In NATO IST-128 Workshop on Cyber Attack Detection, Forensics and Attribution for Assessment of Mission Impact. Istanbul, Turkey: Information Systems Technology Panel, 2015.

[30]

J. Lima, F. Apolinário, N. Escravana, and C. Ribeiro. Bp-ids: Using business process specification to leverage intrusion detection in critical infrastructures. In 2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pages 7--12. IEEE, 2020.

[31]

C. Liu, A. Singhal, and D. Wijesekera. A layered graphical model for mission attack impact analysis. In 2017 IEEE Conference on Communications and Network Security (CNS), pages 602--609. IEEE, 2017.

[32]

A. Motzek, R. Möller, M. Lange, and S. Dubus. Probabilistic mission impact assessment based on widespread local events. In NATO IST-128 Workshop: Assessing Mission Impact of Cyberattacks, NATO IST-128 Workshop, Istanbul, Turkey, pages 16--22, 2015.

[33]

S. Musman, M. Tanner, A. Temin, E. Elsaesser, and L. Loren. Computing the impact of cyber attacks on complex missions. In 2011 IEEE International Systems Conference, pages 46--51. IEEE, 2011.

[34]

S. Musman, M. Tanner, A. Temin, D. Fox, and B. Pridemore. Evaluating the impact of cyber attacks on missions. In 5th Eur. Conf. Inf. Manag. Eval. ECIME 2011, pages 446--456, 2011.

[35]

S. Musman and A. Temin. A cyber mission impact assessment tool. In 2015 IEEE International Symposium on Technologies for Homeland Security (HST), pages 1--7. IEEE, 2015.

[36]

S. Noel, E. Harley, K. H. Tam, M. Limiero, and M. Share. Cygraph: graph-based analytics and visualization for cybersecurity. In Handbook of Statistics, volume 35, pages 117--167. Elsevier, 2016.

[37]

S. Noel, J. Ludwig, P. Jain, D. Johnson, R. K. Thomas, J. McFarland, B. King, S. Webster, and B. Tello. Analyzing mission impacts of cyber actions (amica). In NATO IST-128 Workshop on Cyber Attack Detection, Forensics and Attribution for Assessment of Mission Impact, 2015.

[38]

H. Orojloo and M. A. Azgomi. A method for evaluating the consequence propagation of security attacks in cyber-physical systems. Future Generation Computer Systems, 67:57--71, 2017.

[39]

X. Ou, S. Govindavajhala, and A. W. Appel. Mulval: A logic-based, data-driven enterprise security analyser. In 14th UNSENIX Security Symposium, 2013.

[40]

P. A. Porras, M. W. Fong, and A. Valdes. A mission-impact-based approach to infosec alarm correlation. In International Workshop on Recent Advances in Intrusion Detection, pages 95--114. Springer, 2002.

[41]

R. E. Sawilla and X. Ou. Identifying critical attack assets in dependency attack graphs. In European Symposium on Research in Computer Security, pages 18--34. Springer, 2008.

Digital Library

[42]

A. Siddiqi, N. O. Tippenhauer, D. Mashima, and B. Chen. On practical threat scenario testing in an electric power ics testbed. In Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, pages 15--21, 2018.

Digital Library

[43]

X. Sun, A. Singhal, and P. Liu. Who touched my mission: Towards probabilistic mission impact assessment. In Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense, pages 21--26, 2015.

Digital Library

[44]

Y. Sun, T.-Y. Wu, X. Liu, and M. S. Obaidat. Multilayered impact evaluation model for attacking missions. IEEE Systems Journal, 10(4):1304--1315, 2014.

[45]

F. Valenza, C. Basile, D. Canavese, and A. Lioy. Classification and analysis of communication protection policy anomalies. IEEE/ACM Transactions on Networking, 25(5):2601--2614, 2017.

Digital Library

Cited By

Sánchez JBuisson JEl Hachem JBelloir N(2024)Towards Joint SoS and Threat Mission-based Modeling for Operational Impact Identification2024 19th Annual System of Systems Engineering Conference (SoSE)10.1109/SOSE62659.2024.10620955(72-77)Online publication date: 23-Jun-2024
https://doi.org/10.1109/SOSE62659.2024.10620955
Alves DApolinário FPacheco BEscravana NGrilo A(2023)Calculating Business Impact Assessment of Cyber-Threats2023 IEEE 9th World Forum on Internet of Things (WF-IoT)10.1109/WF-IoT58464.2023.10539457(01-08)Online publication date: 12-Oct-2023
https://doi.org/10.1109/WF-IoT58464.2023.10539457

Index Terms

CIIA: critical infrastructure impact assessment
1. Security and privacy

Recommendations

Context- and bias-free probabilistic mission impact assessment

Assessing and understanding the impact of scattered and widespread events onto a mission is a pertinacious problem. Current approaches attempting to solve mission impact assessment employ score-based algorithms leading to spurious results. We identify a ...
Quantitative analysis of the mission impact for host-level cyber defensive mitigations
ANSS '16: Proceedings of the 49th Annual Simulation Symposium

Network devices and user accounts often provide an initial entry point for attackers who wish to gain a foothold on a network, pivot to other hosts, and ultimately disrupt an organizational mission and/or steal valuable network resources. Several host-...
An Agent-Based Socio-technical Approach to Impact Assessment for Cyber Defense
EIDWT '13: Proceedings of the 2013 Fourth International Conference on Emerging Intelligent Data and Web Technologies

This paper presents a work in progress simulation and a novel model for estimating the impact of cyber attacks. Previous methods so far, have taken the old - fashioned "intuition" approach - a qualitative or quantitative risk based analysis on the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '22: Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing

April 2022

2099 pages

ISBN:9781450387132

DOI:10.1145/3477314

Conference Chairs:
Jiman Hong
Soongsil University
,
Miroslav Bures
Czech Technical University, Czechia
,
Program Chairs:
Juw Won Park
University of Louisville
,
Tomas Cerny
Baylor University

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 May 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

European Union?s Horizon 2020 research and innovation programme

Conference

SAC '22

Sponsor:

SIGAPP

SAC '22: The 37th ACM/SIGAPP Symposium on Applied Computing

April 25 - 29, 2022

Virtual Event

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
426
Total Downloads

Downloads (Last 12 months)181
Downloads (Last 6 weeks)27

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sánchez JBuisson JEl Hachem JBelloir N(2024)Towards Joint SoS and Threat Mission-based Modeling for Operational Impact Identification2024 19th Annual System of Systems Engineering Conference (SoSE)10.1109/SOSE62659.2024.10620955(72-77)Online publication date: 23-Jun-2024
https://doi.org/10.1109/SOSE62659.2024.10620955
Alves DApolinário FPacheco BEscravana NGrilo A(2023)Calculating Business Impact Assessment of Cyber-Threats2023 IEEE 9th World Forum on Internet of Things (WF-IoT)10.1109/WF-IoT58464.2023.10539457(01-08)Online publication date: 12-Oct-2023
https://doi.org/10.1109/WF-IoT58464.2023.10539457

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents