NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory
Published
Author(s)
Matthew Jablonwski, Duminda Wijesekera, Anoop Singhal
Abstract
We describe a formalized systems theoretic method for creating cyber-physical system (CPS) risk overlays that augment existing tree-based models used in CPS risk and threat analysis processes. This top-down approach objectively scopes the system's threat surface for some risk scenario consequence by analyzing its underlying control attributes and communication flows between relevant internal hardware and software sub-components. The resulting analysis should assist with the qualitative selection of causal events when utilizing attack and fault tree models, which have traditionally conducted this event selection using subjective and bottom-up methods. Objectively scoping the tree-based model analysis using a proven systems theoretic approach should also improve defensive and safety planning during the system development life cycle. We provide a control system case study using attack-defense trees and show how this approach may also be reduced to attack trees, fault trees, and attack-fault trees.
Proceedings Title
Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems
Conference Dates
April 26, 2022
Conference Location
Baltimore, MD, US
Conference Title
ACM Workshop on Secure and Trustworthy Cyber-Physical Systems
Jablonwski, M.
, Wijesekera, D.
and Singhal, A.
(2022),
Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory, Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, Baltimore, MD, US, [online], https://doi.org/10.1145/3510547.3517922, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934092
(Accessed October 9, 2025)