Neema, H.
, Wang, L.
, Tang, C.
, Stouffer, K.
and Koutsoukos, X.
(2021),
Model-Based Risk Analysis Approach for Network Vulnerability and Security of the Critical Railway Infrastructure, Model-Based Risk Analysis Approach for Network Vulnerability and Security of the Critical Railway Infrastructure, Lausanne, CH, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932609
(Accessed September 22, 2023)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Model-Based Risk Analysis Approach for Network Vulnerability and Security of the Critical Railway Infrastructure
Published
Author(s)
Himanshu Neema, Leqiang Wang, , , Xenofon Koutsoukos
Abstract
This study focuses on threat modeling, vulnerability analysis, and risk management within the critical railway transportation infrastructure. The Railway Transportation System is a highly complex, national critical infrastructure and its cybersecurity evaluation is crucial, but still an extremely hard problem. In this paper, a novel threat modeling and risk management approach using a domain-specific modeling environment is presented. Two risk analysis techniques based on attack trees are developed to systematically model the potential risks in a cyber-physical system and provide quantitative analysis of the vulnerabilities. The automated risk assessment tool can prioritize component level vulnerabilities for potential mitigation actions. A scenario language and associated tools in the framework allow modeling and evaluation of cyber-games using a library of system exploits and mitigation actions. Cyber-games enable assessment of system-level risks and development of comprehensive risk management plans. Another key capability is the handling of dynamic network connections with variable vulnerability propagation in railway communication networks where locomotives and its devices are mobile. These capabilities are demonstrated with a case study in the railway transportation domain.Proceedings Title
Model-Based Risk Analysis Approach for Network Vulnerability and Security of the Critical Railway Infrastructure
Conference Dates
September 27-29, 2021
Conference Location
Lausanne, CH
Conference Title
The 16th International Conference on Critical Information Infrastructures Security (CRITIS 2021)
Pub Type
Conferences
Download Paper
Keywords
Cybersecurity, Cyber-physical systems (CPS) , Industrial control systems (ICS) , Risk analysis, Threat modeling, Metamodeling, Vulnerability analysis, Cyber gaming
Citation
Created September 29, 2021, Updated November 29, 2022