Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Model-Based Risk Analysis Approach for Network Vulnerability and Security of the Critical Railway Infrastructure

Published

Author(s)

Himanshu Neema, Leqiang Wang, CheeYee Tang, Keith A. Stouffer, Xenofon Koutsoukos

Abstract

This study focuses on threat modeling, vulnerability analysis, and risk management within the critical railway transportation infrastructure. The Railway Transportation System is a highly complex, national critical infrastructure and its cybersecurity evaluation is crucial, but still an extremely hard problem. In this paper, a novel threat modeling and risk management approach using a domain-specific modeling environment is presented. Two risk analysis techniques based on attack trees are developed to systematically model the potential risks in a cyber-physical system and provide quantitative analysis of the vulnerabilities. The automated risk assessment tool can prioritize component level vulnerabilities for potential mitigation actions. A scenario language and associated tools in the framework allow modeling and evaluation of cyber-games using a library of system exploits and mitigation actions. Cyber-games enable assessment of system-level risks and development of comprehensive risk management plans. Another key capability is the handling of dynamic network connections with variable vulnerability propagation in railway communication networks where locomotives and its devices are mobile. These capabilities are demonstrated with a case study in the railway transportation domain.
Proceedings Title
Model-Based Risk Analysis Approach for Network Vulnerability and Security of the Critical Railway Infrastructure
Conference Dates
September 27-29, 2021
Conference Location
Lausanne, CH
Conference Title
The 16th International Conference on Critical Information Infrastructures Security (CRITIS 2021)

Keywords

Cybersecurity, Cyber-physical systems (CPS) , Industrial control systems (ICS) , Risk analysis, Threat modeling, Metamodeling, Vulnerability analysis, Cyber gaming

Citation

Neema, H. , Wang, L. , Tang, C. , Stouffer, K. and Koutsoukos, X. (2021), Model-Based Risk Analysis Approach for Network Vulnerability and Security of the Critical Railway Infrastructure, Model-Based Risk Analysis Approach for Network Vulnerability and Security of the Critical Railway Infrastructure, Lausanne, CH, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932609 (Accessed July 1, 2022)
Created September 29, 2021, Updated April 14, 2022