Automation of the Process of Analysis of Information Security Threats in Cyber-Physical Systems

Abstract

This chapter describes a technique for automating the procedure of analyzing security threats in cyber-physical systems. The presented methodology is based on the study of the system architecture, the attacker’s competences, and the probable risks of threats. The approaches to assessing the levels of criticality and heterogeneity, the complexity of the implementation of the attack, the degree of negative consequences of the threat, as well as determining the value of an information resource are described. The presented technology is based on organizing information about the architectural structures of cyber-physical systems. Organizing information and presenting it in the form of interconnected catalogs makes it possible to compile the list of threats, vulnerabilities, and attacks related to it based on structural and functional characteristics. The developed base and catalog of cyber-physical system threats are presented. When conniving catalogs, an ontological method was used, which allows defining and linking concepts and their possessions.