Abstract
Achieving a fully automated and dynamic system in critical infrastructure scenarios is an open issue in ongoing research. Generally, decisions in SCADA systems require a manual intervention, that in most of the cases is performed by highly experienced operators. In this paper we propose a framework consisting of a proactive management software that aims at anticipating the occurrence of potential attacks. It conducts an initial evaluation of reported proactive evidences based on a quantitative metric of monetary return on response investment. The framework evaluates and selects mitigation actions from a pool of candidates, by ranking them in terms of financial and operational impacts. The purpose of this process is to select an optimal set of mitigation actions from financial and operational perspectives and propose them to reduce the risk of threats against the monitored system, without sacrificing an organization’s missions in favor of security. A real world case study of a SCADA environment shows the applicability of the model, from the analysis of the input data to the selection of the response plan.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Filiol, E., Gallais, C.: Critical infrastructure: where we stand today? In: 9th International Conference on Cyber Warefare and Security (2014)
Gordon, K., Dion, M.: Protection of Critical Infrastructure and the role of investment policies relating to National Security. OECD, Whitepaper (2008)
Ben Mustapha, Y., Debar, H., Blanc, G.: Policy enforcement point model. In: Conference on Security and Privacy in Communication Networks, pp. 278–286 (2014)
Gonzalez-Granadillo, G., Belhaouane, M., Debar, H., Jacob, G.: RORI-based countermeasure selection using the OrBAC formalism. Int. J. Inf. Secur. 13(1), 63–79 (2014)
Schmidt, M. Return on Investment (ROI): Meaning and Use, Encyclopedia of Business Terms and Methods (2011)
Sonnenreich, W., Albanese, J., Stout, B.: Return on security investment (ROSI) a practical quantitative model. J. Res. Pract. Inf. Technol. 38(1), 45–56 (2006)
Mizzi, A.: Return on information security investment: the viability of an anti-spam solution in a wireless environment. Int. J. Netw. Secur. 10(1), 18–24 (2010)
Gonzalez-Granadillo, G., Garcia-Alfaro, J., Debar, H.: A polytope-based approach to measure the impact of events against critical infrastructures. J. Comput. Syst. Sci. 1–19 (2016). http://dx.doi.org/10.1016/j.jcss.2016.02.004
Gonzalez-Granadillo, G., Motzek, A., Garcia-Alfaro, J., Debar, H.: Selection of mitigation actions based on financial and operational impact assessments. In: International Conference on Availability, Reliability and Security (2016)
Lockstep Consulting: A guide for government agencies calculating return on security investment (2004). http://lockstep.com.au/library/return_on_investment
Motzek, A., Moller, R., Lange, M., Dubus, S.: Probabilistic mission impact assessment based on widespread local events. NATO IST-128 Workshop on Cyber Attack Detection, Forensics and Attribution for Assessment of Mission Impact (2015)
Kotenko, I., Chechulin, A.: A cyber attack modeling and impact assessment framework. In: 5th International Conference on Cyber Conflict (2013)
Kotenko, I., Doynikova, E.: Dynamical calculation of security metrics for countermeasure selection in computer networks. In: 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (2016)
Agosta, G., Barenghi, A., Pelosi, G.: A code morphing methodology to automate power analysis countermeasures. In: 49th Annual Design Automation Conference, pp. 77–82 (2012)
Ossenbuhl, S., Steinberger, J., Baier, H.: Towards automated incident handling: how to select an appropriate response against a network-based attack? In: Conference on IT Security Incident Management & IT Forensics (2015)
Acknowledgements
This work received funding from the Panoptesec project, as part of the 7th Framework Programme (FP7) of the European Commission (GA 610416).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Gonzalez-Granadillo, G., Alvarez, E., Motzek, A., Merialdo, M., Garcia-Alfaro, J., Debar, H. (2016). Towards an Automated and Dynamic Risk Management Response System. In: Brumley, B., Röning, J. (eds) Secure IT Systems. NordSec 2016. Lecture Notes in Computer Science(), vol 10014. Springer, Cham. https://doi.org/10.1007/978-3-319-47560-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-47560-8_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47559-2
Online ISBN: 978-3-319-47560-8
eBook Packages: Computer ScienceComputer Science (R0)