Skip to main content

Modeling Mission Impact of Cyber Attacks on Energy Delivery Systems

Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST,volume 336)


Today energy delivery systems (EDS) face challenges in dealing with cyberattacks that originate by exploiting the communication network assets. Traditional power systems are highly complex and heterogeneous. These systems focus on reliability, availability, and continuous performance and, thus, not designed to handle security issues. Network administrators often utilize attack graphs to analyze security in EDS. Although attack graphs are useful tools to generate attack paths and estimate possible consequences in a networked system, they lack incorporating the operational or functional dependencies. Localizing the dependencies among operational missions, tasks, and the hosting devices in a large-scale cyber-physical network is also challenging. Current research works handle the system dependency and the attack scenario modeling separately using dependency graphs and attack graphs, respectively. To address the gap of incorporating the mission operational dependencies with possible attack scenarios, in this work, we offer an approach to assess the cyberattack impact on the operational mission of the EDS by combining the logical attack graph and mission functional dependency graph. We provide the graphical modeling details and illustrate the approach using a case study of SCADA (supervisory control and data acquisition) operations within an EDS environment.


  • Energy delivery systems
  • Attack graph
  • Mission dependency
  • Impact propagation graph
  • Impact assessment
  • Operability

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. 1.

    NESSUS Vulnerability Assessment (

  2. 2.

    OpenVAS - Open Vulnerability Assessment Scanner (

  3. 3.

    Common Vulnerability Scoring System (

  4. 4.

    National Vulnerability Database (

  5. 5.

    Declarative Logic Programming.


  1. Sun, X., Liu, P., Singhal, A.: Toward cyberresiliency in the context of cloud computing [resilient security]. IEEE Secur. Priv. 16(6), 71–75 (2018)

    CrossRef  Google Scholar 

  2. Cao, C., Yuan, L.-P., Singhal, A., Liu, P., Sun, X., Zhu, S.: Assessing attack impact on business processes by interconnecting attack graphs and entity dependency graphs. In: Kerschbaum, F., Paraboschi, S. (eds.) DBSec 2018. LNCS, vol. 10980, pp. 330–348. Springer, Cham (2018).

    CrossRef  Google Scholar 

  3. Stouffer, K., Falco, J.: Recommended practice: improving industrial control systems cybersecurity with defense-in-depth strategies. Department of Homeland Security, Control systems security program, National cyber security division (2009)

    Google Scholar 

  4. Garvey, P.R., Pinto, C.A.: Introduction to functional dependency network analysis. In: The MITRE Corporation and Old Dominion, 2nd International Symposium on Engineering Systems, MIT, Cambridge, Massachusetts, vol. 5 (2009)

    Google Scholar 

  5. Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: USENIX Security Symposium, Baltimore, MD, vol. 8, pp. 113–128 (2005)

    Google Scholar 

  6. Gonda, T., Pascal, T., Puzis, R., Shani, G., Shapira, B.: Analysis of attack graph representations for ranking vulnerability fixes. In: GCAI, pp. 215–228 (2018)

    Google Scholar 

  7. Rao, B., Mitra, A.: An approach to merging of two community subgraphs to form a community graph using graph mining techniques. In: 2014 IEEE International Conference on Computational Intelligence and Computing Research, pp. 1–7. IEEE (2014)

    Google Scholar 

  8. Jakobson, G.: Mission-centricity in cyber security: architecting cyber attack resilient missions. In: 2013 5th International Conference on Cyber Conflict, CYCON 2013, pp. 1–18. IEEE (2013)

    Google Scholar 

  9. Guariniello, C., DeLaurentis, D.: Supporting design via the system operational dependency analysis methodology. Res. Eng. Des. 28(1), 53–69 (2017)

    CrossRef  Google Scholar 

  10. Albanese, M., Jajodia, S.: A graphical model to assess the impact of multi-step attacks. J. Def. Model. Simul. 15(1), 79–93 (2018)

    CrossRef  Google Scholar 

  11. Liu, C., Singhal, A., Wijesekera, D.: Mapping evidence graphs to attack graphs. In: IEEE International Workshop on Information Forensics and Security, WIFS 2012, pp. 121–126. IEEE (2012)

    Google Scholar 

  12. Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: Cauldron mission-centric cyber situational awareness with defense in depth. In: 2011 Military Communications Conference, MILCOM 2011, pp. 1339–1344. IEEE (2011)

    Google Scholar 

  13. Haque, M.A., Shetty, S., Krishnappa, B.: Modeling cyber resilience for energy delivery systems using critical system functionality. In: Resilience Week, RWS 2019, vol. 1, pp. 33–41. IEEE (2019)

    Google Scholar 

  14. Haque, M.A., Shetty, S., Krishnappa, B.: Cyber-physical system resilience: frameworks, metrics, complexities, challenges, and future directions. In: Complexity Challenges in Cyber Physical Systems: Using Modeling and Simulation (M&S) to Support Intelligence, Adaptation and Autonomy, pp. 301–337 (2019)

    Google Scholar 

  15. Sun, X., Singhal, A., Liu, P.: Towards actionable mission impact assessment in the context of cloud computing. In: Livraga, G., Zhu, S. (eds.) DBSec 2017. LNCS, vol. 10359, pp. 259–274. Springer, Cham (2017).

    CrossRef  Google Scholar 

Download references


This material is based upon work supported by the Department of Energy under Award Number DE-OE0000780.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Md Ariful Haque .

Editor information

Editors and Affiliations

A Appendix

A Appendix

Fig. 8.
figure 8

Complete mission impact assessment graph for the case study (nodes Datalog clauses are given in Table 7)

Table 7. Datalog clauses of Fig. 8

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Haque, M.A., Shetty, S., Kamhoua, C.A., Gold, K. (2020). Modeling Mission Impact of Cyber Attacks on Energy Delivery Systems. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 336. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63094-2

  • Online ISBN: 978-3-030-63095-9

  • eBook Packages: Computer ScienceComputer Science (R0)