Skip to main content
SpringerLink
Log in

Visualizing Cyber Security Risks with Bow-Tie Diagrams

  • Conference paper
  • First Online:
Graphical Models for Security (GraMSec 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10744))

Included in the following conference series:

Abstract

Safety and security risks are usually analyzed independently, by different people using different tools. Consequently, the system analyst may fail to realize cyber attacks as a contributing factor to safety impacts or, on the contrary, design overly secure systems that will compromise the performance of critical operations. This paper presents a methodology for visualizing and assessing security risks by means of bow-tie diagrams, which are commonly used within safety assessments. We outline how malicious activities, random failures, security countermeasures and safety barriers can be visualized using a common graphical notation and propose a method for quantifying risks based on threat likelihood and consequence severity. The methodology is demonstrated using a case study from maritime communication. Our main conclusion is that adding security concepts to the bow-ties is a promising approach, since this is a notation that high-risk industries are already familiar with. However, their advantage as easy-to-grasp visual models should be maintained, hence complexity needs to be kept low.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 60.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.cgerisk.com/knowledge-base/risk-assessment/thebowtiemethod.

  2. 2.

    https://www.parismou.org/.

References

  1. ISO/IEC 27005 Information technology - Security techniques - Information security risk management. Technical rep. (2008). http://www.iso.org/iso/catalogue_detail?csnumber=56742

  2. Digitale Sarbarheter Maritim Sektor: Technical rep. (2015). https://www.regjeringen.no/contentassets/fe88e9ea8a354bd1b63bc0022469f644/no/sved/7.pdf

  3. Andrews, J.D., Moss, T.R.: Reliability and Risk Assessment. Wiley-Blackwell, Hoboken (2002)

    Google Scholar 

  4. Banerjee, A., Venkatasubramanian, K.K., Mukherjee, T., Gupta, S.K.S.: Ensuring safety, security, and sustainability of mission-critical cyber-physical systems. Proc. IEEE 100(1), 283–299 (2012)

    Article  Google Scholar 

  5. Bau, J., Mitchell, J.C.: Security modeling and analysis. IEEE Secur. Priv. 9(3), 18–25 (2011)

    Article  Google Scholar 

  6. Bhatti, J., Humphreys, T.: Hostile control of ships via false GPS signals: demonstration and detection. Navigation 64(1), 51–66 (2016)

    Article  Google Scholar 

  7. Bieber, P., Brunel, J.: From safety models to security models: preliminary lessons learnt. In: Bondavalli, A., Ceccarelli, A., Ortmeier, F. (eds.) SAFECOMP 2014. LNCS, vol. 8696, pp. 269–281. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10557-4_30

    Google Scholar 

  8. Byers, D., Ardi, S., Shahmehri, N., Duma, C.: Modeling software vulnerabilities with vulnerability cause graphs. In: Proceedings of the International Conference on Software Maintenance (ICSM 2006), pp. 411–422 (2006)

    Google Scholar 

  9. Casey, T.: Threat agent library helps identify information security risks (2007). https://communities.intel.com/docs/DOC-1151

  10. CGE Risk Management Solutions: Using bowties for it security (2017). https://www.cgerisk.com/knowledge-base/risk-assessment/using-bowties-for-it-security

  11. Chevreau, F.R., Wybo, J.L., Cauchois, D.: Organizing learning processes on risks by using the bow-tie representation. J. Hazard. Mater. 130(3), 276–283 (2006)

    Article  Google Scholar 

  12. Chockalingam, S., Hadziosmanovic, D., Pieters, W., Teixeira, A., van Gelder, P.: Integrated safety and security risk assessment methods: a survey of key characteristics and applications. arXiv preprint arXiv:1707.02140 (2017)

  13. Cimpean, D., Meire, J., Bouckaert, V., Vande Casteele, S., Pelle, A., Hellebooge, L.: Analysis of cyber security aspects in the maritime sector. ENISA, 19 December (2011). https://www.enisa.europa.eu/publications/cyber-security-aspects-in-the-maritime-sector-1

  14. Cockshott, J.: Probability bow-ties: a transparent risk management tool. Process Saf. Environ. Prot. 83(4), 307–316 (2005)

    Article  Google Scholar 

  15. De Dianous, V., Fiévez, C.: Aramis project: a more explicit demonstration of risk control through the use of bow-tie diagrams and the evaluation of safety barrier performance. J. Hazard. Mater. 130(3), 220–233 (2006)

    Article  Google Scholar 

  16. DNV-GL AS: Recommended practice. Cyber security resilience management for ships and mobile offshore units in operation (2016). DNVGL-RP-0496

    Google Scholar 

  17. Ferdous, R., Khan, F., Sadiq, R., Amyotte, P., Veitch, B.: Analyzing system safety and risks under uncertainty using a bow-tie diagram: an innovative approach. Process Saf. Environ. Prot. 91(1), 1–18 (2013)

    Article  Google Scholar 

  18. Garvey, P.R., Lansdowne, Z.F.: Risk matrix: an approach for identifying, assessing, and ranking program risks. Air Force J. Logistics 22(1), 18–21 (1998)

    Google Scholar 

  19. Goldkuhl, G.: Pragmatism vs interpretivism in qualitative information systems research. Eur. J. Inf. Syst. 21(2), 135–146 (2012)

    Article  Google Scholar 

  20. Hall, P., Heath, C., Coles-Kemp, L.: Critical visualization: a case for rethinking how we visualize risk and security. J. Cybersecurity 1(1), 93–108 (2015)

    Google Scholar 

  21. Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004). http://dl.acm.org/citation.cfm?id=2017212.2017217

  22. Paul, H.: Security: Bow Tie for Cyber Security (0x01): Ho... — PI Square (2016). https://pisquare.osisoft.com/groups/security/blog/2016/08/02/bow-tie-for-cyber-security-0x01-how-to-tie-a-cyber-bow-tie

  23. IMO: Revised guidelines for Formal Safety Assessment (FSA) for use in the IMO rule-making process (2013)

    Google Scholar 

  24. Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45800-X_32

    Chapter  Google Scholar 

  25. Khakzad, N., Khan, F., Amyotte, P.: Dynamic risk analysis using bow-tie approach. Reliab. Eng. Syst. Saf. 104, 36–44 (2012)

    Article  Google Scholar 

  26. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19751-2_6

    Chapter  Google Scholar 

  27. Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Saf. 139, 156–178 (2015)

    Article  Google Scholar 

  28. Kumar, R., Stoelinga, M.: Quantitative security and safety analysis with attack-fault trees. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 25–32. IEEE (2017)

    Google Scholar 

  29. Lee, W.S., Grosh, D.L., Tillman, F.A., Lie, C.H.: Fault tree analysis, methods, and applications; a review. IEEE Trans. Reliab. 34(3), 194–203 (1985)

    Article  MATH  Google Scholar 

  30. Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12323-8

    MATH  Google Scholar 

  31. Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727_17

    Chapter  Google Scholar 

  32. Meland, P.H., Gjære, E.A.: Representing threats in BPMN 2.0. In: 2012 Seventh International Conference on Availability, Reliability and Security (ARES), pp. 542–550. IEEE (2012)

    Google Scholar 

  33. Meland, P.H., Tøndel, I.A., Jensen, J.: Idea: reusability of threat models – two approaches with an experimental evaluation. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 114–122. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11747-3_9

    Chapter  Google Scholar 

  34. Michel, C.D., Thomas, P.F., Tucci, A.E.: Cyber Risks in the Marine Transportation System. The U.S. Coast Guard Approach

    Google Scholar 

  35. Mohr, R.: Evaluating cyber risk in engineering environments: a proposed framework and methodology. SANS Institute (2016). https://www.sans.org/reading-room/whitepapers/ICS/evaluating-cyber-risk-engineering-environments-proposed-framework-methodology-37017

  36. Nesheim, D., Rødseth, Ø., Bernsmed, K., Frøystad, C., Meland, P.: Risk model and analysis. Technical rep., CySIMS (2017)

    Google Scholar 

  37. NevilleClarke: Taking-off with BowTie (2013). http://www.nevilleclarke.com/indonesia/articles/topic/52/title/

  38. Ni, H., Chen, A., Chen, N.: Some extensions on risk matrix approach. Saf. Sci. 48(10), 1269–1278 (2010)

    Article  Google Scholar 

  39. Nielsen, D.S.: The cause/consequence diagram method as a basis for quantitative accident analysis. Technical rep., Danish Atomic Energy Commission (1971)

    Google Scholar 

  40. Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 Workshop on New Security Paradigms, pp. 71–79. ACM (1998)

    Google Scholar 

  41. Piètre-Cambacédès, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Reliab. Eng. Syst. Saf. 110, 110–126 (2013)

    Article  Google Scholar 

  42. Raspotnig, C., Karpati, P., Katta, V.: A combined process for elicitation and analysis of safety and security requirements. In: Bider, I., Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Wrycza, S. (eds.) BPMDS/EMMSAD -2012. LNBIP, vol. 113, pp. 347–361. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31072-0_24

    Chapter  Google Scholar 

  43. Ruijters, E., Stoelinga, M.: Fault tree analysis: a survey of the state-of-the-art in modeling, analysis and tools. Comput. Sci. Rev. 15, 29–62 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  44. Santamarta, R.: A wake-up call for satcom security. Technical White Paper (2014)

    Google Scholar 

  45. Schneier, B.: Attack trees. Dr. Dobbs J. 24(12), 21–29 (1999)

    Google Scholar 

  46. Sha, L., Gopalakrishnan, S., Liu, X., Wang, Q.: Cyber-physical systems: a new frontier. In: IEEE International Conference on Sensor Networks, Ubiquitous and Trustworthy Computing, SUTC 2008, pp. 1–9. IEEE (2008)

    Google Scholar 

  47. Shostack, A.: Threat Modeling: Designing for Security. Wiley (2014)

    Google Scholar 

  48. Simon, H.A.: The Sciences of the Artificial. MIT Press, Cambridge (1996)

    Google Scholar 

  49. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1), 34–44 (2005)

    Article  Google Scholar 

  50. Sun, M., Mohan, S., Sha, L., Gunter, C.: Addressing safety and security contradictions in cyber-physical systems. In: Proceedings of the 1st Workshop on Future Directions in Cyber-Physical Systems Security (CPSSW 2009) (2009)

    Google Scholar 

  51. Viscusi, W.K., Aldy, J.E.: The value of a statistical life: a critical review of market estimates throughout the world. J. Risk Uncertainty 27(1), 5–76 (2003)

    Article  MATH  Google Scholar 

  52. Winther, R., Johnsen, O.-A., Gran, B.A.: Security assessments of safety critical systems using HAZOPs. In: Voges, U. (ed.) SAFECOMP 2001. LNCS, vol. 2187, pp. 14–24. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45416-0_2

    Chapter  Google Scholar 

  53. Zalewski, J., Drager, S., McKeever, W., Kornecki, A.J.: Towards experimental assessment of security threats in protecting the critical infrastructure. In: Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2012, Wroclaw, Poland (2012)

    Google Scholar 

Download references

Acknowledgments

The research leading to these results has been performed as a part of the Cyber Security in Merchant Shipping (CySiMS) project, which received funding from the Research Council of Norway under Grant No. 256508, and the SafeCOP-project, which received funding from the ECSEL Joint Undertaking under Grant No. 692529. We appreciate all the feedback and comments from Professor Guttorm Sindre at NTNU and anonymous reviewers that helped us improve this paper.

Author information

Authors and Affiliations

  1. SINTEF Digital, Trondheim, Norway

    Karin Bernsmed, Christian Frøystad & Per Håkon Meland

  2. SINTEF Ocean, Trondheim, Norway

    Dag Atle Nesheim & Ørnulf Jan Rødseth

  3. Norwegian University of Science and Technology, Trondheim, Norway

    Per Håkon Meland

Authors
  1. Karin Bernsmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Frøystad
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Per Håkon Meland
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dag Atle Nesheim
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ørnulf Jan Rødseth
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Per Håkon Meland .

Editor information

Editors and Affiliations

  1. Pennsylvania State University, University Park, Pennsylvania, USA

    Peng Liu

  2. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Sjouke Mauw

  3. Blindern, SINTEF ICT, Oslo, Norway

    Ketil Stolen

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bernsmed, K., Frøystad, C., Meland, P.H., Nesheim, D.A., Rødseth, Ø.J. (2018). Visualizing Cyber Security Risks with Bow-Tie Diagrams. In: Liu, P., Mauw, S., Stolen, K. (eds) Graphical Models for Security. GraMSec 2017. Lecture Notes in Computer Science(), vol 10744. Springer, Cham. https://doi.org/10.1007/978-3-319-74860-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-74860-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-74859-7

  • Online ISBN: 978-3-319-74860-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation