Ledwaba, Lehlogonolo PIVenter, HS2017-09-292017-09-292017-01Ledwaba, L. and Venter, H.S. 2017. A threat-vulnerability based risk analysis model for cyber physical system security. Proceedings of the 50th Hawaii International Conference on System Sciences, 4-7 January 2017, Kona, Hawaii, USA978-0-9981331-0-2https://scholarspace.manoa.hawaii.edu/handle/10125/41890https://www.researchgate.net/publication/312092805_A_Threat-Vulnerability_Based_Risk_Analysis_Model_for_Cyber_Physical_System_Securityhttp://aisel.aisnet.org/hicss-50/st/cyber-of-things/3/http://hdl.handle.net/10204/9613Proceedings of the 50th Hawaii International Conference on System Sciences, 4-7 January 2017, Kona, Hawaii, USAThe ability to network machinery and devices that are otherwise isolated is highly attractive to industry. This has led to growth in the use of cyber-physical systems (CPSs) with existing infrastructure. However, coupling physical and cyber processes leaves CPSs vulnerable to security attacks. A threat-vulnerability based risk model is developed through a detailed analysis of CPS security attack structures and threats. The Stuxnet malware attack is used to test the viability of the proposed model. An analysis of the Natanz system shows that, with an actual case security-risk score at Mitigation level 5, the infested facilities barely avoided a situation worse than the one which occurred. The paper concludes with a discussion on the need for risk analysis as part of CPS security and highlights the future work of modelling and comparing existing security solutions using the proposed model so to identify the sectors where CPS security is still lacking.enRisk AnalysisCyber physical systemsSecurityStuxnetRisk ModelConference PresentationLedwaba, L., & Venter, H. (2017). A threat-vulnerability based risk analysis model for cyber physical system security. AIS Electronic Library. http://hdl.handle.net/10204/9613Ledwaba, Lehlogonolo, and HS Venter. "A threat-vulnerability based risk analysis model for cyber physical system security." (2017): http://hdl.handle.net/10204/9613Ledwaba L, Venter H, A threat-vulnerability based risk analysis model for cyber physical system security; AIS Electronic Library; 2017. http://hdl.handle.net/10204/9613 .TY - Conference Presentation AU - Ledwaba, Lehlogonolo AU - Venter, HS AB - The ability to network machinery and devices that are otherwise isolated is highly attractive to industry. This has led to growth in the use of cyber-physical systems (CPSs) with existing infrastructure. However, coupling physical and cyber processes leaves CPSs vulnerable to security attacks. A threat-vulnerability based risk model is developed through a detailed analysis of CPS security attack structures and threats. The Stuxnet malware attack is used to test the viability of the proposed model. An analysis of the Natanz system shows that, with an actual case security-risk score at Mitigation level 5, the infested facilities barely avoided a situation worse than the one which occurred. The paper concludes with a discussion on the need for risk analysis as part of CPS security and highlights the future work of modelling and comparing existing security solutions using the proposed model so to identify the sectors where CPS security is still lacking. DA - 2017-01 DB - ResearchSpace DP - CSIR KW - Risk Analysis KW - Cyber physical systems KW - Security KW - Stuxnet KW - Risk Model LK - https://researchspace.csir.co.za PY - 2017 SM - 978-0-9981331-0-2 T1 - A threat-vulnerability based risk analysis model for cyber physical system security TI - A threat-vulnerability based risk analysis model for cyber physical system security UR - http://hdl.handle.net/10204/9613 ER -