The Impact of Network Design Interventions on CPS Security

TL;DR

This paper models how network design changes in cyber-physical systems can enhance security against attackers, using a game-theoretic approach and a case study on automotive networks to evaluate intervention effectiveness.

Contribution

It introduces a game-theoretic framework for analyzing network design interventions in CPS security, incorporating CVSS and ISO-26262 metrics for parameter selection.

Findings

Network interventions can significantly improve CPS security.

Game-theoretic analysis guides optimal network design choices.

Numerical experiments demonstrate practical security improvements.

Abstract

We study a game-theoretic model of the interactions between a Cyber-Physical System's (CPS) operator (the defender) against an attacker who launches stepping-stone attacks to reach critical assets within the CPS. We consider that, in addition to optimally allocating its security budget to protect the assets, the defender may choose to modify the CPS through network design interventions. In particular, we propose and motivate four ways in which the defender can introduce additional nodes in the CPS: these nodes may be intended as additional safeguards, be added for functional or structural redundancies, or introduce additional functionalities in the system. We analyze the security implications of each of these design interventions, and evaluate their impacts on the security of an automotive network as our case study. We motivate the choice of the attack graph for this case study and elaborate how the parameters in the resulting security game are selected using the CVSS metrics and the ISO-26262 ASIL ratings as guidance. We then use numerical experiments to verify and evaluate how our proposed network interventions may be used to guide improvements in automotive security.