AI-based Identification of Most Critical Cyberattacks in Industrial Systems

TL;DR

This paper introduces an AI-driven framework to identify the most critical cyberattacks on industrial systems by simulating attack scenarios and assessing their impact on operational KPIs, aiding cybersecurity development.

Contribution

It presents a novel augmented simulation model combined with AI-based optimization to evaluate attack severity considering system operation and attacker constraints.

Findings

Successfully applied to an electrical power distribution system

Identifies attack scenarios with highest impact on KPIs

Provides a systematic approach for cybersecurity prioritization

Abstract

Modern industrial systems face a growing threat from sophisticated cyberattacks that can cause significant operational disruptions. This work presents a novel methodology for identification of the most critical cyberattacks that may disrupt the operation of such a system. Application of the proposed framework can enable the design and development of advanced cybersecurity solutions for a wide range of industrial applications. Attacks are assessed taking into direct consideration how they impact the system operation as measured by a defined Key Performance Indicator (KPI). A simulation model (SM), of the industrial process is employed for calculation of the KPI based on operating conditions. Such SM is augmented with a layer of information describing the communication network topology, connected devices, and potential actions an adversary can take based on each device or network link. Each possible action is associated with an abstract measure of effort, which is interpreted as a cost. It is assumed that the adversary has a corresponding budget that constrains the selection of the sequence of actions defining the progression of the attack. A dynamical system comprising a set of states associated with the cyberattack (cyber-states) and transition logic for updating their values is also proposed. The resulting augmented simulation model (ASM) is then employed in an artificial intelligence-based sequential decision-making optimization to yield the most critical cyberattack scenarios as measured by their impact on the defined KPI. The methodology is successfully tested based on an electrical power distribution system use case.