Security Decisions for Cyber-Physical Systems based on Solving Critical Node Problems with Vulnerable Nodes

TL;DR

This paper introduces a novel approach for cybersecurity decision-making in cyber-physical systems by applying the NP-hard Critical Node Cut Problem with Vulnerable Vertices to identify devices for isolation during cyberattacks.

Contribution

It is the first to adapt and evaluate the CNP-V model for cybersecurity, providing a new method for isolating vulnerable devices in cyber-physical systems.

Findings

Proposed a new application of CNP-V in cybersecurity.

Demonstrated the effectiveness of the approach in identifying critical devices.

Provided insights into the computational complexity of the problem.

Abstract

Cyber-physical production systems consist of highly specialized software and hardware components. Most components and communication protocols are not built according to the Secure by Design principle. Therefore, their resilience to cyberattacks is limited. This limitation can be overcome with common operational pictures generated by security monitoring solutions. These pictures provide information about communication relationships of both attacked and non-attacked devices, and serve as a decision-making basis for security officers in the event of cyberattacks. The objective of these decisions is to isolate a limited number of devices rather than shutting down the entire production system. In this work, we propose and evaluate a concept for finding the devices to isolate. Our approach is based on solving the Critical Node Cut Problem with Vulnerable Vertices (CNP-V) - an NP-hard computational problem originally motivated by isolating vulnerable people in case of a pandemic. To the best of our knowledge, this is the first work on applying CNP-V in context of cybersecurity.