Model-Based Cybersecurity Analysis

Abstract Critical infrastructure (CIs) such as power grids link a plethora of physical components from many different vendors to the software systems that control them. These are constantly threatened by sophisticated cyber attacks. The need improve cybersecurity CIs, through holistic system modeling and vulnerability analysis, cannot be overstated. This is challenging since CI incorporates complex data multiple interconnected computation systems. Meanwhile, exploiting vulnerabilities in information technology (IT) operational (OT) leads various cascading effects due interconnections between paper investigates use comprehensive taxonomy model implied dependencies within bridging knowledge gap IT security OT security. complexity dependence analysis harnessed partitioning complicated into cyber-physical functional dependencies. defined further support cascade for severity assessment identification critical system. On top proposed taxonomy, suggests power-grid reference models enhance reproducibility applicability method. methodology followed was design science research (DSR) designing validation artifacts. More specifically, structural, adequacy, compatibility, coverage characteristics artifacts evaluated three-fold (two case studies expert interviews). first study uses two instantiated extracted existing architectures frameworks like IEC 62351 series. second involves real-world municipal grid.