Quantitative Cybersecurity Analysis Framework for Cyber Physical Systems: A Conceptual Approach

Abdulhamid, Alhassan, KABIR, Sohag, Ghafir, Ibrahim, Lei, Ci, HINDI, KHALIL EL and Hammoudeh, Mohammad ORCID: https://orcid.org/0000-0003-1058-0996 (2025) Quantitative Cybersecurity Analysis Framework for Cyber Physical Systems: A Conceptual Approach. IEEE Open Journal of the Computer Society. pp. 1-14. ISSN 2644-1268

Preview

Accepted Version Available under License Creative Commons Attribution. Download (1MB) | Preview

Abstract

Cyber-physical systems (CPS) are indispensable in various sectors, enabling convenient and efficient processes in today's rapidly evolving technological landscape. However, the integration of internet-enabled components with physical processes exposes CPS to numerous security threats, rendering them susceptible to potential cyber-attacks. This paper presents a quantitative analysis framework for evaluating the security attributes of CPS conceptual design. Focusing on CPS design architecture, the framework models and quantifies security attributes by considering various dimensions. The paper demonstrates the integration of qualitative expert inputs into a fuzzy logic system to address the challenges and uncertainties associated with vulnerability data in CPS security quantification. Additionally, the paper examines the statistical dependence of basic attack steps (BASs) and their impact on the overall system security analysis, taking into account the intricate connectivity of CPS and the vulnerabilities that attackers could exploit. The novelty of the proposed framework lies in its integrated approach to modelling and quantifying cybersecurity attributes in the CPS environment while considering uncertainties in vulnerability data and dependencies between security events. The computation of statistical and stochastic dependencies among BASs is performed by mapping the attack tree (AT) to a more advanced statistical model known as the Bayesian network (BN). The application of this framework was demonstrated using an intelligent glucose monitoring and insulin administration system (IGMIAS). The framework's general nature makes it adaptable for quantifying cybersecurity behaviours in any CPS environment.