Cyber-Security Evaluation for a Hypothetical Nuclear Power Plant using the Attack Tree Method

No Thumbnail Available
Date
2015
Authors
Akinola, A. A.
Kuye, A. O.
Ayodeji, A
Journal Title
Journal ISSN
Volume Title
Publisher
Journal of Physical Security
Abstract
The widespread introduction of digital network systems in nuclear power plants has increased such infrastructures vulnerability to cyber-attacks. The attack tree approach to evaluate and analyze cyber-attacks quantitatively, in a nuclear power plants’ network system is presented in this work. Information on a hypothetical nuclear power plants’ network system was used to build attack trees that show different attack paths that external adversaries can use to compromise the network system. To assert the ease or difficulty of compromising each attack tree, numerical values are assigned to the leaf nodes of each attack tree. The return on attack for each intermediate node and the root node are then calculated. This calculation is done by randomly varying the vulnerability values of the leaf nodes within the designated range. On observing high return of attack values with the two attack trees developed, countermeasures were then implemented. Modified network systems were constructed and the return on attack recalculated. The return on attack (ROA) values for the nodes were observed to decrease, after implementing the countermeasures on the network security systems.
Description
Staff publications
Keywords
Attack tree , Vulnerability assessment , Return on attack , Cyber security , Research Subject Categories::TECHNOLOGY::Chemical engineering
Citation
Akinola, A. A, Kuye, A. and Ayodeji, A., (2015). Cyber-Security Evaluation for a Hypothetical Nuclear Power Plant using the Attack Tree Method. Journal of Physical Security, Vol.8(1), 19 ‐36pp.