Quantitative cyber risk reduction estimation methodology for a small SCADA control system

Proceedings of the Annual Hawaii International Conference on System Sciences

Volumn 9, Issue , 2006, Pages 226-

  McQueen, Miles A ^a   Boyer, Wayne F ^a   Flynn, Mark A ^a   Beitel, George A ^a  

^a IDAHO NATIONAL LABORATORY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CYBER SECURITY DEFENSES; QUANTITATIVE MEASUREMENTS; RISK REDUCTION;

COMPUTER CRIME; CONTROL SYSTEMS; GRAPH THEORY; RISK MANAGEMENT;

SCADA SYSTEMS;

EID: 33749639831     PISSN: 15301605     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/HICSS.2006.405     Document Type: Conference Paper

References (12)

1. Beitel, G. A., Gertman, D. I. and Plum, M. M., "Balanced Scorecard Method for Predicting the Probability of a Terrorist Attack," Presented at Risk Analysis 2004, September 27-29, 2004, Rhodes, Greece.
2. Byres, E. J., Franz, M. and Miller, D., "The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems", International Infrastructure Survivability Workshop (IISW '04), IEEE, Lisbon, Portugal, December 4, 2004
3. Carlson, R. E., Turnquist, M. A. and Nozick, L. K., Expected Losses, Insurability, and Benefits from Reducing Vulnerability to Attacks, SAND2004-0742, Sandia National Laboratories, Albuquerque, New Mexico, 2004.
4. Dacier, M., Deswarte, Y. and Kaaniche, M., "Quantitative Assessment of Operational Security: Models and Tools" Information Systems Security, ed. by S. K. Katsikas and D. Gritzalis, London, Chapman & Hall, p.179-86, 1996.
5. Haimes, Yacov Y., "Accident Precursors, Terrorist Attacks, and Systems Engineering," Presented at the NAE Workshop, 2003.
6. Madan, B. B., Goševa-Popstojavova, K., Vaidyanathan, K. and Trivedi, K. S., "Modeling and Quantification of Security Attributes of Software Systems," International Conference on Dependable Systems and Networks, Washington, DC, 2002.
7. Major, J. A., "Advanced Techniques for Modeling Terrorism Risk," Journal of Risk Finance, Fall 2002.
8. McQueen, M. A., Boyer, W. F., Flynn, M. A. and Beitel, G. A., "Time-to-Compromise Model for Cyber Risk Reduction Estimation", First Workshop on Quality of Protection, Milan, Italy - September 15, 2005.
9. Rinaldi, S., "Modeling and Simulating Critical Infrastructures and Their Interdependencies," Proceedings of the 37th Hawaii International Conference on System Science, 2004.
10. Scambray, J. and McClure, S., "Hacking Exposed Windows 2000: Network Security Secrets and Solutions," McGraw_Hill, 2001.
11. Sheyner, O., Haines, J., Jha, S., Lippmann, R. and Wing, J. M., "Automated Generation and Analysis of Attack Graphs," Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, Berkeley, California, May 2002, 273-284.
12. Taylor C., Krings, A. and Alves-Foss, J., "Risk Analysis and Probabilistic Survivability Assessment (RAPSA): An Assessment Approach for Power Substation Hardening," Proc. ACM Workshop on Scientific Aspects of Cyber Terrorism, (SACT), Washington DC, November 21, 2002.