Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Model-Based Cybersecurity Analysis: Extending Enterprise Modeling to Critical Infrastructure Cybersecurity
Nanyang Technological University, Singapore.ORCID iD: 0000-0003-4791-8452
University of Skövde.ORCID iD: 0000-0002-9421-8566
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.ORCID iD: 0000-0002-8927-0968
Norgald AB, Sweden.
2023 (English)In: Business & Information Systems Engineering, ISSN 2363-7005, E-ISSN 1867-0202, Vol. 65, no 6, p. 643-676Article in journal (Refereed) Published
Abstract [en]

Critical infrastructure (CIs) such as power gridslink a plethora of physical components from many differentvendors to the software systems that control them. Thesesystems are constantly threatened by sophisticated cyberattacks. The need to improve the cybersecurity of such CIs,through holistic system modeling and vulnerability analysis,cannot be overstated. This is challenging since a CIincorporates complex data from multiple interconnectedphysical and computation systems. Meanwhile, exploitingvulnerabilities in different information technology (IT) andoperational technology (OT) systems leads to variouscascading effects due to interconnections between systems.The paper investigates the use of a comprehensive taxonomyto model such interconnections and the implieddependencies within complex CIs, bridging the knowledgegap between IT security and OT security. The complexityof CI dependence analysis is harnessed by partitioningcomplicated dependencies into cyber and cyber-physicalfunctional dependencies. These defined functionaldependencies further support cascade modeling for vulnerabilityseverity assessment and identification of criticalcomponents in a complex system. On top of the proposedtaxonomy, the paper further suggests power-grid referencemodels that enhance the reproducibility and applicability ofthe proposed method. The methodology followed wasdesign science research (DSR) to support the designing andvalidation of the proposed artifacts. More specifically, thestructural, functional adequacy, compatibility, and coveragecharacteristics of the proposed artifacts are evaluatedthrough a three-fold validation (two case studies and expertinterviews). The first study uses two instantiated powergridmodels extracted from existing architectures andframeworks like the IEC 62351 series. The second studyinvolves a real-world municipal power grid. © 2023, The Author(s).

Place, publisher, year, edition, pages
Springer, 2023. Vol. 65, no 6, p. 643-676
Keywords [en]
Critical infrastructure, Domain-specific language, Cybersecurity, Power grids
National Category
Computer Sciences
Research subject
Telecommunication Systems; Computer Science; Software Engineering
Identifiers
URN: urn:nbn:se:bth-24497DOI: 10.1007/s12599-023-00811-0ISI: 000982391100001Scopus ID: 2-s2.0-85158156411OAI: oai:DiVA.org:bth-24497DiVA, id: diva2:1755269
Available from: 2023-05-07 Created: 2023-05-07 Last updated: 2023-12-05Bibliographically approved

Open Access in DiVA

fulltext(7731 kB)159 downloads
File information
File name FULLTEXT01.pdfFile size 7731 kBChecksum SHA-512
5be255b9056bcaceaf31839f722af11d40b206dff4e296f844f56814c3d6a6041bacea33fa797b4b259160f626dd056c0aff623e111b9ab4227199f0fc9b214c
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Ding, Jianguo

Search in DiVA

By author/editor
Jiang, YuningJeusfeld, Manfred A.Ding, Jianguo
By organisation
Department of Computer Science
In the same journal
Business & Information Systems Engineering
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 159 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 209 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf