MUMBA: Multi-faceted Metrics for ICS Business Risk Analysis

MUMBA：ICS 业务风险分析的多方面指标

• 批准号: EP/M002780/1
• 负责人: Awais Rashid
• 金额: $ 50.19万
• 依托单位: Lancaster University
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2014
• 资助国家: 英国
• 起止时间: 2014 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FM002780%2F1
• 关键词: MUMBA; Multi; faceted; Metrics; ICS

The evolution of cyber space is transforming the way our infrastructure is managed. Industrial control systems, that is those systems that manage critical utility infrastructure such as Energy, Water and Transport are increasingly interacting with enterprise IT systems in intricate fashions. This leads to an increase in the level of threats to these critical infrastructures. This is only too evident from cyber weapons such as Stuxnet which targeted centrifuges in Iran's nuclear facilities and more recent news that over 60,000 exposed control systems were accessible online. The US Defence Secretary Leon Panetta described a recent spate of cyber attacks against critical infrastructures as a "pre-9/11 moment". The cyber attack surface of future generations of control systems is likely to increase further with new technologies and working practices such as the use of autonomous software agents in their operation and handheld wireless devices in control and maintenance.Given the importance of industrial control systems to society, it is important that decision-makers are able to effectively articulate the risks posed to them from cyber space. Even more importantly, decision-makers should be able to understand and respond to such risks from a business continuity and recovery perspective in order to evaluate and prioritise their mitigation responses. However, to date, metrics for articulating cyber risk in such settings have largely been driven by technical measures pertaining to security of information or resilience of the control system itself. Though important, these metrics bear little relationship to typical factors used in business risk analysis, such as business continuity, disaster recovery, cost, reputation, impact on resources, etc. The MUMBA project takes the perspective that metrics for articulating cyber risk (in industrial control systems) as business risk only make sense in the context of what we understand the larger system to be, and cannot sensibly be designed without a model of this system. Post-hoc mapping of security and resilience metrics to business risk fails to account for the complex socio-technical landscape in which current and future generations of control systems reside. Effective articulation of cyber risk as business risk requires multi-faceted metrics that are first and foremost driven by business risk concepts. Such metrics consider business risk both along and across various facets of an industrial control system setting i.e., the control system itself, enterprise systems, business processes, people, third party organisations in the product/service supply chain and new/emergent technologies (and associated working practices). Furthermore, the project addresses the need to contextualise these metrics to a particular critical infrastructure domain to ensure meaningful interpretation of business risks and prioritisation and implementation of responses (i.e., whether to mitigate, transfer, accept or avoid particular risks).The project involves a world-leading multi-disciplinary team of researchers in cyber security, resilient industrial control systems, risk management and social anthropology from the Security Lancaster research centre. This academic expertise is complemented by practical insights provided by four industry partners: Airbus, Thales, Atkins Global and Raytheon. Through its research into the complex socio-technical processes at play in contemporary industrial control system settings, new metrics and how to instrument such environments to gather relevant data to compute such metrics, the project aims to become a cornerstone for future research and practice on articulating cyber risk as business risk.

网络空间的发展正在改变我们管理基础设施的方式。工业控制系统，即那些管理能源、水和交通等关键公用事业基础设施的系统，越来越多地以错综复杂的方式与企业IT系统交互。这导致对这些关键基础设施的威胁程度增加。这一点从Stuxnet等针对伊朗核设施离心机的网络武器，以及最近有消息称，超过6万个暴露的控制系统可以在线访问上，再明显不过了。美国国防部长利昂·帕内塔将最近一系列针对关键基础设施的网络攻击描述为“9·11事件前的时刻”。随着新的技术和工作实践，未来几代控制系统的网络攻击面可能会进一步增加，例如在操作中使用自主软件代理，在控制和维护中使用手持无线设备。鉴于工业控制系统对社会的重要性，重要的是决策者能够有效地阐明网络空间对他们构成的风险。更重要的是，决策者应能够从业务连续性和复苏的角度理解和应对此类风险，以便评估其缓解措施并确定其优先顺序。然而，到目前为止，在这种情况下阐明网络风险的指标在很大程度上是由与信息安全或控制系统本身的弹性有关的技术措施推动的。虽然这些指标很重要，但与业务风险分析中使用的典型因素(如业务连续性、灾难恢复、成本、声誉、对资源的影响等)几乎没有关系。Mumba项目的观点是，将网络风险(在工业控制系统中)作为业务风险进行表述的指标只有在我们理解的更大系统的背景下才有意义，如果没有该系统的模型，就不能合理地设计。安全和复原力指标与业务风险的事后映射未能考虑到当前和未来几代控制系统所处的复杂社会技术环境。将网络风险有效地表述为业务风险需要多方面的指标，这些指标首先由业务风险概念驱动。这些衡量标准考虑了工业控制系统设置的各个方面的业务风险，即控制系统本身、企业系统、业务流程、人员、产品/服务供应链中的第三方组织和新/新兴技术(以及相关的工作实践)。此外，该项目解决了将这些指标与特定关键基础设施领域联系起来的需要，以确保对业务风险进行有意义的解释，并确定响应的优先顺序和实施(即是否缓解、转移、接受或避免特定风险)。该项目涉及来自安全兰开斯特研究中心的世界领先的多学科研究团队，涉及网络安全、弹性工业控制系统、风险管理和社会人类学。这一学术专业知识得到了四家行业合作伙伴提供的实际见解的补充：空中客车、泰利斯、阿特金斯全球公司和雷神公司。通过对当代工业控制系统环境中正在发挥作用的复杂社会技术过程、新指标以及如何测量此类环境以收集相关数据来计算此类指标的研究，该项目旨在成为未来将网络风险表述为商业风险的研究和实践的基石。

项目成果

The Good, the Bad and the Ugly: A Study of Security Decisions in a Cyber-Physical Systems Game

好、坏、丑：网络物理系统博弈中安全决策的研究

• DOI: 10.1109/tse.2017.2782813
• 发表时间: 2019
• 期刊: IEEE Transactions on Software Engineering
• 影响因子: 7.4
• 作者: Frey S

Contextualising and aligning security metrics and business objectives: A GQM-based methodology

将安全指标与业务目标结合起来并加以调整：基于 GQM 的方法

• DOI: 10.1016/j.cose.2019.101634
• 发表时间: 2020
• 期刊: Computers & Security
• 影响因子: 5.6
• 作者: Philippou E

CPS-SPC 2018

CPS-SPC 2018

• DOI: 10.1145/3243734.3243874
• 发表时间: 2018
• 作者: Rashid A

On the role of latent design conditions in cyber-physical systems security

潜在设计条件在网络物理系统安全中的作用

• DOI: 10.1145/2897035.2897036
• 发表时间: 2016
• 作者: Frey S

The Good, the Bad and the Ugly

黄金三镖客

• DOI: 10.1007/978-3-658-14698-6_10
• 发表时间: 2017
• 作者: Hißnauer;Christian
• 通讯作者: Christian