CPS Risk Mitigation and Criticality Assessment

People
Publications
Sponsors

Project Objectives

  • Develop a holistic, model-based risk assessment framework for Cyber-Physical Systems (CPS) that identifies critical assets, system vulnerabilities, and potential attack paths.
  • Automate the identification and prioritization of critical assets by analyzing CPS architecture using Unified Modeling Language (UML) and Coloured Petri Nets.
  • Automatically assess vulnerabilities and evaluate exploitable attack paths using STRIDE, which is applied to the Windfarm Case Study.
  • Understand potential systemic failures; use causal loop diagrams (CLDs) to model cascading attack effects on interconnected CPS components.
  • Integrate a Zero Trust Architecture (ZTA) as a modular, plug-and-play gateway to enforce least-privilege access, deep packet inspection, and threat pattern recognition without modifying the existing CPS infrastructure

Project Summary

This project presents a comprehensive framework for assessing and mitigating cyber risks in Industrial Control Systems (ICS), particularly focusing on Cyber-Physical Systems (CPS) such as wind farms. It combines model-based techniques and formal methods to identify critical assets, assess vulnerabilities, and analyze the cascading effects of cyberattacks. Unified Modeling Language (UML), Data Flow Diagrams (DFD), and Coloured Petri Nets (CPN) are utilized to systematically model system interactions and simulate attack scenarios, while STRIDE threat modeling evaluates threats across both tangible and intangible assets. The framework also integrates a modular Zero Trust Architecture (ZTA) to enforce fine-grained access control and prevent unauthorized operations, thereby enhancing the cyber-resilience of the system. This integrated approach enables proactive risk management and supports security-by-design for complex ICS infrastructures.

Our Team

Faculty Member

Indrakshi Ray
Faculty Member
Homepage

Students

Shwetha Gowdanakatte
PhD Student
LinkedIn
Mahmoud Abdelgawad
PhD Student

Publications

  • Gowdanakatte, Shwetha, Indrakshi Ray, and Mahmoud Abdelgawad. “Model based risk assessment and risk mitigation framework for cyber-physical systems.” 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). IEEE, 2023.
  • Gowdanakatte, Shwetha, Mahmoud Abdelgawad, and Indrakshi Ray. “Assets Criticality Assessment of Industrial Control Systems: A Wind Farm Case Study.” 2024 IEEE 24th International Conference on Software Quality, Reliability and Security (QRS). IEEE, 2024.

Sponsors

This work was supported in part by funding from NSF under Award Numbers ATD 2123761, CNS 1822118, CNS 2335687, ARL, Statnett, AMI, NewPush, and Cyber Risk Research, and funding from NIST under Award Number 60NANB23D152, and Cyber Risk Research