Abstract
Defending networks against cyber attacks is often reactive rather than proactive. Attacks against enterprises are often monetary driven and are targeted to compromise data. While the best practices in enterprise-level cyber security of IT infrastructures are well established, the same cannot be said for critical infrastructures that exist in the manufacturing industry. Often guided by these best practices, manufacturing enterprises apply blanket cyber security in order to protect their networks, resulting in either under or over protection. In addition, these networks comprise heterogeneous entities such as machinery, control systems, digital twins and interfaces to the external supply chain making them susceptible to cyber attacks that cripple the manufacturing enterprise. Therefore, it is necessary to analyse, comprehend and quantify the essential metrics of providing targeted and optimised cyber security for manufacturing enterprises. This paper presents a novel data-driven approach to develop the essential metrics, namely, Damage Index (DI) and Vulnerability Index (VI) that quantify the extent of damage a manufacturing enterprise could suffer due to a cyber attack and the vulnerabilities of the heterogeneous entities within the enterprise respectively. A use case for computing the metrics is also demonstrated. This work builds a strong foundation for development of an adaptive cyber security architecture with optimal use of IT resources for manufacturing enterprises.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
McKinsey & Company: Manufacturing the Future: The Next Era of Global Growth and Innovation. McKinsey Global, New York (2012)
World Economic Forum (WEF): The Future of Manufacturing: Opportunities to Drive Economic Growth. WEF, Switzerland (2012)
Symantec: Internet Security Threat Report, vol. 20. Symantec Corporation, Mountain View (2015)
McAfee Labs: 2012 Threat Predictions. McAfee, Santa Clara (2011)
Cisco: Cisco Connected Factory – Security. Infographic Report. Cisco, San Francisco (2014)
Wangen, G.: Role of malware in reported cyber espionage: a review of impact & mechanism. Information 6(2), 183–211 (2015)
Wells, L.J., Camelio, J.A., Williams, C.B., White, J.: Cyber-physical security challenges in manufacturing systems. Manuf. Lett. 2(2), 74–77 (2014)
Yang, W., Qianchuan Z.: Cyber security issues of critical components for industrial control system. In: IEEE International Conference on Guidance, Navigation and Control (CGNCC), Yantai, China, 8–10 August 2014
Dacer, M.C., Kargl, F., König, H., Valdes, A.: Network attack detection and defense: securing industrial control systems for critical infrastructures (Dagstuhl Seminar 14292). Dagstuhl Rep. 4(7), 62–79 (2014)
Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P., Jones, K.: A survey of cyber security management in industrial control systems. Int. J. Crit. Infrastruct. Prot. 9, 52–80 (2015)
He, H., Maple, C., Watson, T., Tiwari, A., Mehnen, J., Jin, Y., Gabrys, B.: The security challenges in the IoT enabled cyber-physical systems and opportunities for evolutionary computing & other computational intelligence. In: 2016 IEEE Congress on Evolutionary Computation (CEC), pp. 1015–1021. IEEE (2016)
Meshram, A., Haas, C.: Anomaly detection in industrial networks using machine learning: a roadmap. In: Machine Learning for Cyber Physical Systems, pp. 65–72. Springer, Berlin (2017)
Thames, L., Schaefer, D.: Cybersecurity for Industry 4.0 and advanced manufacturing environments with ensemble intelligence. In: Cybersecurity for Industry 4.0, pp. 243–265. Springer International Publishing (2017)
Tiwari, A., Vergidis, K., Lloyd, R., Cushen, J.: Automated inspection using database technology within the aerospace industry. Proc. Inst. Mech. Eng. Part B: J. Eng. Manuf. 222(2), 175–183 (2008)
Ko, J., Lee, S., Shon, T.: Towards a novel quantification approach based on smart grid network vulnerability score. Int. J. Energy Res. 40, 298–312 (2015)
Ko, J., Lim, H., Lee, S., Shon, T.: AVQS: attack route-based vulnerability quantification scheme for smart grid. Sci. World J. 2014, 1–6 (2014)
Common Vulnerability Scoring System (CVSS) https://www.first.org/cvss/. Assessed 1 Oct 2017
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Prabhu, V., Oyekan, J., Eng, S., Woei, L.E., Tiwari, A. (2019). Towards Data-Driven Cyber Attack Damage and Vulnerability Estimation for Manufacturing Enterprises. In: Auer, M., Langmann, R. (eds) Smart Industry & Smart Education. REV 2018. Lecture Notes in Networks and Systems, vol 47. Springer, Cham. https://doi.org/10.1007/978-3-319-95678-7_38
Download citation
DOI: https://doi.org/10.1007/978-3-319-95678-7_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-95677-0
Online ISBN: 978-3-319-95678-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)