Dynamic Probabilistic Risk Assessment for Cyber Security Risk Analysis

Dynamic Probabilistic Risk Assessment for Cyber Security Risk Analysis
Slide Note
Embed
Share

This study focuses on Dynamic Probabilistic Risk Assessment (DPRA) techniques for cyber security risk analysis in nuclear reactors. It explores how DPRA models system evolution amid random events, changes in system properties, and behavior of human operators and attackers. The research emphasizes identifying initiating events, potential consequences, and likelihood of occurrence to enhance safety and security in nuclear facilities.

  • Risk Assessment
  • Cyber Security
  • Nuclear Reactors
  • DPRA
  • System Evolution
lupton_l
lupton_l Follow

Uploaded on Mar 15, 2025 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Dynamic Probabilistic Risk Assessment for Cyber Security Risk Analysis in Nuclear Reactors. Pavan Kumar Vaddi, Yunfei Zhao, and Carol Smidts Department of Mechanical and Aerospace Engineering, The Ohio State University. June 30, 2022.

  2. Introduction Objectives of PRA: 1. Identify what can go wrong identifying the initiating events and the possible sequences of events that can result in undesirable consequences. 2. Identify and Establish what are the consequences if something went wrong identifying and evaluating the above-mentioned potentially risky consequences when the initiating events occur and evolve. 3. Quantify how likely it is for something to go wrong computing the likelihood of occurrence of the above-mentioned initiating events and the probabilities that those initiating events evolve into said dangerous scenarios A. Mosleh, PRA: A PERSPECTIVE ON STRENGTHS, CURRENT LIMITATIONS, AND POSSIBLE IMPROVEMENTS, Nucl. Eng. Technol., vol. 46, no. 1, pp. 1 10, Feb. 2014, doi: 10.5516/NET.03.2014.700. R. J. Breeding, T. J. Leahy, and J. Young, Probabilistic risk assessment course documentation. Volume 1: PRA fundamentals, Energy, Inc., Seattle, WA (USA), NUREG/CR-4350/1; SAND-85-1495/1, Aug. 1985. doi: 10.2172/6277413.

  3. Introduction Initiating events: any event that creates a disturbance in the plant that has the potential to lead to core damage, depending on the successful operation of the required mitigation systems in the plant. 1. Component failures mechanical or software. 2. Operator errors. 3. Cyber-attacks. International Atomic Energy Agency, Defining initiating events for purposes of probabilistic safety assessment, IAEA-TECDOC-719, International Atomic Energy Agency. 1993.

  4. Elements of Cyber-Attack on ICS interaction between the attacker and the defender Attacker Defender / Operator Manual Control Digital Components Physical World Physical Components The ICS under attack

  5. Introduction Dynamic Probabilistic Risk Assessment A set of probabilistic risk assessment techniques that uses deterministic physics based dynamic models of the system to study its evolution in the context of random events. Advantages of DPRA: 1. Modeling and incorporating the changes in system properties as functions of physics and time. ex: failure rates. 2. Modeling the changes in the behaviour of human operators with respect to system states and time. 3. Capturing the evolution of the system over time due to random events.* 4. Modeling the changes in the behaviour of attackers and defenders (operators) with respect to system states and time. J. Devooght and C. Smidts, Probabilistic Reactor Dynamics I: The Theory of Continuous Event Trees, Nucl. Sci. Eng., vol. 111, no. 3, pp. 229 240, Jul. 1992, doi: 10.13182/NSE92-A23937. T. Aldemir, A survey of dynamic methodologies for probabilistic safety assessment of nuclear power plants, Ann. Nucl. Energy, vol. 52, pp. 113 124, Feb. 2013, doi: 10.1016/j.anucene.2012.08.001.

  6. DPRA and Elements of Cyber-Attack on ICS Existing DPRA techniques Attacker Defender / Operator Digital Components Physical World Physical Components The ICS under attack

  7. DPRA and Elements of Cyber-Attack on ICS Proposed DPRA framework interaction between the attacker and the defender Attacker Defender / Operator Digital Components Physical World Physical Components The ICS under attack

  8. Theory of Continuous Event Trees System Description ? - A vector representing the physical state of a nuclear power plant. Vector of physical variables such as pressure, flowrate, temperature etc. ? ? is a point in continuous space with its boundaries determined by system physics. ? ? represents the space of all possible physical state vectors ?. ? - The states of the components in the NPP are represented using a discrete vector. ? represents the set of all possible component states. The couple (?,?) represents the latest pair of actions taken by the defender and the attacker respectively. ? = {?1,?2,?3 }is the defender s action space. ? = {?1,?2,?3 }is the attacker s action space. We assume that the defender and the attacker action spaces are discrete. At any time ?, the overall system state of the NPP is represented using the tuple ( ?,?,?,?,?).

  9. Theory of Continuous Event Trees System Description ? - The states of the components in the NPP are represented using a discrete vector. For example, we can use integers to represent discrete states of components. 0 Normal, 1 - Failed, 2 Compromised. For the example system, ? = [?1,?2,?3], where ?1,?2? 0,1,2 ,?3 {0,1} Controller (1) Digital flow sensor (2) Mechanical Valve (3)

  10. Theory of Continuous Event Trees - Trajectories ? ?? ? = ??( ?,?) Trajectories in state space Assume that the solution to the above equation is ?(?) = ??(?, ?0). Trajectory is dependent on ?, which in turn depends on physics (component failures), and the actions of the defender and the attacker (?,?). ?? ?1,?,?1,?1,? ?? ?1,?,?0,?0,? ? ?|?1,?1, ?1 ?? ?1 ,?,?0,?0,? ?0,?,?0,?0,?0 ?0 ,?,?0,?0,?0 time J. Devooght and C. Smidts, Probabilistic Reactor Dynamics I: The Theory of Continuous Event Trees, Nucl. Sci. Eng., vol. 111, no. 3, pp. 229 240, Jul. 1992, doi: 10.13182/NSE92-A23937.

  11. Theory of Continuous Event Trees ??,?,?( ?)?? = The conditional probability that there is a transition out of the substate (?,?,?) in the interval ??, when the system is in state ( ?,?,?,?,?). ??(? ?| ?)?? = The conditional probability that the component state transitions from ? to ? in the interval ?? explicitly due to random component failures when the physical state vector is ? and the defender and attacker take no new actions. ??(? ?|? ,? , ?)?? = The conditional probability that the component state transitions from ? to ? in the interval ?? when the defender and attacker take new actions ? and ? respectively at the physical state ?. ??,?,?(? ) = ??(? ?|? ) + ?(?,? ? ,? |? ) ??(? ?|? ,? ,? ) ? ? ? ,? ?,? ? The probability that the system evolves along the trajectory defined by ?? without leaving the substate ?,?,?between time ?0 and ?is? ?0 ???,?,?[??(?, ?(?0))]??

  12. Theory of Continuous Event Trees ?( ?,?,?,?,?) = the probability density of the overall system state( ?,?,?,?,?)at time ?. ? ?? ?? ?? = Unsafe region in state space ?? = Safe region in state space

  13. Theory of Continuous Event Trees The conditional probability density that the system is in state ( ?,?,?,?,?0) given the initial state ( ?0,?,?0,?0,?0), denoted by ?( ?,?,?,?,?0| ?0,?,?0,?0,?0) ?(? ,?,?,?,?0|? 0,?,?0,?0,?0) = ?(? ? 0) ??? ?(?0,?0),(?,?) If the overall system state is ( ?0,?,?,?,?0) initially, then the probability density that the system reaches the physical state ? at time ? while remaining in the substate (?,?,?) until time ? is given by the product ?[ ? ??(? ?0, ?0)] ? ?0 ???,?,?[??(?, ?0)]?? ?,?,?,?,? ?0,?,?,?,?0 time J. Devooght and C. Smidts, Probabilistic Reactor Dynamics I: The Theory of Continuous Event Trees, Nucl. Sci. Eng., vol. 111, no. 3, pp. 229 240, Jul. 1992, doi: 10.13182/NSE92-A23937.

  14. Continuous Event Trees Extended to Cyber-Attacks ? ?(? ,?,?,?,?) = ?(? ,?,?,?,0) ?[? ??(?,? )] ? ??,?,?[??(?,? )]?? ? ?? 0 ? + ?(? 0 ? ? ? ? ?|? ) ?(? ,?,?,?,?) ?[? ??(? ?,? )] ? ??,?,?[??(?,? )]?? ?? ?? ? ? + ?(? ,?,? ,? ,?) ?(? ,? ?,?|? ,?,?) ?(? 0 ? ? ? ,? ?,? ? ?|?,?,? ) ?[? ??(? ?,? )] ? ??,?,?[??(?,? )]?? ?? ?? ?

  15. Continuous Event Trees Extended to Cyber-Attacks ? ?(? ,?,?,?,0) ?[? ??(?,? )] ? ??,?,?[??(?,? )]?? ? ?? 0 This represents the probability density that the system is initially in the state ( ?,?,?,?,0), and reaches the physical state ? at time ? while remaining in the substate (?,?,?) until time ?, along the trajectory defined by ??. ?,?,?,?,? ?? ?,?,?,?,0 time

  16. Continuous Event Trees Extended to Cyber-Attacks ? ? ?(? ?|? ) ?(? ,?,?,?,?) ?[? ??(? ?,? )] ? ??,?,?[??(?,? )]?? 0 ? ? ? ?? ?? ? the system is in state ( ?,?,?,?,?) at some intermediate time ? between 0 and ?, the component state transitions from ? to ? due to a random event and not due to attacker and defender actions, at time ? after that the system evolves along the trajectory defined by ?? while remaining in the state (?,?,?) from time ? to ?, Eventually reaches the physical system state ? at time ?. ( ?,?,?,?,?) ( ?,?,?,?,?) ?,?,?,?,? ?? ? ?| ? ?? time ?

  17. Continuous Event Trees Extended to Cyber-Attacks ? ?(? ,?,? ,? ,?) ?(? ,? ?,?|? ,?,?) ?(? 0 ? ? ? ,? ?,? ? ?|?,?,? ) ?[? ??(? ?,? )] ? ??,?,?[??(?,? )]?? ?? ?? ? the system is in state ( ?,?,? ,? ,?) at some intermediate time ? between 0 and ?, the defender and the attacker take new actions (?,?) as a result of which the component state transitions from ? to ? after that the system evolves along the trajectory defined by ?? while remaining in the state (?,?,?) from time ? to ?, Eventually reaches the physical system state ? at time ?. ( ?,?,?,?,?) ( ?,?,?, ? ,?) ?,?,?,?,? ?? ?, ? d,a| ?,?,? ? ? ?,?, ? ?? time ?

  18. Continuous Event Trees 1 ?3 1 1 ?1 ?2 1 ?4 Trajectory 2 ?2 Trajectory 2 Initiating event 2 3 ?1 ?2 time 2 2 2 1 1 ?1 ?3 ?2 ?4 ?3 1 1 ?1 ?2 J. Devooght and C. Smidts, Probabilistic Reactor Dynamics I: The Theory of Continuous Event Trees, Nucl. Sci. Eng., vol. 111, no. 3, pp. 229 240, Jul. 1992, doi: 10.13182/NSE92-A23937.

  19. CETs and DDETs time ? ? ? If we discretize the timeline and explore all possible* transitions at every time- step, then CET converts into a discrete Dynamic Event Tree.

  20. Continuous Event Trees Extended to Cyber-Attacks Attacker Defender / Operator interaction between the attacker and the defender Modeled using Stochastic Games. Two players: attacker and defender. ?,{?,?}, ??,?? ,?, ??,?? ,? ? = ? ?is the set of system states. ? = {?1,?2,?3 }is the defender s action space and ? = {?1,?2,?3 }is the attacker s action space. ?? and ?? are the action policies of the defender and the attacker. ?:? ? ? ? [0,1] is the state transition probability mapping. ??:? ? ? ? is the reward function of the defender. ??:? ? ? ? is the attacker s reward function.

  21. Continuous Event Trees Extended to Cyber-Attacks Equation to calculate reward functions: ? ? ??(? ,?,?,?,?) = ??????? (? ,?,???????,?) + ?(? ?|?,?,? ) [??????????? ? ( ?,?) ] + ?(? ? ?|?,?,? ) ???????? ?(? ,?,?,?,?|? ,?,?,?,?) ?(?,? ? ? ? ,? ? ,? |? ,?,?) ??(? ,?,? ,? ,?)?? ??

  22. Continuous Event Trees Extended to Cyber-Attacks ? (? ,?,???????,?) ??????? 1 ( ?,?,?,?) is the cost incurred by the defender for taking the action ? at the physical system state ?, ??????? the component state ? and time ?. ??????? ( ?,?,?,?) is the cost incurred by the attacker for taking the action ? at the physical system state ?, the component state ? and time ?. 2 ? ?(? ?|?,?,? ) [??????????? ? ( ?,?) ] The expected immediate reward received by the player ? when there is a transition out of the component state ? due to the pair of actions (?,?). The term ??????????? ( ?,?) is the immediate reward received by the player ?, when the component state transitions from ? to ? due to the pair of actions (?,?), where ?(? ?|?,?, ?) is the probability of that transition. ?

  23. Continuous Event Trees Extended to Cyber-Attacks ?(? ?|?,?,? ) ? ???????? ?(? ,?,?,?,?|? ,?,?,?,?) ?(?,? ? ? ? ,? ? ,? |? ,?,?) ??(? ,?,? ,? ,?)?? ?? Recursive equation to compute rewards from future states. The term ??( ?,?,? ,? ,?) represents the reward received by the player ? at some future state ( ?,?,? ,? ,?) at time ? < ? < ????????, physical system state ? and component state ?, when the defender takes action ? and the attacker takes an action ? . The term ?(?,?,?,?,?| ?,?,?,?,?) represents theconditional probability density ofarriving at the system state (?,?,?,?,?) given that the initial state is ( ?,?,?,?,?).

  24. DPRA Simulation Architecture Post processing module Data for analysis DPRA Engine Possible attacker and defender actions 1. Sampled attacker and operator actions 2. Sampled component failures. Action model System physical state and component state information System model

  25. DPRA Engine DPRA Engine Component Failure Models of NPP Components Sampler sampled transition time, sampled state transition, and sampled actions. Updated failure rates and failure modes Data Collection module Scheduler System physical state and component state information. Possible attacker and defender actions Action model System model

  26. System Model Communication between control systems layer and data historians. Communication between HMI and operator in control room. Monitoring information from sensors to auxiliary operator Monitoring information from sensors Control commands from auxiliary operator to actuators Control commands to actuators Communication between HMI and data historians. Communication between HMI and control systems layer. Network data and sensor information (All colors) Communication layer between two subsystems

  27. Action Model DPRA Engine Observations from system Set of possible actions Action Model End of attack Procedure Model Game model Attack detected Undetected Attacker Model System Model

  28. Game Model Set of possible attacker and defender actions. Game model Game Spinoff DPRA Attacker Model Defender Model System state information

  29. Conclusions We formalized the continuous event trees framework in the context of cyber- attacks. We presented Chapman-Kolmogorov based equations to quantify the probability density that the system is in a given state at any point of time. We proposed a simulation architecture to implement the extended CETs for cybersecurity risk analysis.

  30. Acknowledgements This research is being performed using funding received from the DOE Office of Nuclear Energy's Nuclear Energy University Program. Thank You

Related


Types Cyber Attacks: Cyber Security Training Workshop

Types Cyber Attacks: Cyber Security Training Workshop

anara
Cyber Security Toolkit for Boards: Comprehensive Briefings and Key Questions

Cyber Security Toolkit for Boards: Comprehensive Briefings and Key Questions

adalwolf
Artificial Intelligence in Cyber Security: Enhancing Threat Detection and Response

Artificial Intelligence in Cyber Security: Enhancing Threat Detection and Response

annabelle
Top Cyber MSP Services in Dallas for Ultimate Security

Top Cyber MSP Services in Dallas for Ultimate Security

Black
Enhance Your Protection with MDR Cyber Security Services in Dallas

Enhance Your Protection with MDR Cyber Security Services in Dallas

Black
Guide to Cyber Essentials Plus and IASME Gold Certification

Guide to Cyber Essentials Plus and IASME Gold Certification

eros
Managing Covid-19 Cyber and Data Protection Risks

Managing Covid-19 Cyber and Data Protection Risks

kaisen
Cyber Security and Risks

Cyber Security and Risks

kathryn
Overview of Cyber Operations and Security Threats

Overview of Cyber Operations and Security Threats

joan
Cyber Threat Assessment and DBT Methodologies

Cyber Threat Assessment and DBT Methodologies

jgra
Cyber Insurance SIG Achievements and Plans

Cyber Insurance SIG Achievements and Plans

shol
Cyber Survivability Test & Evaluation Overview

Cyber Survivability Test & Evaluation Overview

gwe_pyb
Cyber Security: Trends, Challenges, and Solutions

Cyber Security: Trends, Challenges, and Solutions

clay_tor
Benefits of Probabilistic Static Analysis for Improving Program Analysis

Benefits of Probabilistic Static Analysis for Improving Program Analysis

elizahdo
Cyber Insurance Risk Transfer Alternatives

Cyber Insurance Risk Transfer Alternatives

bra_lig
Comparison of Traditional and Cyber Threat Assessment Methodologies

Comparison of Traditional and Cyber Threat Assessment Methodologies

pun_ffy
Assessing and Reinsuring Cyber Risks in Reinsurance Seminar

Assessing and Reinsuring Cyber Risks in Reinsurance Seminar

tajanaeva
Unsupervised Learning of Probabilistic Grammars

Unsupervised Learning of Probabilistic Grammars

shreehan
Overview of Cyber Crime and Prevention

Overview of Cyber Crime and Prevention

runa_821
Importance of Cyber Security in Protecting Data

Importance of Cyber Security in Protecting Data

yaen748
CAF Cyber Operations and Security: Defending Networks

CAF Cyber Operations and Security: Defending Networks

bernade
International Telecommunication Union Meeting Summary & Operational Plan 2021

International Telecommunication Union Meeting Summary & Operational Plan 2021

hannah_e

More Related Content