| 3. |
- Hacks, Simon, 1988-, et al.
(författare)
-
A Multi-level Cyber-Security Reference Model in Support of Vulnerability Analysis
- 2022
-
Ingår i: Enterprise Design, Operations, and Computing. - Cham : Springer. - 9783031176036 - 9783031176043 ; , s. 19-35
-
Konferensbidrag (refereegranskat)abstract
- This paper reports on the second engineering cycle of a reference model for end-to-end cyber-security by design in the electricity sector. In our previous work, we proposed a reference model that relies on the integrated consideration of two fragmented, but complementary, reference models: NISTIR 7628 and powerLang. To align these reference models, we rely on multi-level modeling, specifically on the Flexible Meta Modeling and Execution Language (FMMLx), and integrated modeling and programming. Within this paper, we strengthen the bottom-up design of the reference model’s application by integrating a semi-automated threat analysis. This enables the identification of possible points of improvement in the actual architecture design, as well as a future analysis of business-level impact of different threats. To demonstrate our approach, we rely on the well-studied Ukraine scenario from 2016.
|
|
| 4. |
- Kinderen, Sybren de, et al.
(författare)
-
A Reference Model and a Dedicated Method in Support of Cyber-Security by Design: : Reality Check
- 2023
-
Ingår i: Proceedings of the 13th International Workshop on Enterprise Modeling and Information Systems Architectures (EMISA 2023). - : CEUR.
-
Konferensbidrag (refereegranskat)abstract
- The electricity sector increasingly intertwines IT and the physical grid, increasing the risk of cyberattacks on this critical infrastructure. Hitherto, we have developed a modeling method to supportcyber-security by design in the electricity sector by providing (1) a multi-level reference model, (2) asemi-automated security assessment, and (3) a dedicated process model. In this paper, we focus on fourchallenges identified based on interactions with domain experts, namely: (1) automated model creation;(2) accounting for changing security requirements; (3) multi-level model management; and (4) incentivesfor modelers. These challenges are relevant to our modeling method and overlap with challenges on thepractical uptake of modeling in general.
|
|
