The Impact of Network Design Interventions on the Security of Interdependent Systems (2302.05411v1)

Abstract: We study the problem of defending a Cyber-Physical System (CPS) consisting of interdependent components with heterogeneous sensitivity to investments. In addition to the optimal allocation of limited security resources, we analyze the impact of an orthogonal set of defense strategies in the form of network design interventions in the CPS to protect it against the attacker. We first propose an algorithm to simplify the CPS attack graph to an equivalent form which reduces the computational requirements for characterizing the defender's optimal security investments. We then evaluate four types of design interventions in the network in the form of adding nodes in the attack graph, interpreted as introducing additional safeguards, introducing structural redundancies, introducing functional redundancies, and introducing new functionalities. We identify scenarios in which interventions that strengthen internal components of the CPS may be more beneficial than traditional approaches such as perimeter defense. We showcase our proposed approach in two practical use cases: a remote attack on an industrial CPS and a remote attack on an automotive system. We highlight how our results closely match recommendations made by security organizations and discuss the implications of our findings for CPS design.