Towards an Automated and Dynamic Risk Management Response System

Ender Alvarez, Alexander Motzek, Matteo Merialdo, Gustavo Gonzalez-Granadillo, Joaquin Garcia-Alfaro, Hervé Debar

Abstract

Achieving a fully automated and dynamic system in critical infrastructure scenarios is an open issue in ongoing research. Generally, decisions in SCADA systems require a manual intervention, that in most of the cases is performed by highly experienced operators. In this paper we propose a framework consisting of a proactive management software that aims at anticipating the occurrence of potential attacks. It conducts an initial evaluation of reported proactive evidences based on a quantitative metric of monetary return on response investment. The framework evaluates and selects mitigation actions from a pool of candidates, by ranking them in terms of financial and operational impacts. The purpose of this process is to select an optimal set of mitigation actions from financial and operational perspectives and propose them to reduce the risk of threats against the monitored system, without sacrificing an organization's missions in favor of security. A real world case study of a SCADA environment shows the applicability of the model, from the analysis of the input data to the selection of the response plan.
Original languageEnglish
Title of host publicationSecure IT Systems
EditorsBilly Bob Brumley, Juha Röning
Number of pages17
Volume10014
Place of PublicationCham
PublisherSpringer International Publishing
Publication date09.10.2016
Pages37-53
ISBN (Print)978-3-319-47559-2
ISBN (Electronic)978-3-319-47560-8
DOIs
Publication statusPublished - 09.10.2016
Event21st Nordic Conference on Secure IT Systems - Oulu, Finland
Duration: 02.11.201604.11.2016
Conference number: 185849

Fingerprint

Dive into the research topics of 'Towards an Automated and Dynamic Risk Management Response System'. Together they form a unique fingerprint.

Cite this