Cyber-attack path discovery in a dynamic supply chain maritime risk management system

Nikolaos Polatidis, Michalis Pavlidis, Haralambos Mouratidis
2018 Computer Standards & Interfaces  
Maritime port infrastructures rely on the use of information systems for collaboration, while a vital part of collaborating is to provide protection to these systems. Attack graph analysis and risk assessment provide information that can be used to protect the assets of a network from cyber-attacks. Furthermore, attack graphs provide functionality that can be used to identify vulnerabilities in a network and how these can be exploited by potential attackers. Existing attack graph generation
more » ... ods are inadequate in satisfying certain requirements necessary in a dynamic supply chain risk management environment, since they do not consider variables that assist in exploring specific network parts that satisfy certain criteria, such as the entry and target points, the propagation length and the location and capability of the potential attacker. In this paper, we present a cyber-attack path discovery method that is used as a component of a maritime risk management system. The method uses constraints and Depth-first search to effectively generate attack graphs that the administrator is interested in. To support our method and to show its effectiveness we have evaluated it using real data from a maritime supply chain. (N. Polatidis), M.Pavlidis@Brighton.ac.uk (M. Pavlidis), H.Mouratidis@Brighton.ac.uk (H. Mouratidis). network aspects such as entry and target points, propagation length and the location and capability of a potential attacker. In this direction, we developed, a risk management system, called MITIGATE 1 , for the dynamic nature of supply maritime chain IT infrastructure. To perform rigorous risk assessments in MITIGATE, it is necessary to identify potential cyber-attacks by constructing the attack graph and performing analysis to identify attack paths [1,2] . In the context of risk management, attack path discovery is important to perform risk assessments and mitigations [2,3] . Attack path discovery is important to identify the attack paths that potential attackers might follow to exploit a network. By identifying the necessary paths, the mitigation of potential threats become more effective. Problem definition and contributions In the maritime supply chain management, it is necessary to perform risk assessments at regular intervals to identify the possibility of cyberattacks that might occur in the future. Attack path discovery methods, 1 The acronym MITIGATE stands for Multidimensional, integrated, risk assessment framework and dynamic, collaborative Risk Management tools for critical information infrastructures and is a collaborative research project co-funded by the European Commissions under its biggest Research and Innovation program Horizon 2020. http://dx.
doi:10.1016/j.csi.2017.09.006 fatcat:wi7hzvxpr5eb5ee2pfgugckxvm