What is it about?
A semi-automated approach named FMECA-ATT&CK is proposed for accessing the cyber risks in a variety of cyber-physical systems. Data encoded in the ATT&CK framework and inferences from a given system model enable comprehensive, biased-reduced component-level risk assessments and mitigation measures to be delivered with fewer efforts and reduced time.
Featured Image
Photo by RoonZ nl on Unsplash
Why is it important?
The cyber risk assessment process is iterative, time-consuming, and relies heavily on expert judgment. To support the continuity and comprehensiveness of such a process, FMECA-ATT&CK is proposed.
Perspectives
FMECA-ATT&CK is the start of a research direction that aims to integrate the comprehensive system and threat modeling into several risk management processes across the system development lifecycle. Its domain-agnostic nature and comprehensive threat model extended from a live threat information source (ATT&CK) allows it to be an adaptable, extendable, and up-to-date model-based risk assessment tool.
Ahmed Amro
Norwegian University of Science and Technology
Read the Original
This page is a summary of: Assessing Cyber Risk in Cyber-Physical Systems Using the ATT&CK Framework, ACM Transactions on Privacy and Security, March 2023, ACM (Association for Computing Machinery),
DOI: 10.1145/3571733.
You can read the full text:
Contributors
The following have contributed to this page
