George Mason University Information Technology Cyber Security Threat Discussion

User Generated

tejyivp

Humanities

George Mason University

Description

Please see attachment, read instruction page discipline project instruction, i have included article PDF file cyber security, which need to re write, for more info read instruction page. someone else here wrote this before but didnt follow the instruction and did write good.

Unformatted Attachment Preview

future internet Article Cyber Security Threat Modeling for Supply Chain Organizational Environments Abel Yeboah-Ofori and Shareeful Islam * School of Architecture Computing & Engineering, University of East London, London E16 2RD, UK; u0118547@uel.ac.uk * Correspondence: shareeful@uel.ac.uk; Tel.: +44-208-223-7273 Received: 26 December 2018; Accepted: 21 February 2019; Published: 5 March 2019   Abstract: Cyber security in a supply chain (SC) provides an organization the secure network facilities to meet its overall business objectives. The integration of technologies has improved business processes, increased production speed, and reduced distribution costs. However, the increased interdependencies among various supply chain stakeholders have brought many challenges including lack of third party audit mechanisms and cascading cyber threats. This has led to attacks such as the manipulation of the design specifications, alterations, and manipulation during distribution. The aim of this paper is to investigate and understand supply chain threats. In particular, the paper contributes towards modeling and analyzing CSC attacks and cyber threat reporting among supply chain stakeholders. We consider concepts such as goal, actor, attack, TTP, and threat actor relevant to the supply chain, threat model, and requirements domain, and modeled the attack using the widely known STIX threat model. The proposed model was analyzed using a running example of a smart grid case study and an algorithm to model the attack. A discrete probability method for calculating the conditional probabilities was used to determine the attack propagation and cascading effects, and the results showed that our approach effectively analyzed the threats. We have recommended a list of CSC controls to improve the overall security of the studied organization. Keywords: cyber supply chain; cyber security; attack modeling; smart grid; threat intelligence; threat actor 1. Introduction A supply chain (SC) is a collection of different organizations that align their business processes, goals, objectives, and some components of their systems to third party organizations, suppliers, consumers and partners [1,2]. Cyber physical systems (CPS) are the integration of computation and physical process that make a complete system, such as physical components, network systems, embedded computers, software, and the linking together of devices and sensors for information sharing [3]. The emergence of CPS, electronic transactions, third party vendors, and banking services have evolved over time and brought many changes to how the organizations and industries operate. CPS supply chains have also brought many challenges, such as lack of specific organizational threat intelligence gatherings, failure to audit third party vendors, lack of security controls, and lack of (cyber supply chain CSC )risk management. Cyber attacks could impact other supply chain partner systems due to many reasons such as software errors, vulnerabilities in any SC partner [4]. Examples include the Saudi Aramco electric-grid cyber attack in 2017, and the Ukraine power grid attack in 2015 [5]. These indicate that supply chain attacks are on the rise and require an attack model and threat analysis to gather threat intelligence [6]. There are existing attack models, such as MITRE’s kill chain model [6] that describe the actions an adversary could take to compromise and operate within an organization’s overall communication network. Attack trees [7] provide a formal and methodical way of describing Future Internet 2019, 11, 63; doi:10.3390/fi11030063 www.mdpi.com/journal/futureinternet Future Internet 2019, 11, 63 2 of 25 the security of systems based on varying attacks. They use multilevel children within the attack tree, with a single root node that uses different ways to achieve its goal using leaf nodes and Building Security in Maturity Model (BSIMM) [8]. These works are important and contribute to the cyber threat modeling knowledge domain. However, there is a limited focus on supply chain perspective, and specifically on threats relating to inbound and outbound chain contexts that need adequate analyses to ensure CSC security. The main contributions of this paper are threefold. Firstly, we modeled and analyzed the cyber threats of supply chains organizational context. We integrated concepts from threat intelligence, such as threat, attack vector, TTP, and control, with concepts from the goal modeling languages, including actor, goal, and requirement, and from supply chain context including inbound and outbound. Secondly, we considered widely used industry practices such as the internet security control [9] and STIX threat model [10] to analyze the threats in the supply chain context. Finally, we used a running example from a smart grid system to analyze the proposed approach and demonstrate the applicability of the work. The results showed that we had identified probable CSC threats, risks, and attacks, such as penetration and manipulation that could impact the studied organizational goal. We ascertained the CSC attack vector, and modeled attack patterns and gathered threat intelligence that provided an understanding of adversaries’ motives, capabilities, actions, and intent. We have recommended security controls to mitigate the CSC threats. The rest of the paper is structured as follows: Section 2 presents an overview of related works in the CSC security environment and the existing threat models, while Section 3 considers the need for CSC threat modeling and presents the concepts for a proposed meta-model as well as a threat modeling process and attack algorithms. Section 4 present the analytical and predictive research approach used to implement the threat modeling theorem and evaluates it by following a running example of a case study to model CSC attacks. Section 5 provides a discussion of the several observations identified in the study. Finally, Section 6 presents a conclusion of the study and proposes future works. 2. Related Work This section provides an overview of the related works on CSC security and smart grid attacks. Supply chain security in CPS smart grid domains is widely integrated with other organizations and requires extensive research. 2.1. CSC Security Environment Supply chain security are mechanisms that are put in place to control, manage, and enhance the supply chain system to ensure business continuity, protect products, and provide information assurance. Forty-six cybersecurity attack incidents were reported in the energy sector in 2015, most of which targeted the IT systems of utilities and vendors [11,12]. Woods and Bochman (2018) provides an investigation of the operational practices of CSC and risk across the energy, electricity, gas, and nuclear sectors [4]. The research focused on energy sector flaws due to software vulnerabilities such as counterfeit, maliciously tainted, or unintentionally tainted software components that were built into products during design or implementation phase. Here, the components are authorized, authentic, and have passed validation. Wand and Lu (2013) presented a compressive survey of cybersecurity issues for smart grids [13]. The authors specifically focused on reviewing and discussing security requirements, network vulnerabilities and attack countermeasures, secure communications protocols, and architectures in the smart grid. Sun et al. (2018) proposed a state of the art survey for the most relevant cyber security studies in power systems [14]. The authors reviewed cyber security test beds for research that demonstrated cyber security risks and constructed solutions to enhance the security of smart grid technologies and industry practices and standards. However, the study did not review CSC from a vendor perspective. Hymayed et al. (2017) identified smart grid vulnerabilities in TCP/IP communication protocols due to protocol mis-configuration [3]. The authors’ supply chain risk encompassed IT and Operational Technology (OT) suppliers and buyers as well as non-IT and Future Internet 2019, 11, 63 3 of 25 non-OT partners. However, auditing from inbound and outbound supply chains was not discussed from a specific organizational context. 2.2. Threat Modeling MITRE’s Adversary Attack, Techniques & Common Knowledge (ATT&CK) is an adversary model and framework for describing the actions an adversary could take to compromise and operate within an organizations network. MITRE’s Cyber Attack Lifecycle consists of seven phases, namely: recon, weaponize, deliver, exploit, control, execute, and maintain. MITRE’s 11 tactic categories within ATT&CK for organizations were derived from the latter stages of exploit, control, execute, and maintain [6]. Common Attack Pattern Enumeration and Classification (CAPEC) is a comprehensive dictionary and classification taxonomy of known attacks that could be used by analysts, developers, testers, and educators to advance community understanding and enhance defense. CAPEC ID438, ID439, and ID3000 [15] list three key vulnerable spots through which adversaries can exploit CSC, and these include modification during manufacturing, manipulations during distributions, and various domain attacks. Within these are various compromises that could be initiated using malware or SQL injection attacks. Common Weakness Enumeration (CWE) (2014) provides a mechanism for prioritizing software weaknesses in a consistent, flexible, and open manner. CWE identifies weaknesses that are exploitable in software, which the attacker can make function in a way that was never intended. The approach allows an organization to prioritize the CWEs most relevant to the organization’s business mission, goals, and objectives [12]. Structured Threat Information eXpression (STIX) uses adversary Tactics, Techniques, and Procedures (TTP), cyber attack campaign, incidents, courses of action, exploitation targets, threat actors, and other methods to provide a common mechanism for adding structured cyber threat intelligence information across a range of use cases for improving consistency, efficiency, interoperability, and overall situational awareness [10]. The OWASP Top 10 Most Critical Web Application Security Risks identifies the various web application security weakness, attacks, threat agent, attack vectors, and impacts on organizations [16]. An integrated cyber security risk management approach considering all aspects of critical infrastructure including vulnerabilities and attack scenarios is proposed by [17]. The Diamond model is an intrusion analyses model that describes how an adversary attacks a victim based on two key motivations. The model consists of four components, namely: adversary, infrastructure, capability, and victim. It has associated features, such as timestamp, phases, results, directions, methodology, and resources. In the event of an attack, the model uses the timestamp to identify the phases [18]. Gai et al. (2017) proposed a maximum attack strategy method of spoofing and jamming on the cognitive radio network, using optimal power distribution in wireless smart grid networks. The method was effective for causing the DoS attack on radio frequencies [19]. The authors further proposed a novel homomorphism encryption approach to tackle both insider and outsider threats that can fully support blended arithmetic operations over cipher texts [20]. A dynamic privacy protection model was proposed by [21] to address threats relating to wireless communication. The aim of the model was to ensure data privacy within a scale of communication without using conventional encryption methods. The Attack graph—or graph tree—are conceptual diagrams used to analyze how a target can be attacked. The tree-like structure has multilevel children with a single root used to detect vulnerabilities in the network for analyzing an effective defense [22]. 3. Threat Modeling for Supply Chain Contexts This section presents the concepts for the proposed approach. Our work contributes towards identifying and analyzing cyber threats for the CSC domain. 3.1. The Need for Cyber Supply Chain Threat Modeling Modeling cyber attacks in an SC environment is a proactive way of creating an understanding and awareness of an adversary’s modes of operations and TTPs. Supply chain security ensures Future Internet 2019, 11, 63 4 of 25 business continuity for an organization as it is able to channel its business activities, such as processes, information, people, and resources of the products and services, to external suppliers, distributors, and individual customers. Increased interdependencies have brought about CSC threats, risks, attacks, and vulnerabilities that adversaries could exploit. Therefore, modeling and analyzing these threats can provide secure protection for a controlled supply chain system. The following are factors that are influencing supply chain threats: • • • • Evolution of the cyber supply chain threat landscape; Integration of supply chain stakeholders on the cyber threat model; Inability to determine cascading threat impacts on inbound and outbound supply chains; Evolving threat landscapes affecting the supply chain organisation context 3.2. Conceptual View As stated previously, we considered concepts from the supply chain, threat modeling, and goal modeling domains. These concepts and their properties provided us with an in-depth understanding of the threat actor’s intent, motives, and methods, which was needed to model attacks, analyze, and derive threat intelligence. Goal: A goal represents the strategic aim of an organization. Goals are realized by different factors based on organizational objectives and business processes. Yu (1995) posits that a goal represents a condition in the world that an actor would like to achieve [2]. To achieve a goal, an organization must identify the various actors that will ensure the goal is attained or aborted. We considered both organizational and security goals. An organizational goal is the objectives carried out to meet the overall organizational strategy and vision, while security goals are control systems put in place to prevent threats, risks, attacks, and compromises. Security goals emphasize more of the threat actor’s goal, in which the aim is to attack or abort the main organizational goal. The security goal is to ensure confidentiality, integrity, and availability for the overall supply chain systems, and its surrounding context [17]. Actor: An actor describes an entity that has goals and intentions within the system or within the organizational setting [2,23]. The actors are the employees, suppliers, and distributors, as well as those with the potential to cause a threat to the supply chain system (which could be different from the threat actor). Legitimate actors or system users are categorized as organization employees, or users with permission to access or use the supply chain system. Actors can be recognized either by their password, process, identity, or privileges. Suppliers are the various organizations on the supply chain system, including distributors, third party vendors, and suppliers. A threat actor (adversary or attacker) is characterized as a malicious actor representing a cyber attack threat, with presumed intent and historically observed behavior [10]. For this study, we defined a threat actor as an entity that can breach or compromise the supply chain system, such as a person, user account, or process. Threat actors can be categorized as either intentional or unintentional, and internal or external. The threat actor is linked to the attack, vulnerability, and TTP in a many-to-many relationship. We identified threat actors through their capabilities, such as their intent, type of password used, observed patterns, behavior, history, and motives. Vulnerability: vulnerabilities are flaws or weakness that can be exploited by a threat actor or a threat agent. In an SC system, a vulnerable can be identified from various sources, including the software, network, website, user, process, application, and configuration, or from a third party vendor. The adversary could insert a hard-coded password as the default administrative setup into the COTS software and that could be a vulnerability when it is not changed after purchase. Attack: An attack is any deliberate action or assault on the supply chain system with intent to compromise its processes, procedures, and delivery of electronic products, information flows, and services. A supply chain compromise attack is the manipulation of product delivery mechanisms prior Future Internet 2019, 11, 63 5 of 25 to receipt by a final consumer [15]. Attack properties include type, pattern, perquisites, and vectors. Attack pattern is an abstract mechanism for describing how a type of observed attack is executed [24]. Tactics, Techniques, and Procedures (TTP) is a representation of the behavior or modes of operations of the adversary or threat actor [10]. TTP leverages specific adversary capabilities, behaviors, and exploits it can use on victims. TTP could be used to gather cyber threat information about the attack pattern, resources deployed, and exploits exhibited. TTP is relevant for identifying threat actors, campaigns to provide CSC threat intelligence on adversary’s motives, intended effects, and impact on an organization. For instance: • • • Tactics describe how threat actors operate during the various attack campaigns. This includes how the adversary carries out reconnaissance for initial intelligence gathering, how the information is gathered, and how the initial compromises were conducted. For instance, tactics may be to send a spear phishing email to a group on the supply chain. Techniques are the strategies used by the adversary to facilitate the initial compromises such as tools, skills, and capabilities deployed. This includes how the adversary establishes control, maneuvers within the supply chain system infrastructures, and exfiltrates data, as well as how to obfuscate through the system. The adversary conceals the email contents in such a way that is not obvious to detect. Procedures are the set of tactics and techniques put together to perform an attack. Procedures may vary depending on the threat actor goal, purpose, and nature of the attack. A procedure includes carrying out reconnaissance on the victim’s systems to identify vulnerable spots, gather information, access rights, and control mechanisms to determine what could be exploited. Inbound and outbound supply threats: The inbound and outbound supply chains are the organizational systems that integrate with third party companies, suppliers, and distributors to achieve the organizational goal [24]. The inbound suppliers include the external organization and third party vendors who have remote access to the CSC system and who provide electric power transmission [25,26]. The threat actor could penetrate the inbound supplier’s system and manipulate data, or alter the organizations that provide the electronic products and payment services. The third party vendors purchase the electric power directly and resell it to the consumer. The outbound supply chain environment is the organization that provides distributed electric power to other organizations, individuals, and third party vendors. The threat actor could initiate malware or SQL injection attacks during distribution, causing a misconfiguration of the supply chain system. CSC requirement: Requirements are the constraints and expectations needed to ensure that the system supports the stakeholders and business needs. The requirement concept includes properties such as organizational requirements, business requirements, systems requirements, user requirements, and operational requirements [10,23]. The organizational requirements contain concepts that specify the overall organizational environment and how the software will integrate with the security constraints to achieve the goal. Risks: Risk is the potential negative impact from an attack. The probabilities of attacks being initiated from the vendor systems are high, as they represent a single point of failure. Supply chain risk is the potential for an adversary to sabotage the supply chain, maliciously introduce unwanted functions, or subvert the design, product, or integrity of the system [17,27]. CSC risk can be categorized as IT, non-IT, management, or government. IT risks are technical and operational, while non-IT risks represent organizations, products and services, environmental factors, and natural disasters. Supply chain risks are cascading risks, as an attack on one party may affect others as the organizations that are involved in the integration and process chains also increase [28]. Controls: Controls are security strategies and measures that are formulated and implemented to ensure that the organizational goal and objectives are achieved, and that risks are mitigated with minimal threat or no threat at all. CSC security controls are managerial, operational, and technical safeguards or countermeasures employed within an organizational information system to protect Future Internet 2019, 11, 63 6 of 25 the confidentiality, integrity, and availability of the systems and their information [29]. Due to the invincible nature of cyber attacks, the organization should establish a collaborative mechanism with all stakeholders on the supply chain to protect and secure the supply chain systems. Cyber incident reports: Incident report systems provide CSC attack victims the platform to report Future Internet 2019, 11, x FOR PEER REVIEW 6 of 24 attacks and threats that have occurred, including their impact and the degree of severity. The purpose is purpose to gatherisand analyze threat information that can assist and stakeholders to achieveto to gather and analyze threat information that organizations can assist organizations and stakeholders their security goals. Properties for cyber incident reports include type, date, source, and impact. achieve their security goals. Properties for cyber incident reports include type, date, source, and They could serve as notification platforms and disseminators of threat information for training and impact. They could serve as notification platforms and disseminators of threat information for awareness among third party collaborators, developers, anddevelopers, security experts. training and awareness among third partysoftware collaborators, software and security experts. Threat information sharing: Cyber threat information sharing is Threat information sharing: Cyber threat information sharing isa aplatform platformthat thatprovides providesthe the information necessary to assist an organization in identifying, assessing, monitoring, and responding information necessary to assist an organization in identifying, assessing, monitoring, and toresponding cyber threats There are [30]. rulesThere that govern andthat protect information sharing, such as information to[30]. cyber threats are rules govern and protect information sharing, such sensitivity and privacy, sharing designations, and tracking procedures [30,31]. as information sensitivity and privacy, sharing designations, and tracking procedures [30,31]. The concepts their relationships. Themeta-model meta-modelshown shownininFigure Figure1 1depicts depictsthe the conceptsand and their relationships.AAthreat threatactor actor may want to attack the system and exploit vulnerable spots using TTP methods to manipulate the CSC may want to attack the system and exploit vulnerable spots using TTP methods to manipulate the system. CSC requirements are used to ensure the security goal, and constraints are achieved to meet CSC system. CSC requirements are used to ensure the security goal, and constraints are achieved to the organizational goal. The attack entity entity is linked to the to threat actor, actor, TTP, risks, and threat, as theas meet the organizational goal. The attack is linked the threat TTP, risks, and threat, properties determine the nature of attacks and probable threats. The CSC requirements, risk, controls, the properties determine the nature of attacks and probable threats. The CSC requirements, risk, and cyber incident report couldreport have an effect on the goal as well asgoal the inbound and controls, and cyber incident could have an organizational effect on the organizational as well as the outbound supply chains. This interrelationship provides evidence of the degree of threat or cascading inbound and outbound supply chains. This interrelationship provides evidence of the degree of effect of or how a particular risk the CSC. The likelihood ofCSC. an attack becoming aofprobable threat cascading effect of could how aimpact particular risk could impact the The likelihood an attack threat is determined by the threat intelligence gathered. becoming a probable threat is determined by the threat intelligence gathered. CSC Requirements Goal Actor 1* 1* Organizational 1* Goal Security Goal • Has • User • • Suppliers Internal Access Right • • • • • • External Org Vendor 1* Cause 1* 1* exploits Type 1* Pattern Prerequisite Vector 1* Vulnerability 1* 1* Expose Risk 1* Support • • • • Type Probability Likelihood Impact 1* Support 1* Cyber Incident Report 1* 1* 1* Inbound Supplier 1* 1* exploits 1* Violates 1* Threat 1* 1* 1* Organization Business User System Operational inform Has 1* • • • • • 1* Use 1* • • • 1* • 1* Exploits Tactics Techniques Procedures Attack 1* Uses 1* 1* Pose Capability Motive Intents Resource TTP • • • 1* Threat Actor Supports • Information 1* inform • Sharing 1* • • • Control 1* Inform Type Date 1* Threat Actor Resource Impact • • • • • Directive Preventive Detective Corrective Recovery 1* Outbound Supplier Protects Figure 1. The meta-model. 3.3. Threat Modeling Process Figure 1. The meta-model. 3.3.The Threat Modelingprocess Processinvolves a systematic approach to identify the organization’s supply chain underlying system, internal infrastructures, business processes, attack context, and relevant controls. The process The underlying process involves a systematic approach to identify the organization’s supply consists of four main phases, as shown in Figure 2. chain system, internal infrastructures, business processes, attack context, and relevant controls. The process consists of four main phases, as shown in Figure 2. Phase 1: Determining organization objectives The aim of this phase is to identify the overall organizational CSC environment including goals and requirements. It includes three activities which are briefly mention below: • Activity 1: Identifying the organizational supply chain environment This activity identifies CSC systems and the external organization, suppliers, distributors, and third party vendors on the inbound and outbound supply chains. The purpose is to identify the vendor’s software, hardware, and network design process and policies. This • Activity 2. Define the approach to achieving the goal This activity identifies necessary actions required to achieve the organizational goals. The organizational goal is to provide safe and reliable service to consumers, while the security Future Internet 11,ensure 63 7 of 25 goal2019, is to that the supply chain system is secure, reliable, for the overall to achieve business continuity and information assurance. • Phase 1 Determining Organ ization Objectives • • Threat Modelling Process Phase 2 Phase 3 Attack Process Attack Probability and Cascading Effects • • • • Reconnaissance Experiment Exploit Command & Control • Cyber Supply Chain Attack Malware Threat Propagation How Virus Cascade Randomly Spear Phishing Email Attack • • • Phase 4 Phase 5 Threat Modelling Controls Id entifying Organizational Supply Chain Environment Define approach to achieving goal Captu re the CSC Requirements • • • • • • Observable Indicator Campaign Th reat Acto r TTP Exploit • • • • • Directive Preventive Directive Corrective Recovery Assist in deciding the overall organizational CSC system Assist to understand how threat actor deploys attacks on CSC and TTPs Assist to understand threat propagation methods and Impact Supports Implementation in line with Standards and Policies Supports CSC Implementation in line with Standards and Policies Figure Figure 2. 2. CSC CSC threat threat modeling modeling process. process. • Activity Capture theorganization CSC requirements Phase 1: 3. Determining objectives This activity involves capturing thethe overall requirement on environment the inbound including and outbound The aim of this phase is to identify overallCSC organizational CSC goals supply chains to Itensure thethree security goalwhich and are constraints. The requirements ensure proper and requirements. includes activities briefly mention below: integration and interfacing with vendors. Here, the systems development life cycle (SDLC) concepts • used Activity 1: Identifying the organizational supply chain environment This activity identifies CSC are to capture the requirements. systems and the external Phase 2. Attack Process organization, suppliers, distributors, and third party vendors on the inbound andprocess outbound supply the chains. The purpose is to identify the the vendor’s software, hardware, The attack identifies activities of a threat actor and TTP used to deploy the and network andactivities policies.asThis informs strategicmay management whether the attack. The phase design involvesprocess complex all the stakeholders have different system organizational goals are achievable, repeatable, and measurable. components, requirements, processes, and infrastructures. The attack pattern may be determined • Activity Define the approach achieving the goal necessary actions based on each2.stakeholder’s businesstogoal, objectives, andThis the activity size of identifies the business. The activities required to achieve the organizational goals. The organizational goal is to provide safe and reliable include: service to1.consumers, while the security goal is to ensure that the supply chain system is secure, Activity Attack Steps reliable, for the overall achieve business continuity and system, information In this phase the threattoactor explores the organizational and assurance. the supply inbound and • Activity 3. Capture CSC requirements involves capturing the overall CSC outbound chains, as shownthe in Figure 3. The attackThis stepsactivity are as follows: requirement on the inbound and outbound supply chains to ensure the security goal and Step 1. Reconnaissance: The adversary carries out research online and uses other social constraints. The requirements ensure proper integration and interfacing with vendors. Here, the engineering methods to gather information such as: systems development life cycle (SDLC) concepts are used to capture the requirements. • What infrastructure is the organization using: topology, IPs, software, or configurations; Phase 2. Attack Process • Profile of the organization, business applications, third party vendors, and other The attack process identifies the activities of a threat actor and the TTP used to deploy the attack. organizations; The phase involves complex activities as all the stakeholders may have different system components, • Is the supply chain a corporate and public network system (e.g., virtual private network requirements, processes, and infrastructures. The attack pattern may be determined based on each VPN); stakeholder’s business goal, objectives, and the size of the business. The activities include: Activity 1. Attack Steps In this phase the threat actor explores the organizational system, and the supply inbound and outbound chains, as shown in Figure 3. The attack steps are as follows: attack goal. The threat actor penetrates the workstations of the internal users, gains access into the system resources and the supply chain environment, and manipulates the organization's products. Step 4. Command and control: The adversary uses remote access and Advance Persistent Threat (APT) techniques to establish control of the CSC system, at which point they are able to Future Internet 2019, 11, 63 of 25 monitor business processes and activities, and to manipulate the system, exfiltrate information,8and obfuscate. Threat Actor Step 1 Carries out Reconnaissance Reconnaissance Gather Information Step 2 Rootkit/RAT Experiment Step 3 Organization Spear Phishing Network Infrastruture Application Processes Supply Chain Attack Remote Access Trojn / SQL Injection Server Spear Phishing / Redirect Script Attack Webserver Manipulate Manipulate Products Manipulate Step 4 Command & Control Command & Control Figure 3. Adversary attack steps. Step 1. Reconnaissance: The adversary carries out research online and uses other social engineering methods to gather information such as: • • • • What infrastructure is the organization using: topology, IPs, software, or configurations; Profile of the organization, business applications, third party vendors, and other organizations; Is the supply chain a corporate and public network system (e.g., virtual private network VPN); What type of attack can be initiated (e.g., malware, redirect script, injection, and phishing)? For instance, the adversary could use passive attack tools such as Nmap or Kali Linux. Step 2. Experiment: The adversary uses various attack methods (TTP) and tools to penetrate and gain control of the victim’s systems to try and explore vulnerable spots. For instance: • • The adversary creates an executable malware remotely; The adversary inserts a remote access Trojan (RAT), and the malware is installed and executed when a user downloads or opens it through a spear phishing email. Future Internet 2019, 11, 63 9 of 25 Step 3. Exploit: At this stage, the threat actor gains control of the systems and determines the attack goal. The threat actor penetrates the workstations of the internal users, gains access into the system resources and the supply chain environment, and manipulates the organization’s products. Step 4. Command and control: The adversary uses remote access and Advance Persistent Threat (APT) techniques to establish control of the CSC system, at which point they are able to monitor business processes and activities, and to manipulate the system, exfiltrate information, and obfuscate. Phase 3. Attack probability and cascading effects The probability of a cyber attack on a CSC can be initiated in many ways. A threat actor requires full control of a compromised system in order to be able to remotely control malware propagation. Activity 1. Cyber supply chain attack propagation Cyber attack propagation changes as the supply chain application processes and operational technologies change. Therefore, it could prove difficult to use any purely quantitative method to formulate attack scenarios at this moment. Since the scenarios are specific to an organizational context, we considered subjective judgments to determine the estimated probability of a successful supply chain attack by using different attack scenarios. The variables that influenced the probability of a malware propagation attack were as follows: • • • Penetration: We assumed that the threat actor could penetrate the vulnerable spots on the inbound and outbound chain in all the scenarios. Manipulation: This stage is where the threat actor gains access into the supply chain system and can manipulate data. Threat actor motives and intents were determined by the manipulation. Severity of attack: The severity of an attack is determined by the extent to which a threat has propagated to the supply chain system. The severity of the attack and the cascading effect are used to determine the the required controls to mitigate the attacks. We categorized the attacks as low, medium, or high in all the scenarios we considered, as there were penetrations available to the threat actor that corresponded to the level of propagation on the targeted supply chain system. We considered Common Vulnerability Scoring System (CVSS) [32] concepts to determine the severity of attacks as low, medium or high malware propagation. The level of penetration and the severity of the attack determines the probability of a successful random distribution. The propagation was determined using a discrete probability scale of 0–100%. The degree of severity of each manipulation was calculated in percentages as low (≤15%), medium (16 to 59%), or high (above 60%). Let, P: Penetration M: Manipulation Pa : Probability of attack AT: Number of attacks S: Scenario n: total numbers of scenarios Si : attack frequency Pg: level of propagation Sa: severity of attack or impact level Pacc = (access/scenario) P(scenario) = 1/n, where n: number of scenarios. ai = P(access/scenario), where i: index We determined the level of penetration and the extent of manipulation by the percentage score used (Table 5). The formulae for calculating the conditional probabilities were as follows: n Pacc = ∑P i =1 a s ! . P ( Si ) (1) Future Internet 2019, 11, 63 10 of 25 Table 5 provide a list of attacks on the vulnerable spots that attackers can penetrate, the extent of manipulation and the percentage of each attack probability. Thus, we calculated the estimated expected value for the probability of attack success as: 1 n Pacc = n ∑ ai (2) i =1 The goal of the threat actor is twofold: penetration and manipulation. We assumed there were 8 vulnerable spots and 10 targeted devices (AT1–AT10) on the CSC system (Figure 4). The threat actor’s motive is to acquire a higher level return value by penetrating the command center workstation, and to maintain command and control using advanced persistent threat methods. Our objective was to determine the likelihood of an attack, its level of propagation and the cascading effects. Inputs contained a group of scenarios. We simulated attack scenarios using propagation methods. The initialization worked by repeatedly scanning input probabilities to determine the most and least values, then put them together to fill the vulnerability column. Inputs consisted of the following parameters: For each attack manner using a level of propagation Pg of Si, we considered penetration (P) and the attack (AT) to determine the propagation. The output results will produce a cascading effect on the CSC systems. For further clarification, we used concepts from [19] for the penetration and manipulation attacks. Table 5 illustrates the method and a recursive formula to create the cascading effects. Future Internet 2019, 11, x FOR PEER REVIEW 16 of 24 Organizational Office Command Center Workstation Tier 1 SCADA Network SCADA Servers P6 AT2 Modem Switchboard SCADA Servers Wifi AT3 IED Server IED Firewall Communication Network Threat Actor 4 Sub Station Threat Actor 2 P5 Router Firewall WAN Modem AT4 IED IED Workstation AT5 P3 IED AT10 Tier 2 P2 CSC Vendors Systems IED AT6 IED External Organizations Third Party Vendors AT1 Remote Access Router P1 Threat Actor 1 Switchboard Router Modem Employees Tier 3 AT7 CMS Server workstation AT8 Laptop Firewall Threat Actor 3 HEMS Printer P4 Work station Modem workstation Wifi Workstation AT9 Handheld Device Figure Figure4.4.Structure Structureof ofsmart smartgrid gridCSC CSCand andpotential potentialsecurity securitythreats. threats. Activity1.2.Determine Malware threat propagation Activity attacks on the CSC InThreat a software compromised attack, we identified the from attackan was through manipulation A Actor may be an internal employer orwhether may come external source. Several during distribution or during manufacturing. used TTP to malware attacks can be initiated on the CSC by the We threat actor. Asdetermine indicatedthe in actual figuresources 4, (P) of represents and whetherand the(AT) course of the attack on the organization CSC was initiated through malware installed Penetration represents Attack. or a malware-executed program. Malware installed virus is one way that malicious code can be Tier 1: smart grid integrates with SCADA system servers and uses a switchboard to establish WAN inserted into the computer. communication with the IED units. Tier 2: uses IEDs to connect with AMI and demand response applications. Tier 3: uses LAN to integrate with the CMS and uses the IED to communicate. The threat actor uses various attack vectors to gather knowledge about the smart grid system topology, configurations, protocols, and operational parameters. Table 3 represents a breakdown of how the threat actors penetrate the systems. We use: • • • Penetration (P) to represent how the adversary attacks the system (P1–P6); Attack (AT) to represent the devices that were under attack (AT1–AT10); Steps (ST) to represent the steps the threat actor followed to attack (ST1–ST4). Future Internet 2019, 11, 63 11 of 25 Algorithm 1 Cascading Effect Algorithm Input: Propagation Attack Scenarios Output: Penetration Effects Initialization 1. 2. 3. Multiply each probability Pa by n. Create array Scenarios and Probability, each of size n For m = 1 to n − 1: 1. 2. 3. 4. 5. 6. 4. 5. 6. Find the probability P satisfying Pacc ≤ 1 Find a probability P (with i 6= s) satisfying Pacc ≥ 1 Set Probability [i] = Pi Set Scenario [i] = Si Remove P from list of initial probabilities Set Pa = Pa – (1 – pi ) Let i be the last probability remaining, which must have a weighted Sa + 1. Set Probability [i] = 1. If, else /“Cascading Effect”/ 1: Pa 1 do 3: for P * Pa * Si do 4: Si do 5: if AT = Pa *P+M*Si = >1 then 6: Pg + S1 = Sa 7: end if 8: end for 9: applying algorithm 1 10: end for Return Table (Contains the attack methods) for M in 11: End for 12: Generation 1. 2. 3. 4. Generate a scenario from an n-sided attack; call the side i. Propagate attack that comes up with a probability P[i]. If the scenario comes up “P” return i. Otherwise, return scenario [i]. Pseudocode Start, 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. Multiply each probability by the number of scenarios Create array of scenarios and probability, for each of the number of scenarios For manipulation equals 1 to number of scenarios equal 1: Find the probability P satisfying access divided the scenario that is less or equal 1. Find the probability P (with index less or equal to scenario) satisfying access divided scenario that is more or equal 1 Set probability index Set scenario to index Set probability of attack to equal minus 1. /”Remove probability from list of initial probabilities”/ Let index be the last with weighted index severity of attack or impact level. If else /”Cascading Effects”/ Let Probability of attack (Pa) be more than attack frequency (Si ) For attack frequency, if index is more than 1, do (indicate) Multiply the number of penetration P, probability of attack and attack frequency For manipulation in number of attack frequency, do (indicate) If the number of attacks is equal to probability of attacks, multiplied by penetration, plus manipulation, times attack frequency, are greater than 1? Then calculate Level of propagation and attack frequency is equal to severity of attack or impact level End Future Internet 2019, 11, 63 12 of 25 Activity 3. Probability distribution and manipulation for random attacks The probability of penetrating a web server on a supply chain system can be very challenging. The TTP that the threat actor deploys is basically to create a real message that prevents the spam filters from detecting it and that could generate wrong probabilities. The probability formula for malware executable emails using spear phishing is: P= Psc (1 − r − ) v (3) Let: P: probability Ps : probability of a malware spear phishing penetrating the mail server C: the number of clicks on the malware r − : the average detection rate of an antivirus program installed on third party vendor system 1 − r − : probability of the malware avoiding detection V: total number of views of a malicious message We used Scenario 3 in Section 5 to calculate the probability distribution. Phase 4. Threat modeling using STIX In this phase, we used the STIX visualization (STIXviz) tool to model the attack process. The STIX tool uses eight constructs such as adversary attack, cyber attack campaign, incidents, exploit targets, threat actors and TTP to generate a structured cyber threat model [14]. However, for our model, we adopted some of the constructs to model the activities, such as observable, indicators, campaign, threat actor, and TTP, to describe the interrelations and actions an attack may take to penetrate and manipulate the CSC system. Activity 1. Observable: These are the base constructs that are used to determine the measurable events pertinent to the operations of computers and the network. [7] These includes technical and non-technical. We identified all the CSC infrastructures as listed in Phase 1: Activity 1. These included the network systems, Supervisory Control and Data Acquisition (SCADA), Remote Terminal Unit (RTU), Communication devices, and many more. Activity 2. Indicators: Indicators are parameters that express the nature of the attack and whether it is imminent, in progress, or has already occurred [24]. We used CSC threat activities, adversary behaviors, risky events, or state of the incident to determine what could serve as an indicator. Activity 3. Campaign: The campaign explains the instances of the threat actor pursuing intent, as observed through sets of incidents and TTP. The intended effect of the threat actor penetrating a supply chain and manipulating the distribution and delivery channels could be a malware attack that is being delivered through spear phishing, or rootkit installation attack, as explained in Phase 3. Activity 4. Threat Actor: The threat actor construct identifies the attacker based on the campaign activities. Threat Actors are characterized as malicious actors representing a threat including presumed intent and historically observed behaviors [31]. Activity 5. TTP: TTPs consist of the specific threat actor behaviors exhibited in an attack. The campaign, indicators, and threat actor activities determine the TTP that are deployed on the supply chain system as explained in activity 2, 3 and 4. TTP leverages on resources such as tools, capabilities, and personnel to penetrate and manipulate system. Activity 6. Exploit target: Exploit targets are the vulnerable spots on the supply chain infrastructures such as software, network system, or configurations that are targets for exploitation by the TTP of a threat actor. Phase 5. Controls: To incorporate controls into a supply chain system, we used knowledge of actual attacks that have occurred in the past. To ensure proper security controls, the organization must form a strategic team to identify, investigate, review, and evaluate the supply chain system processes and applications. We identified the following controls: Future Internet 2019, 11, 63 • • • • • 13 of 25 Directive controls are more strategic, where risks are identified and assigned to specific inbound and outbound supply chain requirements. Preventive controls are policies implemented on associated risk probabilities that are intended to preclude actions violating policy or increasing third party risk. This includes supply chain risk assessments and audits. Detective controls use attack indicators to identify practices, processes, and tools that identify and possibly react to security violations. These include firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS) configurations. Corrective controls involve measures such as courses of actions and CSC risk management designed to react to detections of an incident in order to reduce or eliminate the opportunity for the unwanted event to recur. Recovery controls are mechanisms put in place to restore a system to its original state once an incident has occurred and resulted in compromising integrity or availability. These include countermeasures, backups, segmentation, and incidence response strategy. 4. Evaluation In this section, we follow a running example of a smart grid case study to model CSC attacks that are able to determine the applicability of the threat model empirically. We confirmed the viability of the resources, the questionnaires used to generate the study context, and the methods used to gather the data. We investigated the case study and analyze the data gathered to determine the results. 4.1. Data Gathering For the study, we adopted the analytical and predictive research approach to implement and evaluate the approach. The rationale for the adoption of analytical research is to look for causal relationships amongst the data we collected and attempt to measure them using probability distribution methods. Then, based on qualitative and quantitative analysis, the predictive method was applied to determine whether a specific phenomenon was likely to appear in a similar situation [33]. Considering the invincible nature of cyber attacks and the cascading effects that the attacks could have on a CSC system, we adopt both qualitative and quantitative approaches in our research methods. Both primary and secondary data were collected. We had meetings and discussions with senior management about the purpose and scope of the study, then we had a follow-up meeting and interviews with middle managers who had expertise inside and outside of the organization under study. Data from the secondary source were collected from the organization’s websites and other online resources. 4.2. Running Example of a Case Study The Electricity Corporation of Ghana (ECG) distributes electric power to the southern part of Ghana. ECG provides electricity to about 3.1 million domestic and business customers. ECG core business processes include distribution, setting up a new connection, network operations, maintenance, metering, and billing. It ensures the electric power chain distribution of Ghana with over 70% market share and the largest power distributor in Ghana [34]. ECG is responsible for the distribution of power in the six administrative southern regions in Ghana. The ECG organizational goal is to provide safe and reliable high-quality electric service to consumers in the regions by improving system reliability, improving customer service delivery, reducing system losses, improving operational efficiency, and improving organizational culture. The ECG distribution network system infrastructure must be able to accommodate new connections and support the distribution of electric power to homes, businesses, and third party companies. Recently, the government introduced a rural electrification program requiring the ECG to include new connections. However, the ECG had difficulty meeting the fast developing customer base, the increasing demand on its network operations, maintenance, metering, Future Internet 2019, 11, 63 14 of 25 and billing systems. It became imperative that ECG deploy a system to speed up fault identification and restoration, cyber security, reliability, and tolerance. 4.3. Smart Grid Electric Power Infrastructure To meet the challenges above, the ECG recently commissioned and installed an all-automated SCADA system that was required for the modification of its existing network. The electricity distribution network infrastructure uses mesh topologies and SCADA systems as the main infrastructure supporting the CPS smart grid system. 4.3.1. Application Infrastructures and Core Business Systems The application infrastructures and the network communications system provide business operation, processes, communication protocols, and support the distributed control systems (DCS) and SCADA system. The third party vendor uses Microsoft operating system software and a browser that connects their systems to the ECG server remotely using public service IPs for the prepaid services. The ECG’s core business is electric power distribution, and the organizational network infrastructure and business systems are categorized in Table 1. Table 1. Electricity Corporation of Ghana (ECG) core businesses systems. Network Infrastructure Application Systems People/User Controls Smart Grid Architecture Mesh Topology Content Management System/CRM HEMS Mobile Devices/Advanced Metering Integration Prepaid Postpaid System Staff Suppliers Security/Audit Best Practices & Guidelines Vendors ISO 27001-2 ISMS SCADA Systems UHF Radio Sub Station Distributors Policies 4.3.2. Electric Power Distribution Challenges The ECG electric distribution system has suffered lots of setbacks over the past decade, including voltage surges, software errors, and network interruptions. These challenges are some of the factors that have led to the introduction of prepaid meters or smart meters in Ghana. Prepaid metering or smart metering is the means of paying for electricity before its consumption. However, this has also introduced software errors into the system in recent times, such as prepaid card errors and prepaid meter tampering. 4.3.3. The ECG Supply Chain Organizational Environment There are seven public institutions involved in the Ghana power sector [33], as well as about two public–private sectors. There are third party organizations contracted by the ECG that supply the digital meters the vending machines. The prepaid system operates via a public–private partnership that is all integrated into the supply chain. 4.4. Study Goal The goal of this paper is to investigate and understand the cyber security threat in the SC environment of the study context. In particular, we aim to model threats, and to analyze the threats and the associated risks and cascading effects. The hypothesis below will determine the extent of the compromises. Hypothesis 1: To what extent, can the threat actor penetrate the ECG CSC system on the inbound and outbound supply chains? Hypothesis 2: To what extent can the threat actor manipulate the data on the supply chain system and the delivery mechanisms? Future Internet 2019, 11, 63 15 of 25 4.5. The Process We used the processes and conceptual approaches in Table 2 to support our study. Table 2. Mapping the case study with the meta-model concept. Concepts Properties Descriptions Goal Organizational goal Distribute electric power to customers Generate utility bills, Receive payments Provide vendors remote access to CSC Secure systems Actors Security goal Users Suppliers Threat actor Requirements Organizational requirement, Supply Chain System user categories, ID, stakeholders, description, acceptance criteria Inbound Employees: internal and external Suppliers Distributors A person, user account, or processes that can be identified by the intent, motives, and capabilities of an attacker Specify high level organizational environment overall and integrate with the security constraints to achieve the organizational goal Organizations Financial institutions Third party vendors Individual consumers Services providers Outbound Organizations Stakeholders Power transmission company Sub-stations Vulnerability Router, firewall, wifi Remote services: remote login, remote command execution Dynamic, host configuration protocol, (DHCP) server logs Attack Attack goal Attack pattern Attack prerequisites Attack vectors TTPs Threat Indicators CSC Source and destination, Timestamp, Domain name, TCP/UDP port number, media, MAC address IP Address Compromise system of: Malware, spyware, injection Information on vulnerabilities Mechanisms to deploy attack Tactic, Technique, & Procedure Determines vulnerabilities, flaws, and loopholes that can be exploited by a threat actor or a threat agent Specific observable patterns SCS threat activities Adversary behaviors Risky events State of an incident Phase 1. Attacks on ECG smart grid infrastructure We consider a smart grid communication path and security application using concepts from the IEC 61850 Smart Grid Interoperability Guide [35] and NIST Smart Grid Interoperability Standards [36] with its three-tiered hierarchical structure interconnected with intelligent electronic devices (IED). Tier 1 covers the transmission and distributions domains, using high-bandwidth communication media such as WiMAX and Fiber on a wireless area network (WAN). The IED monitors and control the electric power transmission to the distribution system using the pharos monitoring unit (PMU) for measuring instantaneous bus voltage, line current, and frequency. The command center integrates with the SCADA system servers and uses a switchboard to establish communication with the IED units [13]. Tier 2 provides a gateway for the Wireless Area Network (WAN) technologies and communication Future Internet 2019, 11, 63 16 of 25 utilities to have access to the customers’ premises for the advanced meter infrastructure (AMI) and demand response applications. It uses a collection of Intelligence Electronic Devices (IED) units to collect the various Phasor Measuring Units (PMUs). Tier 3 integrates the local area network with the customer management systems (CMS) and uses the IED to communicate with the smart meter, which aggregates sensor information from various home appliance devices. We present the attack modeling concepts and steps in Figure 4. Activity 1. Determine attacks on the CSC A Threat Actor may be an internal employer or may come from an external source. Several attacks can be initiated on the CSC by the threat actor. As indicated in Figure 4, (P) represents Penetration and (AT) represents Attack. Tier 1: smart grid integrates with SCADA system servers and uses a switchboard to establish WAN communication with the IED units. Tier 2: uses IEDs to connect with AMI and demand response applications. Tier 3: uses LAN to integrate with the CMS and uses the IED to communicate. The threat actor uses various attack vectors to gather knowledge about the smart grid system topology, configurations, protocols, and operational parameters. Table 3 represents a breakdown of how the threat actors penetrate the systems. We use: • • • Penetration (P) to represent how the adversary attacks the system (P1–P6); Attack (AT) to represent the devices that were under attack (AT1–AT10); Steps (ST) to represent the steps the threat actor followed to attack (ST1–ST4). Table 3. Smart grid SCS and potential security threats. Attack Vector Type External Penetrating Internal Attacking Devices under cyber attack CSC System Target Position Steps CSC WAN/firewall CSC vendor remote access IED-supported communication Workstation, CMS, HEMS Command center firewall Organizational LAN firewall Command center SCADA Firewall CSC vendors IEDs CMS HEMS Handheld devices Vendor devices P1 P2 ST1 ST2 P3 ST3 P4 P5 ST4 ST4 AT4 ST4 P6 AT1–AT4 AT5 AT6 AT7 AT8 AT9 AT 10 Activity 2: Determine attack vectors Here we discuss the attack vectors from Table 3, and follow the attack step in Section 4, to explain the attack vectors using the case study. • • • • • • P1. Threat actor penetrates the system from a remote source through the firewall refer Step 1. P2. Threat actor gains remote access through Vendor Systems refer Step 2. P3. Threat actor exploits the IED that supports the communication systems refer Step 3. P4. Threat actor manipulates the workstations, server, and handheld devices refer Step 4. P5. Threat actor penetrates the command center firewall refer Step 4. P6. Threat actor gains access into the command center and takes controls of the SCADA servers, manipulating, exfiltrating, and obfuscating. Future Internet 2019, 11, 63 • 17 of 25 AT1. The internal threat actor uses social engineering, ID theft, and administrative privileges to gain access through the LAN firewall to manipulate the system refer Step 4. Activity 3: Detect devices under cyber attack • • • • AT1–AT4. Indicates that the firewall devices affected are under cyber attack. AT5. CSC vendor systems are under attack. AT6. IEDs are under attacks. AT7. CMS server is under attack. AT8. No funding body have any role in the design of the study; in the collection, analyses, or interpretation of data; in the writing of the manuscript, or in the decision to publish the results”. • • • (HEMS) server is under attack. AT9. Handheld devices are under attack. A10. Vendor devices are under attack. Phase 2: Attack scenarios An attack scenario is used to determine the vulnerable spots and where penetrations occurred between the variables, as listed in Table 4. Table 4. Probability and threat indicators. Scenario Vulnerable Spots Penetration Manipulation% Probability Threat Indicators 1 2 3 4 5 6 7 8 Firewall IDS/IPS Vendor Network IP Database Software Website Y Y Y Y Y Y Y Y 70 60 80 40 55 75 75 90 High High High Medium Medium High High High Wrong Firewall Configuration Audit Sub-netting Segmentation Sanitizations Reprogram SSL/TLS Scenario 1. Remote attack on the CSC system The organization security team found that an adversary had intruded in the CSC system. The threat actor had compromised the workstation of the CMS that interfaced with suppliers, distributors, and third party vendors. The organization’s electronic products had been altered for some time. The CMS generated inaccurate customer electricity consumptions, which compromised the amount the customers were paying for their utility bills, their online payments, and third party vendor systems. The organization used two types of payment systems, the prepaid system and postpaid system, that were all integrated into the CMS and HEMS. Using the formula for calculating conditional probabilities and Activity 1 and Table 4, we determined the vulnerable spots, the severities of manipulation in percentages, and threat indicators. Scenario 2: Spear phishing email attack A spear phishing email was sent to the organizational web server and it was noticed that the malware had infected 200 staff email addresses, with 160 that had their data corrupted, 27 that were detected by the spam filter, and 205 that were not detected. The number of users that clicked on the attachment was 220. The number of clicks on the malware attached message divided by the total number of viewers of that message represents the probability of opening the infected email. Following the formula in Phase 3 Activity 3, we used discrete probability to calculate the probability of emails that were infected on the supply chain as follows: P= PsC (1 − r − ) v Future Internet 2019, 11, 63 18 of 25 Results: P = Ps∗C(1−r− )/v Pa = 200∗(220−27)/205 Therefore, P = 188.29 (the probability of an opened and infected email) Activity 4. Probability theorem Probability (P) is the likelihood that an attack or event will happen. For the study, we identified 10 types of attacks that could be initiated on the supply chain system. These attacks were spyware, ransomware, RAT, spear phishing, SQL injection, XSS, DoS, redirect script, cross site request forgery, session hijacking, and hard-coded passwords. To pick an attack such as malware or SQL injection from a scenario of 10 attacks where spyware, ransomware, RAT, and spear phishing attacks were all classified as malware was 1/10. For a scenario where the second attack is conditional on the first (e.g., manipulation is dependent on penetration), we used the formula: P(A or B) = P(A) + P(B) − P(A and B) P(A + B) = P(A) ∗ P(B/A) Where {B/A is ‘B given A’} Bayesian Probability Theorem We used Bayes’ theorem to explain the dependent probability. Bayes’ theorem could be used calculate the probability that manipulation would occur and cause a cascading effect on the supply chain based on some pieces of evidence that were present. For a scenario where the second attack is conditional on the first, (manipulation is dependent on penetration) we determined that if, for instance, an organization had 370 manipulations out of 796 penetrations within a given period in a supply chain environment, then in simple terms the probability is 370/796 = 0.046 (
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: CYBER SECURITY THREAT

Cyber Security Threat
Student’s Name
Institutional Affiliation

1

CYBER SECURITY THREAT

2
Cyber Security Threat

The Cyber-physical system (CPS) refers to the integration of calculation. A physical
cycle makes a full-frame more comprehensive: physical segments, network frameworks,
implanted PCs, programming, and the connecting of gadgets and sensors for data sharing. The
rise of CPS, electronic exchanges, outsider sellers, and banking administrations have developed
after some time and carried numerous progressions to how the associations and ventures work.
CPS gracefully chains have also brought multiple difficulties. For example, the absence of
explicit authoritative danger knowledge social events, inability to review outsider merchants,
lack of security controls, and absence of ...

Related Tags