Towards an automated and dynamic risk management response system

Gustavo Gonzalez-Granadillo; Ender Alvarez; Alexander Motzek; Matteo Merialdo; Joaquin Garcia-Alfaro; Hervé Debar

doi:10.1007/978-3-319-47560-8_3

Towards an automated and dynamic risk management response system

Gustavo Gonzalez-Granadillo
, Ender Alvarez
, Alexander Motzek
, Matteo Merialdo
, Joaquin Garcia-Alfaro
, Hervé Debar

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Achieving a fully automated and dynamic system in critical infrastructure scenarios is an open issue in ongoing research. Generally, decisions in SCADA systems require a manual intervention, that in most of the cases is performed by highly experienced operators. In this paper we propose a framework consisting of a proactive management software that aims at anticipating the occurrence of potential attacks. It conducts an initial evaluation of reported proactive evidences based on a quantitative metric of monetary return on response investment. The framework evaluates and selects mitigation actions from a pool of candidates, by ranking them in terms of financial and operational impacts. The purpose of this process is to select an optimal set of mitigation actions from financial and operational perspectives and propose them to reduce the risk of threats against the monitored system, without sacrificing an organization’s missions in favor of security. A real world case study of a SCADA environment shows the applicability of the model, from the analysis of the input data to the selection of the response plan.

Original language	English
Title of host publication	Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings
Editors	Juha Roning, Billy Bob Brumley
Publisher	Springer Verlag
Pages	37-53
Number of pages	17
ISBN (Print)	9783319475592
DOIs	https://doi.org/10.1007/978-3-319-47560-8_3
Publication status	Published - 1 Jan 2016
Externally published	Yes
Event	21st Nordic Conference on Secure IT Systems, NordSec 2016 - Oulu, Finland Duration: 2 Nov 2016 → 4 Nov 2016

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10014 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st Nordic Conference on Secure IT Systems, NordSec 2016
Country/Territory	Finland
City	Oulu
Period	2/11/16 → 4/11/16

Keywords

Automatic response
Critical infrastructures
Dynamic response system
Operational impact
RORI

Access to Document

10.1007/978-3-319-47560-8_3

Cite this

Gonzalez-Granadillo, G., Alvarez, E., Motzek, A., Merialdo, M., Garcia-Alfaro, J., & Debar, H. (2016). Towards an automated and dynamic risk management response system. In J. Roning, & B. B. Brumley (Eds.), Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings (pp. 37-53). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10014 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-47560-8_3

Gonzalez-Granadillo, Gustavo ; Alvarez, Ender ; Motzek, Alexander et al. / Towards an automated and dynamic risk management response system. Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings. editor / Juha Roning ; Billy Bob Brumley. Springer Verlag, 2016. pp. 37-53 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5ebcccb7f87849c3b9f88e1241bcc44a,

title = "Towards an automated and dynamic risk management response system",

abstract = "Achieving a fully automated and dynamic system in critical infrastructure scenarios is an open issue in ongoing research. Generally, decisions in SCADA systems require a manual intervention, that in most of the cases is performed by highly experienced operators. In this paper we propose a framework consisting of a proactive management software that aims at anticipating the occurrence of potential attacks. It conducts an initial evaluation of reported proactive evidences based on a quantitative metric of monetary return on response investment. The framework evaluates and selects mitigation actions from a pool of candidates, by ranking them in terms of financial and operational impacts. The purpose of this process is to select an optimal set of mitigation actions from financial and operational perspectives and propose them to reduce the risk of threats against the monitored system, without sacrificing an organization{\textquoteright}s missions in favor of security. A real world case study of a SCADA environment shows the applicability of the model, from the analysis of the input data to the selection of the response plan.",

keywords = "Automatic response, Critical infrastructures, Dynamic response system, Operational impact, RORI",

author = "Gustavo Gonzalez-Granadillo and Ender Alvarez and Alexander Motzek and Matteo Merialdo and Joaquin Garcia-Alfaro and Herv{\'e} Debar",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG 2016.; 21st Nordic Conference on Secure IT Systems, NordSec 2016 ; Conference date: 02-11-2016 Through 04-11-2016",

year = "2016",

month = jan,

day = "1",

doi = "10.1007/978-3-319-47560-8\_3",

language = "English",

isbn = "9783319475592",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "37--53",

editor = "Juha Roning and Brumley, \{Billy Bob\}",

booktitle = "Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings",

}

Gonzalez-Granadillo, G, Alvarez, E, Motzek, A, Merialdo, M, Garcia-Alfaro, J & Debar, H 2016, Towards an automated and dynamic risk management response system. in J Roning & BB Brumley (eds), Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10014 LNCS, Springer Verlag, pp. 37-53, 21st Nordic Conference on Secure IT Systems, NordSec 2016, Oulu, Finland, 2/11/16. https://doi.org/10.1007/978-3-319-47560-8_3

Towards an automated and dynamic risk management response system. / Gonzalez-Granadillo, Gustavo; Alvarez, Ender; Motzek, Alexander et al.
Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings. ed. / Juha Roning; Billy Bob Brumley. Springer Verlag, 2016. p. 37-53 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10014 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Towards an automated and dynamic risk management response system

AU - Gonzalez-Granadillo, Gustavo

AU - Alvarez, Ender

AU - Motzek, Alexander

AU - Merialdo, Matteo

AU - Garcia-Alfaro, Joaquin

AU - Debar, Hervé

N1 - Publisher Copyright: © Springer International Publishing AG 2016.

PY - 2016/1/1

Y1 - 2016/1/1

N2 - Achieving a fully automated and dynamic system in critical infrastructure scenarios is an open issue in ongoing research. Generally, decisions in SCADA systems require a manual intervention, that in most of the cases is performed by highly experienced operators. In this paper we propose a framework consisting of a proactive management software that aims at anticipating the occurrence of potential attacks. It conducts an initial evaluation of reported proactive evidences based on a quantitative metric of monetary return on response investment. The framework evaluates and selects mitigation actions from a pool of candidates, by ranking them in terms of financial and operational impacts. The purpose of this process is to select an optimal set of mitigation actions from financial and operational perspectives and propose them to reduce the risk of threats against the monitored system, without sacrificing an organization’s missions in favor of security. A real world case study of a SCADA environment shows the applicability of the model, from the analysis of the input data to the selection of the response plan.

AB - Achieving a fully automated and dynamic system in critical infrastructure scenarios is an open issue in ongoing research. Generally, decisions in SCADA systems require a manual intervention, that in most of the cases is performed by highly experienced operators. In this paper we propose a framework consisting of a proactive management software that aims at anticipating the occurrence of potential attacks. It conducts an initial evaluation of reported proactive evidences based on a quantitative metric of monetary return on response investment. The framework evaluates and selects mitigation actions from a pool of candidates, by ranking them in terms of financial and operational impacts. The purpose of this process is to select an optimal set of mitigation actions from financial and operational perspectives and propose them to reduce the risk of threats against the monitored system, without sacrificing an organization’s missions in favor of security. A real world case study of a SCADA environment shows the applicability of the model, from the analysis of the input data to the selection of the response plan.

KW - Automatic response

KW - Critical infrastructures

KW - Dynamic response system

KW - Operational impact

KW - RORI

U2 - 10.1007/978-3-319-47560-8_3

DO - 10.1007/978-3-319-47560-8_3

M3 - Conference contribution

AN - SCOPUS:84994486597

SN - 9783319475592

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 37

EP - 53

BT - Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings

A2 - Roning, Juha

A2 - Brumley, Billy Bob

PB - Springer Verlag

T2 - 21st Nordic Conference on Secure IT Systems, NordSec 2016

Y2 - 2 November 2016 through 4 November 2016

ER -

Gonzalez-Granadillo G, Alvarez E, Motzek A, Merialdo M, Garcia-Alfaro J, Debar H. Towards an automated and dynamic risk management response system. In Roning J, Brumley BB, editors, Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings. Springer Verlag. 2016. p. 37-53. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-47560-8_3

Towards an automated and dynamic risk management response system

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this