Toward a cyber-physical topology language: Applications to NERC CIP audit

Gabriel A. Weaver, Carmen Cheh, Edmond J. Rogers, William H. Sanders, Dennis Gammel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Our Cyber-Physical Topology Language (CPTL) provides a language that utilities can use to programmatically analyze current and future cyber-physical architectures. The motivation for our research emerged from the importance and limitations of several audit scenarios: account management, vulnerability assessment, and configuration management. Those scenarios occur in the context of the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) audits. The NERC CIP standards define security controls by which utilities must be audited. Although the standards were designed to make power control networks less vulnerable to cyber attack and to decrease the chance of outages, the audit process is manual and costly. In order to save utilities and auditors time and money, we used the limitations of those audit scenarios in formally specifying and implementing CPTL, which consists of both a representation of cyber-physical assets and operations upon that representation. First, CPTL uses graph theory to represent a network of cyber-physical assets; we currently implement this representation in GraphML. Second, CPTL defines operations upon that representation. In this paper, we introduce operators to process attributes by expanding and contracting components of a network, and implement these operations using the Boost Graph Library (BGL). In order to demonstrate the potential for CPTL to save auditors and utilities time and money, we provide a detailed example of how CPTL could help with vulnerability assessment and discuss additional applications beyond the audit scenarios mentioned above. We describe current approaches to those scenarios and argue that CPTL improves upon both the state-of-the-art and current practice. In fact, we intend CPTL to enable a broad range of new research on realistic cyber-physical architectures by giving utilities, auditors, managers, and researchers a common language with which to communicate and analyze those architectures.

Original languageEnglish (US)
Title of host publicationSEGS 2013 - Proceedings of the 2013 ACM Workshop on Smart Energy Grid Security, Co-located with CCS 2013
Pages93-104
Number of pages12
DOIs
StatePublished - Dec 9 2013
Event2013 1st ACM Workshop on Smart Energy Grid Security, SEGS 2013, Held in Conjunction with the 20th ACM Conference on Computer and Communications Security, CCS 2013 - Berlin, Germany
Duration: Nov 8 2013Nov 8 2013

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other2013 1st ACM Workshop on Smart Energy Grid Security, SEGS 2013, Held in Conjunction with the 20th ACM Conference on Computer and Communications Security, CCS 2013
CountryGermany
CityBerlin
Period11/8/1311/8/13

    Fingerprint

Keywords

  • NERC CIP
  • audit
  • graph theory

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Weaver, G. A., Cheh, C., Rogers, E. J., Sanders, W. H., & Gammel, D. (2013). Toward a cyber-physical topology language: Applications to NERC CIP audit. In SEGS 2013 - Proceedings of the 2013 ACM Workshop on Smart Energy Grid Security, Co-located with CCS 2013 (pp. 93-104). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2516930.2516934