Toward a cyber-physical topology language: Applications to NERC CIP audit

Gabriel A. Weaver; Carmen Cheh; Edmond J. Rogers; William H. Sanders; Dennis Gammel

doi:10.1145/2516930.2516934

Toward a cyber-physical topology language: Applications to NERC CIP audit

Gabriel A. Weaver, Carmen Cheh, Edmond J. Rogers, William H. Sanders, Dennis Gammel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Our Cyber-Physical Topology Language (CPTL) provides a language that utilities can use to programmatically analyze current and future cyber-physical architectures. The motivation for our research emerged from the importance and limitations of several audit scenarios: account management, vulnerability assessment, and configuration management. Those scenarios occur in the context of the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) audits. The NERC CIP standards define security controls by which utilities must be audited. Although the standards were designed to make power control networks less vulnerable to cyber attack and to decrease the chance of outages, the audit process is manual and costly. In order to save utilities and auditors time and money, we used the limitations of those audit scenarios in formally specifying and implementing CPTL, which consists of both a representation of cyber-physical assets and operations upon that representation. First, CPTL uses graph theory to represent a network of cyber-physical assets; we currently implement this representation in GraphML. Second, CPTL defines operations upon that representation. In this paper, we introduce operators to process attributes by expanding and contracting components of a network, and implement these operations using the Boost Graph Library (BGL). In order to demonstrate the potential for CPTL to save auditors and utilities time and money, we provide a detailed example of how CPTL could help with vulnerability assessment and discuss additional applications beyond the audit scenarios mentioned above. We describe current approaches to those scenarios and argue that CPTL improves upon both the state-of-the-art and current practice. In fact, we intend CPTL to enable a broad range of new research on realistic cyber-physical architectures by giving utilities, auditors, managers, and researchers a common language with which to communicate and analyze those architectures.

Original language	English (US)
Title of host publication	SEGS 2013 - Proceedings of the 2013 ACM Workshop on Smart Energy Grid Security, Co-located with CCS 2013
Pages	93-104
Number of pages	12
DOIs	https://doi.org/10.1145/2516930.2516934
State	Published - Dec 9 2013
Event	2013 1st ACM Workshop on Smart Energy Grid Security, SEGS 2013, Held in Conjunction with the 20th ACM Conference on Computer and Communications Security, CCS 2013 - Berlin, Germany Duration: Nov 8 2013 → Nov 8 2013

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Other

Other	2013 1st ACM Workshop on Smart Energy Grid Security, SEGS 2013, Held in Conjunction with the 20th ACM Conference on Computer and Communications Security, CCS 2013
Country	Germany
City	Berlin
Period	11/8/13 → 11/8/13

Fingerprint

Keywords

NERC CIP
audit
graph theory

ASJC Scopus subject areas

Software
Computer Networks and Communications

Cite this

Weaver, G. A., Cheh, C., Rogers, E. J., Sanders, W. H., & Gammel, D. (2013). Toward a cyber-physical topology language: Applications to NERC CIP audit. In SEGS 2013 - Proceedings of the 2013 ACM Workshop on Smart Energy Grid Security, Co-located with CCS 2013 (pp. 93-104). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2516930.2516934

Toward a cyber-physical topology language : Applications to NERC CIP audit. / Weaver, Gabriel A.; Cheh, Carmen; Rogers, Edmond J.; Sanders, William H.; Gammel, Dennis.

SEGS 2013 - Proceedings of the 2013 ACM Workshop on Smart Energy Grid Security, Co-located with CCS 2013. 2013. p. 93-104 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Weaver, GA, Cheh, C, Rogers, EJ, Sanders, WH & Gammel, D 2013, Toward a cyber-physical topology language: Applications to NERC CIP audit. in SEGS 2013 - Proceedings of the 2013 ACM Workshop on Smart Energy Grid Security, Co-located with CCS 2013. Proceedings of the ACM Conference on Computer and Communications Security, pp. 93-104, 2013 1st ACM Workshop on Smart Energy Grid Security, SEGS 2013, Held in Conjunction with the 20th ACM Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 11/8/13. https://doi.org/10.1145/2516930.2516934

Weaver, Gabriel A. ; Cheh, Carmen ; Rogers, Edmond J. ; Sanders, William H. ; Gammel, Dennis. / Toward a cyber-physical topology language : Applications to NERC CIP audit. SEGS 2013 - Proceedings of the 2013 ACM Workshop on Smart Energy Grid Security, Co-located with CCS 2013. 2013. pp. 93-104 (Proceedings of the ACM Conference on Computer and Communications Security).

@inproceedings{35869e8b9a08401c9a3b88cd0c6ec88a,

title = "Toward a cyber-physical topology language: Applications to NERC CIP audit",

abstract = "Our Cyber-Physical Topology Language (CPTL) provides a language that utilities can use to programmatically analyze current and future cyber-physical architectures. The motivation for our research emerged from the importance and limitations of several audit scenarios: account management, vulnerability assessment, and configuration management. Those scenarios occur in the context of the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) audits. The NERC CIP standards define security controls by which utilities must be audited. Although the standards were designed to make power control networks less vulnerable to cyber attack and to decrease the chance of outages, the audit process is manual and costly. In order to save utilities and auditors time and money, we used the limitations of those audit scenarios in formally specifying and implementing CPTL, which consists of both a representation of cyber-physical assets and operations upon that representation. First, CPTL uses graph theory to represent a network of cyber-physical assets; we currently implement this representation in GraphML. Second, CPTL defines operations upon that representation. In this paper, we introduce operators to process attributes by expanding and contracting components of a network, and implement these operations using the Boost Graph Library (BGL). In order to demonstrate the potential for CPTL to save auditors and utilities time and money, we provide a detailed example of how CPTL could help with vulnerability assessment and discuss additional applications beyond the audit scenarios mentioned above. We describe current approaches to those scenarios and argue that CPTL improves upon both the state-of-the-art and current practice. In fact, we intend CPTL to enable a broad range of new research on realistic cyber-physical architectures by giving utilities, auditors, managers, and researchers a common language with which to communicate and analyze those architectures.",

keywords = "NERC CIP, audit, graph theory",

author = "Weaver, {Gabriel A.} and Carmen Cheh and Rogers, {Edmond J.} and Sanders, {William H.} and Dennis Gammel",

year = "2013",

month = dec

day = "9",

doi = "10.1145/2516930.2516934",

language = "English (US)",

isbn = "9781450324922",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "93--104",

booktitle = "SEGS 2013 - Proceedings of the 2013 ACM Workshop on Smart Energy Grid Security, Co-located with CCS 2013",

note = "2013 1st ACM Workshop on Smart Energy Grid Security, SEGS 2013, Held in Conjunction with the 20th ACM Conference on Computer and Communications Security, CCS 2013 ; Conference date: 08-11-2013 Through 08-11-2013",

}

TY - GEN

T1 - Toward a cyber-physical topology language

T2 - 2013 1st ACM Workshop on Smart Energy Grid Security, SEGS 2013, Held in Conjunction with the 20th ACM Conference on Computer and Communications Security, CCS 2013

AU - Weaver, Gabriel A.

AU - Cheh, Carmen

AU - Rogers, Edmond J.

AU - Sanders, William H.

AU - Gammel, Dennis

PY - 2013/12/9

Y1 - 2013/12/9

N2 - Our Cyber-Physical Topology Language (CPTL) provides a language that utilities can use to programmatically analyze current and future cyber-physical architectures. The motivation for our research emerged from the importance and limitations of several audit scenarios: account management, vulnerability assessment, and configuration management. Those scenarios occur in the context of the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) audits. The NERC CIP standards define security controls by which utilities must be audited. Although the standards were designed to make power control networks less vulnerable to cyber attack and to decrease the chance of outages, the audit process is manual and costly. In order to save utilities and auditors time and money, we used the limitations of those audit scenarios in formally specifying and implementing CPTL, which consists of both a representation of cyber-physical assets and operations upon that representation. First, CPTL uses graph theory to represent a network of cyber-physical assets; we currently implement this representation in GraphML. Second, CPTL defines operations upon that representation. In this paper, we introduce operators to process attributes by expanding and contracting components of a network, and implement these operations using the Boost Graph Library (BGL). In order to demonstrate the potential for CPTL to save auditors and utilities time and money, we provide a detailed example of how CPTL could help with vulnerability assessment and discuss additional applications beyond the audit scenarios mentioned above. We describe current approaches to those scenarios and argue that CPTL improves upon both the state-of-the-art and current practice. In fact, we intend CPTL to enable a broad range of new research on realistic cyber-physical architectures by giving utilities, auditors, managers, and researchers a common language with which to communicate and analyze those architectures.

AB - Our Cyber-Physical Topology Language (CPTL) provides a language that utilities can use to programmatically analyze current and future cyber-physical architectures. The motivation for our research emerged from the importance and limitations of several audit scenarios: account management, vulnerability assessment, and configuration management. Those scenarios occur in the context of the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) audits. The NERC CIP standards define security controls by which utilities must be audited. Although the standards were designed to make power control networks less vulnerable to cyber attack and to decrease the chance of outages, the audit process is manual and costly. In order to save utilities and auditors time and money, we used the limitations of those audit scenarios in formally specifying and implementing CPTL, which consists of both a representation of cyber-physical assets and operations upon that representation. First, CPTL uses graph theory to represent a network of cyber-physical assets; we currently implement this representation in GraphML. Second, CPTL defines operations upon that representation. In this paper, we introduce operators to process attributes by expanding and contracting components of a network, and implement these operations using the Boost Graph Library (BGL). In order to demonstrate the potential for CPTL to save auditors and utilities time and money, we provide a detailed example of how CPTL could help with vulnerability assessment and discuss additional applications beyond the audit scenarios mentioned above. We describe current approaches to those scenarios and argue that CPTL improves upon both the state-of-the-art and current practice. In fact, we intend CPTL to enable a broad range of new research on realistic cyber-physical architectures by giving utilities, auditors, managers, and researchers a common language with which to communicate and analyze those architectures.

KW - NERC CIP

KW - audit

KW - graph theory

UR - http://www.scopus.com/inward/record.url?scp=84889035509&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84889035509&partnerID=8YFLogxK

U2 - 10.1145/2516930.2516934

DO - 10.1145/2516930.2516934

M3 - Conference contribution

AN - SCOPUS:84889035509

SN - 9781450324922

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 93

EP - 104

BT - SEGS 2013 - Proceedings of the 2013 ACM Workshop on Smart Energy Grid Security, Co-located with CCS 2013

Y2 - 8 November 2013 through 8 November 2013

ER -

Access to Document

10.1145/2516930.2516934