| A cyber physical system (CPS) is a system of systems where we highly integrate the cyber technology and the physical processes, in order to add new capabilities into physical system. Examples of cyber-physical system application include smart grid, smart building, smart medical device and smart industrial control. If CPS collapse, the consequences could be disastrous. The security of CPS has been the major subject of concern in recent years. The widespread connectivity between the CPS and Internet will definitely result in the increase of CPS security risk. Risk assessment is becoming more and more indispensable for CPS.In this paper, the basic model for CPS risk assessment was raised in the first place and then its three basic elements:asset, vulnerability and threat were analyzed respectively. Meanwhile, a penetration test plan was put forward to evaluate the vulnerability of CPS. In order to discriminate the best risk assessment method for CPS, a distinction between existing risk assessment methods of IT system and industrial control system was studied. Attack Tree was believed appropriate and improved by this paper. The node of an Attack Tree should be assigned with the value of probability which can be accessed by studying the vulnerability and threat of the node.As risk is a combination of probability and the consequence, the evaluation method of consequence was studied. This paper believed the simulation of CPS is the best way to study the consequence of cyber-attack. A structure of CPS simulation was proposed by this paper. Matlab/Simulink was believed an effective tool for modeling the physical components and processes and a mathematical model for electric generation was studied to prove the possibility of this structure. |
PDF Full Text Request