@inproceedings(amin2011interdependence, author = "S.~Amin and G.~A. Schwartz and S.~S. Sastry", year = "2011", title = "On the interdependence of reliability and security in networked control systems", booktitle = "Decision and Control and European Control Conference (CDC-ECC), 2011 50th IEEE Conference on", organization = "IEEE", pages = "4078--4083", doi = "10.1109/CDC.2011.6161527", ) @incollection(anderson2010security, author = "R.~Anderson and S~Fuloria", year = "2010", title = "Security economics and critical national infrastructure", booktitle = "Economics of Information Security and Privacy", publisher = "Springer", pages = "55--66", doi = "10.1007/978-1-4419-6967-5_4", ) @inproceedings(atzeni2011here, author = "A.~Atzeni and C.~Cameroni and S.~Faily and J.~Lyle and I~Fl{\'e}chais", year = "2011", title = "Here's Johnny: A methodology for developing attacker personas", booktitle = "Availability, Reliability and Security (ARES), 2011 Sixth International Conference on", organization = "IEEE", pages = "722--727", doi = "10.1109/ARES.2011.115", ) @phdthesis(balchanos2012probabilistic, author = "M.~G Balchanos", year = "2012", title = "A probabilistic technique for the assessment of complex dynamic system resilience", school = "Georgia Institute of Technology", url = "https://smartech.gatech.edu/bitstream/handle/1853/43730/balchanos_michael_g_201205_phd.pdf", ) @book(DoDDefSci2013, author = "Defense~Science Board", year = "2013", title = "Task Force report: Resilient military systems and the advanced cyber threat", publisher = "Department of Defense", url = "http://www.acq.osd.mil/dsb/reports/ResilientMilitarySystems.CyberThreat.pdf", ) @article(brenner2013eyes, author = "J.~F. Brenner", year = "2013", title = "Eyes wide shut: The growing threat of cyber attacks on industrial control systems", journal = "Bulletin of the atomic scientists (1974)", volume = "69", number = "5", pages = "15--20", doi = "10.1177/0096340213501372", ) @inproceedings(byres2004myths, author = "E.~Byres and J~Lowe", year = "2004", title = "The myths and facts behind cyber security risks for industrial control systems", booktitle = "Proceedings of the VDE Kongress", volume = "116", url = "http://www.isa.org/CustomSource/ISA/Div_PDFs/PDF_News/Glss_2.pdf", ) @inproceedings(cardenas2009challenges, author = "A.~Cardenas and S.~Amin and B.~Sinopoli and A.~Giani and A.~Perrig and S.~Sastry", year = "2009", title = "Challenges for securing cyber physical systems", booktitle = "Workshop on future directions in cyber-physical systems security", url = "http://cimic.rutgers.edu/positionPapers/cps-security-challenges-Cardenas.pdf", ) @inproceedings(cardenas2008research, author = "A.~A. C{\'a}rdenas and S.~Amin and S.~Sastry", year = "2008", title = "Research challenges for the security of control systems.", booktitle = "HotSec", url = "http://robotics.eecs.berkeley.edu/~sastry/pubs/Pdfs\%20of\%202008/CardenasResearch2008.pdf", ) @(Advise2013, author = "Conning", year = "2013", title = "ADVISE enterprise risk modeler", url = "https://www.conning.com/risk-and-capital-management/software/advise.html", ) @article(cox2008matrix, author = "L~Cox", year = "2008", title = "What's wrong with risk matrices?", journal = "Risk analysis", volume = "28", number = "2", pages = "497--512", doi = "10.1111/j.1539-6924.2008.01030.x", ) @inproceedings(dantu2007classification, author = "R.~Dantu and P.~Kolan and R.~Akl and K~Loper", year = "2007", title = "Classification of attributes and behavior in risk management using bayesian networks", booktitle = "Intelligence and Security Informatics, 2007 IEEE", organization = "IEEE", pages = "71--74", doi = "10.1109/ISI.2007.379536", ) @article(dantu2009network, author = "R.~Dantu and P.~Kolan and J~Cangussu", year = "2009", title = "Network risk management using attacker profiling", journal = "Security and Communication Networks", volume = "2", number = "1", pages = "83--96", doi = "10.1002/sec.58", ) @incollection(florencio2013all, author = "D.~Flor{\^e}ncio and C~Herley", year = "2013", title = "Where do all the attacks go?", booktitle = "Economics of Information Security and Privacy III", publisher = "Springer", pages = "13--33", doi = "10.1007/978-1-4614-1981-5_2", ) @inproceedings(frigault2008measuring, author = "M.~Frigault and L.~Wang and A.~Singhal and S~Jajodia", year = "2008", title = "Measuring network security using dynamic bayesian network", booktitle = "Proceedings of the 4th ACM workshop on Quality of protection", organization = "ACM", pages = "23--30", doi = "10.1145/1456362.1456368", ) @inproceedings(giani2009viking, author = "A.~Giani and S.~Sastry and K.~H. Johansson and H~Sandberg", year = "2009", title = "The VIKING project: an initiative on resilient control of power networks", booktitle = "Resilient Control Systems, 2009. ISRCS'09. 2nd International Symposium on", organization = "IEEE", pages = "31--35", doi = "10.1109/ISRCS.2009.5251361", ) @inproceedings(hamilton2002challenges, author = "S.~N. Hamilton and W.~L. Miller and A.~Ott and O.~Saydjari", year = "2002", title = "Challenges in applying game theory to the domain of information warfare", booktitle = "4th Information survivability workshop (ISW-2001/2002), Vancouver, Canada", url = "http://www.au.af.mil/au/awc/awcgate/afrl/hamilton-31-08-a.pdf", ) @article(hutchins2011intelligence, author = "E.~M. Hutchins and M.~J. Cloppert and R.~M. Amin", year = "2011", title = "Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains", journal = "Leading Issues in Information Warfare \& Security Research", volume = "1", pages = "80", url = "http://www.f35team.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf", ) @(gartner, author = "Gartner IT", title = "Gartner IT Glossary", url = "http://www.gartner.com/it-glossary/operational-technology-ot", ) @inproceedings(Johnson2011, author = "B.~Johnson and J.~Grossklags and N.~Christin and J~Chuang", year = "2012", title = "Nash equilibria for weakest target security games with heterogeneous agents.", booktitle = "Game Theory for Networks", publisher = "Springer Berlin Heidelberg", pages = "444--458", doi = "10.1007/978-3-642-30373-9_31", ) @inproceedings(kotenko2006attack, author = "I.~Kotenko and M~Stepashkin", year = "2006", title = "Attack graph based evaluation of network security", booktitle = "Communications and Multimedia Security", organization = "Springer", pages = "216--227", doi = "10.1007/11909033_20", ) @(genie, author = "Decision~Systems Laboratory", title = "GeNIe", url = "http://genie.sis.pitt.edu/", ) @incollection(li2009botnet, author = "Z.~Li and Q.~Liao and A~Striegel", year = "2009", title = "Botnet economics: uncertainty matters", booktitle = "Managing Information Risk and the Economics of Security", publisher = "Springer", pages = "245--267", doi = "10.1007/978-0-387-09762-6_12", ) @article(liu2005incentive, author = "P.~Liu and W.~Zang and M~Yu", year = "2005", title = "Incentive-based modeling and inference of attacker intent, objectives, and strategies", journal = "ACM Transactions on Information and System Security (TISSEC)", volume = "8", number = "1", pages = "78--118", doi = "10.1145/1053283.1053288", ) @(Ltd2011, author = "Command Five~Pty Ltd", year = "2011", title = "Advanced persistent threats: A decade in review", url = "http://www.commandfive.com/papers/C5_APT_ADecadeInReview.pdf", ) @book(lund2011model, author = "M.~S. Lund and B.~Solhaug and K~Stolen", year = "2011", title = "Model-driven risk analysis: the CORAS approach", publisher = "Springer", doi = "10.1007/978-3-642-12323-8", ) @incollection(mauw2006foundations, author = "S.~Mauw and M~Oostdijk", year = "2006", title = "Foundations of attack trees", booktitle = "Information Security and Cryptology-ICISC 2005", publisher = "Springer", pages = "186--198", doi = "10.1007/11734727_17", ) @article(merrick2011comparative, author = "J.~Merrick and G.~S. Parnell", year = "2011", title = "A comparative analysis of PRA and intelligent adversary methods for counterterrorism risk management", journal = "Risk Analysis", volume = "31", number = "9", pages = "1488--1510", doi = "10.1111/j.1539-6924.2011.01590.x", ) @inproceedings(muehrcke2010behavior, author = "C.~Muehrcke and E.~V. Ruitenbeek and K.~Keefe and W.~H. Sanders", year = "2010", title = "Characterizing the behavior of cyber adversaries: The means, motive, and opportunity of cyberattacks", booktitle = "2010 International Conference on Dependable Systems and Networks Supplemental", organization = "IEEE/IFIP International Conference on Dependable Systems and Networks", url = "https://www.perform.illinois.edu/Papers/USAN_papers/10VAN01.pdf", ) @article(mulligan2011doctrine, author = "D.~K. Mulligan and F.~B. Schneider", year = "2011", title = "Doctrine for cybersecurity", journal = "Daedalus", volume = "140", number = "4", pages = "70--92", doi = "10.1162/DAED_a_00116", ) @article(pfleeger2008cybersecurity, author = "S.~L. Pfleeger and R~Rue", year = "2008", title = "Cybersecurity economic issues: Clearing the path to good practice", journal = "Software, IEEE", volume = "25", number = "1", pages = "35--42", doi = "10.1109/MS.2008.4", ) @techreport(RiosInsua2013, author = "D.~Rios~Insua and J.~Cano", year = "2013", title = "Basic models for security risk analysis (SECONOMICS D5.1)", type = "Technical Report", institution = "SECONOMICS Project", url = "http://seconomicsproject.eu/content/d051-basic-models-security-risk-analysis", ) @article(rios2009adversarial, author = "David Rios~Insua and J.~Rios and D~Banks", year = "2009", title = "Adversarial risk analysis", journal = "Journal of the American Statistical Association", volume = "104", number = "486", pages = "841--854", doi = "10.1198/jasa.2009.0155", ) @inproceedings(roy2010survey, author = "S.~Roy and C.~Ellis and S.~Shiva and D.~Dasgupta and V.~Shandilya and Q~Wu", year = "2010", title = "A survey of game theory as applied to network security", booktitle = "System Sciences (HICSS), 2010 43rd Hawaii International Conference on", organization = "IEEE", pages = "1--10", doi = "10.1109/HICSS.2010.35", ) @phdthesis(sallhammar2007stochastic, author = "K~Sallhammar", year = "2007", title = "Stochastic models for combined security and dependability evaluation", school = "Norwegian University of Science and Technology", url = "http://www.diva-portal.org/smash/get/diva2:123582/FULLTEXT01", ) @article(sevillano2012adversarial, author = "J.~C. Sevillano and D~Rios~Insua and J~Rios", year = "2012", title = "Adversarial risk analysis: The Somali pirates case", journal = "Decision Analysis", volume = "9", number = "2", pages = "86--95", doi = "10.1287/deca.1110.0225", ) @(Shauk2013c, author = "Z.~Shauk", year = "2013", title = "Hackers hit energy companies more than others", url = "http://fuelfix.com/blog/2013/03/25/electronic-attacks-hit-two-thirds-of-energy-companies-in-study/", ) @article(ten2008vulnerability, author = "C.-W. Ten and C.-C. Liu and G~Manimaran", year = "2008", title = "Vulnerability assessment of cybersecurity for SCADA systems", journal = "Power Systems, IEEE Transactions on", volume = "23", number = "4", pages = "1836--1846", doi = "10.1109/TPWRS.2008.2002298", ) @unpublished(thomas2013bad, author = "R.~C. Thomas and M.~Antkiewicz and P.~Florer and S.~Widup and M~Woodyard", year = "2013", title = "How bad is it?--A branching activity model to estimate the impact of information security breaches", doi = "10.2139/ssrn.2233075", ) @inproceedings(xie2010using, author = "P.~Xie and J.~H. Li and X.~Ou and P.~Liu and R~Levy", year = "2010", title = "Using Bayesian networks for cyber security analysis", booktitle = "Dependable Systems and Networks (DSN), 2010 IEEE/IFIP International Conference on", organization = "IEEE", pages = "211--220", url = "10.1109/DSN.2010.5544924", ) @inproceedings(zhu2011taxonomy, author = "B.~Zhu and A.~Joseph and S~Sastry", year = "2011", title = "A taxonomy of cyber attacks on SCADA systems", booktitle = "Internet of Things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing", organization = "IEEE", pages = "380--388", doi = "10.1109/iThings/CPSCom.2011.34", )