References

  1. S. Amin, G. A. Schwartz & S. S. Sastry (2011): On the interdependence of reliability and security in networked control systems. In: Decision and Control and European Control Conference (CDC-ECC), 2011 50th IEEE Conference on. IEEE, pp. 4078–4083, doi:10.1109/CDC.2011.6161527.
  2. R. Anderson & S Fuloria (2010): Security economics and critical national infrastructure. In: Economics of Information Security and Privacy. Springer, pp. 55–66, doi:10.1007/978-1-4419-6967-5_4.
  3. A. Atzeni, C. Cameroni, S. Faily, J. Lyle & I Fléchais (2011): Here's Johnny: A methodology for developing attacker personas. In: Availability, Reliability and Security (ARES), 2011 Sixth International Conference on. IEEE, pp. 722–727, doi:10.1109/ARES.2011.115.
  4. M. G Balchanos (2012): A probabilistic technique for the assessment of complex dynamic system resilience. Georgia Institute of Technology. Available at https://smartech.gatech.edu/bitstream/handle/1853/43730/balchanos_michael_g_201205_phd.pdf.
  5. Defense Science Board (2013): Task Force report: Resilient military systems and the advanced cyber threat. Department of Defense. Available at http://www.acq.osd.mil/dsb/reports/ResilientMilitarySystems.CyberThreat.pdf.
  6. J. F. Brenner (2013): Eyes wide shut: The growing threat of cyber attacks on industrial control systems. Bulletin of the atomic scientists (1974) 69(5), pp. 15–20, doi:10.1177/0096340213501372.
  7. E. Byres & J Lowe (2004): The myths and facts behind cyber security risks for industrial control systems. In: Proceedings of the VDE Kongress 116. Available at http://www.isa.org/CustomSource/ISA/Div_PDFs/PDF_News/Glss_2.pdf.
  8. A. Cardenas, S. Amin, B. Sinopoli, A. Giani, A. Perrig & S. Sastry (2009): Challenges for securing cyber physical systems. In: Workshop on future directions in cyber-physical systems security. Available at http://cimic.rutgers.edu/positionPapers/cps-security-challenges-Cardenas.pdf.
  9. A. A. Cárdenas, S. Amin & S. Sastry (2008): Research challenges for the security of control systems.. In: HotSec. Available at http://robotics.eecs.berkeley.edu/~sastry/pubs/Pdfs%20of%202008/CardenasResearch2008.pdf.
  10. Conning (2013): ADVISE enterprise risk modeler. Available at https://www.conning.com/risk-and-capital-management/software/advise.html.
  11. L Cox (2008): What's wrong with risk matrices?. Risk analysis 28(2), pp. 497–512, doi:10.1111/j.1539-6924.2008.01030.x.
  12. R. Dantu, P. Kolan, R. Akl & K Loper (2007): Classification of attributes and behavior in risk management using bayesian networks. In: Intelligence and Security Informatics, 2007 IEEE. IEEE, pp. 71–74, doi:10.1109/ISI.2007.379536.
  13. R. Dantu, P. Kolan & J Cangussu (2009): Network risk management using attacker profiling. Security and Communication Networks 2(1), pp. 83–96, doi:10.1002/sec.58.
  14. D. Florêncio & C Herley (2013): Where do all the attacks go?. In: Economics of Information Security and Privacy III. Springer, pp. 13–33, doi:10.1007/978-1-4614-1981-5_2.
  15. M. Frigault, L. Wang, A. Singhal & S Jajodia (2008): Measuring network security using dynamic bayesian network. In: Proceedings of the 4th ACM workshop on Quality of protection. ACM, pp. 23–30, doi:10.1145/1456362.1456368.
  16. A. Giani, S. Sastry, K. H. Johansson & H Sandberg (2009): The VIKING project: an initiative on resilient control of power networks. In: Resilient Control Systems, 2009. ISRCS'09. 2nd International Symposium on. IEEE, pp. 31–35, doi:10.1109/ISRCS.2009.5251361.
  17. S. N. Hamilton, W. L. Miller, A. Ott & O. Saydjari (2002): Challenges in applying game theory to the domain of information warfare. In: 4th Information survivability workshop (ISW-2001/2002), Vancouver, Canada. Available at http://www.au.af.mil/au/awc/awcgate/afrl/hamilton-31-08-a.pdf.
  18. E. M. Hutchins, M. J. Cloppert & R. M. Amin (2011): Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research 1, pp. 80. Available at http://www.f35team.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf.
  19. Gartner IT: Gartner IT Glossary. Available at http://www.gartner.com/it-glossary/operational-technology-ot.
  20. B. Johnson, J. Grossklags, N. Christin & J Chuang (2012): Nash equilibria for weakest target security games with heterogeneous agents.. In: Game Theory for Networks. Springer Berlin Heidelberg, pp. 444–458, doi:10.1007/978-3-642-30373-9_31.
  21. I. Kotenko & M Stepashkin (2006): Attack graph based evaluation of network security. In: Communications and Multimedia Security. Springer, pp. 216–227, doi:10.1007/11909033_20.
  22. Decision Systems Laboratory: GeNIe. Available at http://genie.sis.pitt.edu/.
  23. Z. Li, Q. Liao & A Striegel (2009): Botnet economics: uncertainty matters. In: Managing Information Risk and the Economics of Security. Springer, pp. 245–267, doi:10.1007/978-0-387-09762-6_12.
  24. P. Liu, W. Zang & M Yu (2005): Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Transactions on Information and System Security (TISSEC) 8(1), pp. 78–118, doi:10.1145/1053283.1053288.
  25. Command Five Pty Ltd (2011): Advanced persistent threats: A decade in review. Available at http://www.commandfive.com/papers/C5_APT_ADecadeInReview.pdf.
  26. M. S. Lund, B. Solhaug & K Stolen (2011): Model-driven risk analysis: the CORAS approach. Springer, doi:10.1007/978-3-642-12323-8.
  27. S. Mauw & M Oostdijk (2006): Foundations of attack trees. In: Information Security and Cryptology-ICISC 2005. Springer, pp. 186–198, doi:10.1007/11734727_17.
  28. J. Merrick & G. S. Parnell (2011): A comparative analysis of PRA and intelligent adversary methods for counterterrorism risk management. Risk Analysis 31(9), pp. 1488–1510, doi:10.1111/j.1539-6924.2011.01590.x.
  29. C. Muehrcke, E. V. Ruitenbeek, K. Keefe & W. H. Sanders (2010): Characterizing the behavior of cyber adversaries: The means, motive, and opportunity of cyberattacks. In: 2010 International Conference on Dependable Systems and Networks Supplemental. IEEE/IFIP International Conference on Dependable Systems and Networks. Available at https://www.perform.illinois.edu/Papers/USAN_papers/10VAN01.pdf.
  30. D. K. Mulligan & F. B. Schneider (2011): Doctrine for cybersecurity. Daedalus 140(4), pp. 70–92, doi:10.1162/DAED_a_00116.
  31. S. L. Pfleeger & R Rue (2008): Cybersecurity economic issues: Clearing the path to good practice. Software, IEEE 25(1), pp. 35–42, doi:10.1109/MS.2008.4.
  32. D. Rios Insua & J. Cano (2013): Basic models for security risk analysis (SECONOMICS D5.1). Technical Report. SECONOMICS Project. Available at http://seconomicsproject.eu/content/d051-basic-models-security-risk-analysis.
  33. David Rios Insua, J. Rios & D Banks (2009): Adversarial risk analysis. Journal of the American Statistical Association 104(486), pp. 841–854, doi:10.1198/jasa.2009.0155.
  34. S. Roy, C. Ellis, S. Shiva, D. Dasgupta, V. Shandilya & Q Wu (2010): A survey of game theory as applied to network security. In: System Sciences (HICSS), 2010 43rd Hawaii International Conference on. IEEE, pp. 1–10, doi:10.1109/HICSS.2010.35.
  35. K Sallhammar (2007): Stochastic models for combined security and dependability evaluation. Norwegian University of Science and Technology. Available at http://www.diva-portal.org/smash/get/diva2:123582/FULLTEXT01.
  36. J. C. Sevillano, D Rios Insua & J Rios (2012): Adversarial risk analysis: The Somali pirates case. Decision Analysis 9(2), pp. 86–95, doi:10.1287/deca.1110.0225.
  37. Z. Shauk (2013): Hackers hit energy companies more than others. Available at http://fuelfix.com/blog/2013/03/25/electronic-attacks-hit-two-thirds-of-energy-companies-in-study/.
  38. C.-W. Ten, C.-C. Liu & G Manimaran (2008): Vulnerability assessment of cybersecurity for SCADA systems. Power Systems, IEEE Transactions on 23(4), pp. 1836–1846, doi:10.1109/TPWRS.2008.2002298.
  39. R. C. Thomas, M. Antkiewicz, P. Florer, S. Widup & M Woodyard (2013): How bad is it?–A branching activity model to estimate the impact of information security breaches, doi:10.2139/ssrn.2233075.
  40. P. Xie, J. H. Li, X. Ou, P. Liu & R Levy (2010): Using Bayesian networks for cyber security analysis. In: Dependable Systems and Networks (DSN), 2010 IEEE/IFIP International Conference on. IEEE, pp. 211–220. Available at 10.1109/DSN.2010.5544924.
  41. B. Zhu, A. Joseph & S Sastry (2011): A taxonomy of cyber attacks on SCADA systems. In: Internet of Things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing. IEEE, pp. 380–388, doi:10.1109/iThings/CPSCom.2011.34.
Comments and questions to: eptcs@eptcs.org
For website issues: webmaster@eptcs.org