Summary: | Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, School of Engineering, System Design and Management Program, 2017. === Cataloged from PDF version of thesis. === Includes bibliographical references (pages 113-118). === With increased Internet connectivity and the advent of the industrial Internet, cyber-physical systems are increasingly being targeted by cyber attacks. Unlike, cyber attacks on IT networks, successfully compromising a cyber-physical environment takes considerably more time, motivation, expertise, and operational costs to the adversary. This thesis explores how a systems-theoretic approach, the Systems-Theoretic Accident Model and Processes (STAMP), can be used by an organization to complement intelligence-driven models of intrusion analysis to provide both additional insight and prioritize defensive countermeasures in order to guard against cyber-physical attacks and compromises. Specifically, in this thesis we analyze two real-world use cases of well publicized cyber-physical attacks using traditional intelligence-driven models of intrusion analysis as well as apply the Causal Analysis based on STAMP (CAST) model on one of the use cases. The STAMP/CAST based analysis afforded us deeper insights into the system causal factors that led to the successful compromise. In turn, this allowed for the generation of specific recommendations to safeguard the cyber-physical systems within the network in order to increase the overall organizational security posture. This included a recommendation to modify the existing organizational structure (i.e., the addition of a Security Operations Centre function) such that clearly defined security roles and responsibilities could be effectively implemented thus significantly improving an organization's ability to respond to cyber attacks. === by David Whyte. === S.M. in Engineering and Management
|