Evaluating the risk of cyber attacks on SCADA systems via Petri net analysis with application to hazardous liquid loading operations

This paper develops an analytic technique for quantifying the risk of computer network operations (CNO) against supervisory control and data acquisition (SCADA) systems. We measure risk in terms of the extent to which an attacker can manipulate process control elements, the consequences due to disruption of the controlled physical process, and the vulnerability of the SCADA system to malicious intrusion. The technique constitutes a novel application of Petri net state coverability analysis coupled with process simulation. As such, this framework permits a formal assessment of candidate policies to manage risk by diminishing aspects of the network vulnerability to intrusion, where the objective is to prevent malicious induction of catastrophic process failure modes. We extend earlier work on Petri nets for attack analysis by developing a detailed methodology including: a new algorithm for the automatic generation of Petri nets from the description of a SCADA network and its vulnerabilities; metrics for quantifying risk as a function of a Petri net's state; techniques for evaluating these metrics based on a Petri net's minimal coverability set; and a method for coupling the Petri net representation of the SCADA network to the controlled processes for failure mode and effects assessment. The paper concludes by presenting an example application of the analysis technique to evaluate the security of a hazardous liquid loading process.