Article(electronic)April 17, 2018

Examining Cybersecurity of Cyberphysical Systems for Critical Infrastructures Through Work Domain Analysis

In: Human factors: the journal of the Human Factors Society, Volume 60, Issue 5, p. 699-718

Wang, Hao; Lau, Nathan; Gerdes, Ryan M.

Order using Subito

Checking availability at your location

Abstract

Objective: The aim of this study was to apply work domain analysis for cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems. Background: Adoption of information and communication technology in cyberphysical systems (CPSs) for critical infrastructures enables automated and distributed control but introduces cybersecurity risk. Many CPSs employ SCADA industrial control systems that have become the target of cyberattacks, which inflict physical damage without use of force. Given that absolute security is not feasible for complex systems, cyberintrusions that introduce unanticipated events will occur; a proper response will in turn require human adaptive ability. Therefore, analysis techniques that can support security assessment and human factors engineering are invaluable for defending CPSs. Method: We conducted work domain analysis using the abstraction hierarchy (AH) to model a generic SCADA implementation to identify the functional structures and means–ends relations. We then adopted a case study approach examining the Stuxnet cyberattack by developing and integrating AHs for the uranium enrichment process, SCADA implementation, and malware to investigate the interactions between the three aspects of cybersecurity in CPSs. Results: The AHs for modeling a generic SCADA implementation and studying the Stuxnet cyberattack are useful for mapping attack vectors, identifying deficiencies in security processes and features, and evaluating proposed security solutions with respect to system objectives. Conclusion: Work domain analysis is an effective analytical method for studying cybersecurity of CPSs for critical infrastructures in a psychologically relevant manner. Application: Work domain analysis should be applied to assess cybersecurity risk and inform engineering and user interface design.

Languages

English

Publisher

SAGE Publications

ISSN: 1547-8181

DOI

10.1177/0018720818769250

ExportReport Issue

Report Issue

If you have problems with the access to a found title, you can use this form to contact us. You can also use this form to write to us if you have noticed any errors in the title display.