{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,6]],"date-time":"2025-11-06T12:20:31Z","timestamp":1762431631120,"version":"3.41.2"},"reference-count":46,"publisher":"ASME International","issue":"4","funder":[{"DOI":"10.13039\/100007000","name":"Laboratory Directed Research and Development","doi-asserted-by":"publisher","award":["DE-AC05-76RL01830"],"award-info":[{"award-number":["DE-AC05-76RL01830"]}],"id":[{"id":"10.13039\/100007000","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["asmedigitalcollection.asme.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,12,1]]},"abstract":"This article details a framework and methodology to risk-inform the decisions of an unsupervised cyber controller. A risk assessment methodology within this framework uses a combination of fault trees, event trees, and attack graphs to trace and map cyber elements with business processes. The methodology attempts to prevent and mitigate cyberattacks by using adaptive controllers that proactively reconfigure a network based on actionable risk estimates. The estimates are based on vulnerabilities and potential business consequences. A generic enterprise-control system is used to demonstrate the wide applicability of the methodology. In addition, data needs, implementation, and potential pitfalls are discussed.<\/jats:p>","DOI":"10.1115\/1.4043040","type":"journal-article","created":{"date-parts":[[2019,3,3]],"date-time":"2019-03-03T08:40:18Z","timestamp":1551602418000},"update-policy":"https:\/\/doi.org\/10.1115\/crossmarkpolicy-asme","source":"Crossref","is-referenced-by-count":3,"title":["A Framework for Development of Risk-Informed Autonomous Adaptive Cyber Controllers"],"prefix":"10.1115","volume":"19","author":[{"given":"Arun","family":"Veeramany","sequence":"first","affiliation":[{"name":"Mem. ASME Pacific Northwest National Laboratory, 902 Battelle Boulevard, Richland, WA 99352 e-mail:"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"William J.","family":"Hutton","sequence":"additional","affiliation":[{"name":"Pacific Northwest National Laboratory, 902 Battelle Boulevard, Richland, WA 99352 e-mail:"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Siddharth","family":"Sridhar","sequence":"additional","affiliation":[{"name":"Pacific Northwest National Laboratory, 902 Battelle Boulevard, Richland, WA 99352 e-mail:"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sri Nikhil Gupta","family":"Gourisetti","sequence":"additional","affiliation":[{"name":"Pacific Northwest National Laboratory, 902 Battelle Boulevard, Richland, WA 99352 e-mail:"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Garill A.","family":"Coles","sequence":"additional","affiliation":[{"name":"Pacific Northwest National Laboratory, 902 Battelle Boulevard, Richland, WA 99352 e-mail:"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paul M.","family":"Skare","sequence":"additional","affiliation":[{"name":"Pacific Northwest National Laboratory, 902 Battelle Boulevard, Richland, WA 99352 e-mail:"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"33","published-online":{"date-parts":[[2019,6,3]]},"reference":[{"key":"2019100605582281700_CIT0001","doi-asserted-by":"crossref","DOI":"10.1115\/OMAE2017-61645","article-title":"Risk Management of Autonomous Marine Systems and Operations","author":"Utne","year":"2017"},{"key":"2019100605582281700_CIT0002","doi-asserted-by":"crossref","DOI":"10.1115\/OMAE2017-61771","article-title":"Cyber Security Issues in Navigation Systems of Marine Vessels From a Control Perspective","author":"Hassani","year":"2017"},{"key":"2019100605582281700_CIT0003","doi-asserted-by":"crossref","DOI":"10.1115\/DSCC2017-5386","article-title":"Vulnerabilities of Cyber-Physical Linear Control Systems to Sophisticated Attacks","author":"Radisavljevic-Gajic","year":"2017"},{"key":"2019100605582281700_CIT0004","doi-asserted-by":"crossref","DOI":"10.1115\/ICONE25-67120","article-title":"Cyber Security Assessment of Component Off-the-Shelf Based NPP I&C System Using IMECA Technique","author":"Zelinko","year":"2017"},{"key":"2019100605582281700_CIT0005","doi-asserted-by":"crossref","DOI":"10.1115\/JRC2017-2304","article-title":"Internet of Things (IoT)-Based Apparatus and Method for Rail Crossing Alerting of Static or Dynamic Rail Track Intrusions","author":"Minoli","year":"2017"},{"key":"2019100605582281700_CIT0006","first-page":"1","article-title":"Adversarial and Uncertain Reasoning for Adaptive Cyber Defense: Building the Scientific Foundation","author":"Cybenko","year":"2014"},{"key":"2019100605582281700_CIT0007","unstructured":"Sarkar, S.\n , 2011, Autonomous Perception and Decision Making in Cyber-Physical Systems, Doctoral dissertation, The Pennsylvania State University, PA."},{"key":"2019100605582281700_CIT0008","unstructured":"Ezell, B. C.\n , 1998, Risks of Cyber Attack to Supervisory Control and Data Acquisition for Water Supply, M.S. thesis, University of Virginia, Charlottesville, VA."},{"volume-title":"SCADA: Supervisory Control and Data Acquisition, Instrumentation Society of America","year":"1993","author":"Boyer","key":"2019100605582281700_CIT0009"},{"issue":"3","key":"2019100605582281700_CIT0010","doi-asserted-by":"publisher","first-page":"031018","DOI":"10.1115\/1.4037228","article-title":"SFTA-Based Approach for Safety\/Reliability Analysis of Operational Use-Cases in Cyber-Physical Systems","volume":"17","author":"Oveisi","year":"2017","journal-title":"ASME J. Comput. Inf. Sci. Eng."},{"issue":"4","key":"2019100605582281700_CIT0011","doi-asserted-by":"publisher","first-page":"583","DOI":"10.1016\/j.isatra.2007.04.003","article-title":"Cyber Security Risk Assessment for SCADA and DCS Networks","volume":"46","author":"Ralston","year":"2007","journal-title":"ISA Trans."},{"issue":"1","key":"2019100605582281700_CIT0012","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1111\/j.1539-6924.1981.tb01350.x","article-title":"On the Quantitative Definition of Risk","volume":"1","author":"Kaplan","year":"1981","journal-title":"Risk Anal."},{"key":"2019100605582281700_CIT0013","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2015.09.009","article-title":"A Review of Cyber Security Risk Assessment Methods for SCADA Systems","volume":"56","author":"Cherdantseva","year":"2016","journal-title":"Comput. Secur."},{"key":"2019100605582281700_CIT0014","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-84996-232-2","volume-title":"Reliability and Safety Engineering","author":"Verma","year":"2010"},{"key":"2019100605582281700_CIT0015","doi-asserted-by":"crossref","DOI":"10.1109\/IEEM.2015.7385921","article-title":"Risk Assessment Method for Cybersecurity of Cyber-Physical Systems Based on Inter-Dependency of Vulnerabilities","author":"Wu","year":"2015"},{"issue":"1","key":"2019100605582281700_CIT0016","doi-asserted-by":"publisher","first-page":"1","DOI":"10.5516\/NET.03.2014.700","article-title":"PRA: A Perspective on Strengths, Current Limitations, and Possible Improvements","volume":"46","author":"Mosleh","year":"2014","journal-title":"Nucl. Eng. Technol."},{"issue":"5","key":"2019100605582281700_CIT0017","doi-asserted-by":"publisher","first-page":"896","DOI":"10.1016\/j.net.2017.07.001","article-title":"An Autonomous Control Framework for Advanced Reactors","volume":"49","author":"Wood","year":"2017","journal-title":"Nucl. Eng. Technol."},{"key":"2019100605582281700_CIT0018","doi-asserted-by":"crossref","DOI":"10.1109\/SmartGridComm.2013.6688017","article-title":"Software-Defined Energy Communication Networks: From Substation Automation to Future Smart Grids","author":"Cahn","year":"2013"},{"key":"2019100605582281700_CIT0019","doi-asserted-by":"publisher","first-page":"1552","DOI":"10.1016\/j.rser.2015.10.124","article-title":"Cyber-Security in Substation Automation Systems","volume":"54","author":"Moreira","year":"2016","journal-title":"Renew. Sustainable Energy Rev."},{"key":"2019100605582281700_CIT0020","doi-asserted-by":"crossref","DOI":"10.1115\/IMECE2017-71336","article-title":"Cyber Integrated Metrology, Learning and Evaluation System: An Approach Towards Smart Factories","author":"Helgoson","year":"2017"},{"key":"2019100605582281700_CIT0021","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/978-3-319-42559-7_1","article-title":"Industrial Internet of Things and Cyber Manufacturing Systems","volume-title":"Industrial Internet of Things","author":"Jeschke","year":"2017"},{"issue":"2","key":"2019100605582281700_CIT0022","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1016\/j.mfglet.2014.01.005","article-title":"Cyber-Physical Security Challenges in Manufacturing Systems","volume":"2","author":"Wells","year":"2014","journal-title":"Manuf. Lett."},{"key":"2019100605582281700_CIT0023","doi-asserted-by":"crossref","DOI":"10.1115\/DETC2017-68320","article-title":"A Distributed Intelligence Approach to Using Collaborating Unmanned Aerial Vehicles for Oil Spill Mapping","author":"Odonkor","year":"2017"},{"key":"2019100605582281700_CIT0024","doi-asserted-by":"crossref","DOI":"10.1115\/OMAE2017-61880","article-title":"Marine Autonomous Exploration Using a Lidar and SLAM","author":"Ueland","year":"2017"},{"key":"2019100605582281700_CIT0025","doi-asserted-by":"crossref","first-page":"691","DOI":"10.1007\/978-3-319-49340-4_20","volume-title":"Handbook of Big Data Technologies","author":"Church","year":"2017"},{"key":"2019100605582281700_CIT0026","doi-asserted-by":"publisher","first-page":"1375","DOI":"10.1109\/ACCESS.2016.2549047","article-title":"Cloud-Assisted IoT-Based SCADA Systems Security: A review of the State of the Art and Future Challenges","volume":"4","author":"Sajid","year":"2016","journal-title":"IEEE Access"},{"volume-title":"Handbook of Life Cycle Engineering: Concepts, Models, and Technologies","year":"1998","author":"Williams","key":"2019100605582281700_CIT0027"},{"key":"2019100605582281700_CIT0028","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1007\/978-3-540-70567-3_22","article-title":"An Attack Graph-Based Probabilistic Security Metric","volume":"5094","author":"Wang","year":"2008","journal-title":"Lect. Notes Comput. Sci."},{"article-title":"The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems","year":"2004","author":"Byres","key":"2019100605582281700_CIT0029"},{"key":"2019100605582281700_CIT0030","first-page":"4490","article-title":"Stuxnet Worm Impact on Industrial Cyber-Physical System Security","author":"Karnouskos","year":"2011"},{"key":"2019100605582281700_CIT0031","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-69155-8_4","article-title":"Detecting Command and Control Channel of Botnets in Cloud","author":"Lu","year":"2017"},{"key":"2019100605582281700_CIT0032","first-page":"183","article-title":"Adaptive use of Network-Centric Mechanisms in Cyber-Defense","author":"Atighetchi","year":"2003"},{"volume-title":"Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS","year":"2011","author":"Macaulay","key":"2019100605582281700_CIT0033"},{"volume-title":"A Taxonomy of Operational Cyber Security Risks","year":"2010","author":"Cebula","key":"2019100605582281700_CIT0034"},{"issue":"2","key":"2019100605582281700_CIT0035","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1016\/j.ress.2004.04.003","article-title":"Confronting the Risks of Terrorism: Making the Right Decisions","volume":"86","author":"Garrick","year":"2004","journal-title":"Reliab. Eng. Syst. Saf."},{"volume-title":"Using a Systems-Theoretic Approach to Analyze Cyber Attacks on Cyber-Physical Systems","year":"2017","author":"Whyte","key":"2019100605582281700_CIT0036"},{"key":"2019100605582281700_CIT0037","unstructured":"Team, C.\n , 2015, Common Vulnerability Scoring System v3.0: Specification Document. First.org."},{"volume-title":"Common Vulnerability Scoring System Version 3.0 Calculator","author":"FIRST","key":"2019100605582281700_CIT0038"},{"key":"2019100605582281700_CIT0039","doi-asserted-by":"crossref","DOI":"10.1145\/1456362.1456368","article-title":"Measuring Network Security Using Dynamic Bayesian Network","author":"Frigault","year":"2008"},{"volume-title":"Security Feature Extraction for a Network","year":"2017","author":"Reddy","key":"2019100605582281700_CIT0040"},{"article-title":"A Comparative Study of Correlation Engines for Security Event Management","year":"2015","author":"Rosa","key":"2019100605582281700_CIT0041"},{"key":"2019100605582281700_CIT0042","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-19449-3","volume-title":"Impact of Design Research on Industrial Practice","author":"Chakrabarti","year":"2016"},{"key":"2019100605582281700_CIT0043","doi-asserted-by":"crossref","DOI":"10.2172\/130641","volume-title":"Systems Analysis Programs for Hands-on Integrated Reliability Evaluations (SAPHIRE), Version 5.0","author":"Russell","year":"1995"},{"key":"2019100605582281700_CIT0044","unstructured":"EPRI\n , 2014, Computer Aided Fault Tree Analysis System (CAFTA), Version 6.0b. Available from: https:\/\/www.epri.com\/#\/pages\/product\/3002004316\/."},{"key":"2019100605582281700_CIT0045","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1016\/j.cosrev.2015.03.001","article-title":"Fault Tree Analysis: A Survey of the State-of-the-Art in Modeling, Analysis and Tools","volume":"15","author":"Ruijters","year":"2015","journal-title":"Comput. Sci. Rev."},{"key":"2019100605582281700_CIT0046","doi-asserted-by":"crossref","DOI":"10.2172\/911775","volume-title":"Cyber Incidents Involving Control Systems","author":"Turk","year":"2005"}],"container-title":["Journal of Computing and Information Science in Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/asmedigitalcollection.asme.org\/computingengineering\/article-pdf\/doi\/10.1115\/1.4043040\/5998856\/jcise_19_4_041004.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/asmedigitalcollection.asme.org\/computingengineering\/article-pdf\/doi\/10.1115\/1.4043040\/5998856\/jcise_19_4_041004.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,6]],"date-time":"2019-10-06T09:58:33Z","timestamp":1570355913000},"score":1,"resource":{"primary":{"URL":"https:\/\/asmedigitalcollection.asme.org\/computingengineering\/article\/doi\/10.1115\/1.4043040\/632807\/A-Framework-for-Development-of-RiskInformed"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,3]]},"references-count":46,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2019,12,1]]}},"URL":"https:\/\/doi.org\/10.1115\/1.4043040","relation":{},"ISSN":["1530-9827","1944-7078"],"issn-type":[{"type":"print","value":"1530-9827"},{"type":"electronic","value":"1944-7078"}],"subject":[],"published":{"date-parts":[[2019,6,3]]},"article-number":"041004"}}