Publications
Dynamic attack surfaces in nuclear power plants
In this paper, we will summarize a group of architectural principles that inform the development of secure control system architectures, followed by a methodology that allows designers to understand the attack surface of components and subsystems in a way that supports the integration of these surfaces into a single attack surface. We will then show how this methodology can be used to analyze the control system attack surface from a variety of threats, including knowledgeable insiders. We close the paper with an overview of how this approach can be folded into a more rigorous mathematical analysis of the system to define the system's security posture.