President Amenaza Technologies Limited Calgary, Alberta, Canada
Cybersecurity is often approached as a "practice." Practitioners follow lists of best practices they hope will protect their assets. This approach often fails to identify probable attacks. In other fields, engineers rely on models to understand the behavior of their systems when stressed. A similar approach has long been used to evaluate cybersecurity in sensitive environments.
The use of attack models is a standard technique in the development of avionic control systems of military aircraft. This presentation will show how attack tree models can be applied to conventional industrial control systems, including critical infrastructure. A case study model involving over a million attack scenarios will be presented and attendees shown how to identify the handful of scenarios they need to focus on.
Learning Objectives:
Recognize the value of formal models in building secure, resilient architectures. Understand that models allow defenders to anticipate the actions of attackers and prepare for attacks before they occur.
Learn the basic concepts of attack tree models and the overall process for creating them. Participants will be shown how to obtain value from basic, manually created models (built using pencil and paper). The advantages of using open source or commercial software will be discussed.
Understand how attack tree threat models without analyses may lead to an increase in confusion and uncertainty. Both simple and complex analytic techniques will demonstrate how a handful of critical attack paths can be identified from a model showing over a million possible attacks and how this reveals effective defensive strategies.
