Cyber-physical attack graphs (CPAGs): Composable and scalable attack graphs for cyber-physical systems

Attack graphs are a fundamental security tool focused on depicting how multi-stage attacks can be carried out through a network to compromise specific assets and systems. While attack graphs have been widely utilised in the IT cyber domain, their use in Operational Technology (OT) environments requires new approaches able to properly model and analyse Cyber-Physical Systems (CPS). In this paper, we introduce Cyber-Physical Attack Graphs (CPAGs) as a class of attack graphs able to cover both cyber and physical aspects. CPAGs aim at extending the reach of standard attack graphs to cyber-physical networks typically observed in industrial environments and critical infrastructure systems, analyse how an attacker can move within the network, and understand the impact that these actions may have on the system. We propose a constructive methodology to design CPAGs backed up by a formal rule-based approach that specifies how integral parts of the model can be generated and later composed to build more complex CPAGs. We then explore the semantics of CPAGs associated to cyber and physical attack actions as well as their impact on CPS environments. We also discuss potential CPAG-based analysis techniques and focus on risk analysis using Bayesian CPAGs. Finally, we show the application of the proposed model over a realistic scenario on smart farming using our open source tool T-CITY.