A METHOD FOR CALCULATING THE GENERAL RESOURCE PATH OF DESTRUCTIVE CYBERATTACKS ON INDUSTRIAL OBJECTS OF CRITICAL INFRASTRUCTURE
DOI:
https://doi.org/10.28925/2663-4023.2025.31.1064Keywords:
cybersecurity, technological system, simulation-analytical modeling, PERT analysis, Colored Petri NetsAbstract
For the purpose of effective cybersecurity prioritization under limited human, time, and financial resources at industrial critical infrastructure facilities, this study proposes the application of a symbiosis between the mathematical apparatus of simulation-analytical structural modeling using Colored Petri Nets and the assessment of adversary resource expenditures under uncertainty based on PERT analysis. This combination enables a formalized description of various cyberattack vectors and tactics, modeling the propagation trajectories of specialized technological Trojan malware, as well as quantitative calculation of the resource component required to implement each attack scenario against a technological system.
The proposed method can be practically applied in the process of cyber-threat modeling, as it makes it possible to present their resource indicators in a format convenient for analytical evaluation. This creates a foundation for informed decision-making on cybersecurity measures by both managerial and operational levels of cybersecurity units. The approach allows calculating the necessary resource expenditures both from the adversary’s perspective and that of the defensive side when planning effective countermeasures, as well as identifying the most vulnerable segments of the technological system that require priority attention.
For practical implementation of the method, cybersecurity specialists must assess the full spectrum of relevant cyberattack vectors and tactics and subsequently compute their overall resource pathway. The resulting quantitative indicators are used for further ranking of cyber threats and assigning them to short-term, medium-term, or long-term cybersecurity priorities. This ensures a rational allocation of available resources, increases the adaptability of the cybersecurity system, and supports timely implementation of countermeasures against the most resource-efficient and potentially dangerous tactics capable of enabling destructive cyber-impact.
Downloads
References
Krotofil, M., Kursawe, K., & Gollmann, D. (2019). Securing industrial control systems. In Security and privacy trends in the industrial Internet of Things (pp. 3–27). Springer. https://doi.org/10.1007/978-3-030-12330-7_1
Dunn, D. G., & Cosman, E. (2024). Cybersecurity fundamentals are not just for industrial control systems: Guidance and direction are available. IEEE.
Davidrajuh, R. (2022). Colored Petri nets for modeling of discrete systems. Springer Nature.
Jensen, K., & Kristensen, L. M. (2009). Coloured Petri nets: Modelling and validation of concurrent systems (pp. 1–56). Springer.
Afenu, D. S., Asiri, M., & Saxena, N. (2024). Industrial control systems security validation based on the MITRE adversarial tactics, techniques, and common knowledge framework. Electronics, 13(5), Article 917. https://doi.org/10.3390/electronics13050917
Bergantiños, G., & Vidal-Puga, J. (2009). A value for PERT problems. International Journal of Information Technology & Decision Making. https://doi.org/10.1142/S0219198909002418
Savchenko, V. A., & Khaver, A. V. (2025). Assessing the impact of artificial intelligence–based software tools on resource efficiency in conducting destructive cyber operations against critical infrastructure facilities. Modern Information Protection, 3(63).
Mandiant. (2023, March 20). Move, patch, get out the way: 2022 zero-day exploitation continues at an elevated pace. https://cloud.google.com/blog/topics/threat-intelligence/zero-days-exploited-2022/
El Amin, H., Samhat, A. E., Chamoun, M., Oueidat, L., & Feghali, A. (2024). An integrated approach to cyber risk management with a cyber threat intelligence framework to secure critical infrastructure. Journal of Cybersecurity and Privacy, 4(2), Article 18. https://doi.org/10.3390/jcp4020018
Paté-Cornell, M.-E. L., Kuypers, M., Smith, M., & Keller, P. (2020). Cyber risk management for critical infrastructure: A risk analysis model and three case studies. Risk Analysis, 38(2). https://doi.org/10.1111/risa.12844
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Анюта Хавер
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
