Cybersecurity deals with the protection of the system from being digitally attacked. Ansys medini analyze provides a dedicated feature set for Cybersecurity Analysis to identify damages or losses related to a system and to define requirements and actions for prevention, detection or mitigation. Losses are addressing a much broader scope than only safety: they can be loss of availability, privacy, data, financial or reputation.
A number of standards exist for cyber physical system in various industries for which our tool provides a consistent set of analysis concepts. The main concepts are the following:
Assets: anything that has value to the system's stakeholders. Assets can be material (e.g. hardware) or immaterial (e.g. data), but must be expressed using a model. More precisely, SysML model elements can be tagged as assets for further analysis and their link to a stakeholder can be expressed.
Threats: threats express anything that has the potential to cause a loss and that is relevant to stakeholders of the system. Threat is a first-class concept in the tool that is linked to assets. Threats are identified and assessed by means of a Threat Analysis and Risk Assessment (TARA).
Vulnerabilities: weaknesses of system elements that can be exploited (leading to threats). Vulnerabilities can by modelled at all system design elements and they can be used in threat analyses and attack trees.
Attacks: attempted action of an attacker that has the potential to lead to a threat. Attacks are typically assessed by means of potential attack paths (or "threat scenarios") and feasibility (or "likelihood"). Attacks are managed in collections and can be used as events in an Attack Tree or directly as causes for vulnerabilities, threats, or even failures.
Currently, the tool provides three main cybersecurity analyses in which these concepts are used, namely the Threat Identification, Threat Analysis and Risk Assessment (TARA), and Attack Trees. More details of these techniques are described in a separate help document for Cybersecurity Analysis in Ansys medini analyze.