<p>Cyber-Physical Power Systems (CPPS) increasingly inherit cybersecurity vulnerabilities from industrial control components, yet practitioners lack a CPPS-focused dataset and a consistent way to prioritize remediation beyond generic severity scores. This paper presents a cohesive methodology for collecting, enriching, and modeling CPPS-related CVEs to predict their risk and prioritize remediation. We aggregate over 4,030 ICS-relevant CVEs from public sources (2020–2025) and enrich each with CVSS severity, exploitation data (CISA Known Exploited Vulnerabilities, Exploit Prediction Scoring System), and OT/ICS contextual attributes. Based on the dataset, we develop the two-stage learning framework that achieves the following two goals: (i) the provision of a risk score specific to the CPPS and the indication of the priority of the vulnerabilities, and (ii) an estimated likelihood of exploitation, combining structured indicators with features derived from CVE text. These rankings make triage possible by identifying a set of high priority vulnerabilities while reducing the priority of many others, allowing identification of CPPS components with high-risk issues not accounted for by KEV. The analysis of proposed method is shown to yield more informative prioritization than the severity-only baselines by distinguishing between operationally urgent and non-urgent vulnerabilities. The produced risk levels are intended to be interpretable and deployable, serving as a practical decision support tool for CPPS vulnerability management with the understanding that the true label is uncertain.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Integrated risk scoring and exploit prediction for cyber-physical power system vulnerabilities

  • Firdous Kausar,
  • Lisette Batiste,
  • Asmah Muallem,
  • Sajid Hussain

摘要

Cyber-Physical Power Systems (CPPS) increasingly inherit cybersecurity vulnerabilities from industrial control components, yet practitioners lack a CPPS-focused dataset and a consistent way to prioritize remediation beyond generic severity scores. This paper presents a cohesive methodology for collecting, enriching, and modeling CPPS-related CVEs to predict their risk and prioritize remediation. We aggregate over 4,030 ICS-relevant CVEs from public sources (2020–2025) and enrich each with CVSS severity, exploitation data (CISA Known Exploited Vulnerabilities, Exploit Prediction Scoring System), and OT/ICS contextual attributes. Based on the dataset, we develop the two-stage learning framework that achieves the following two goals: (i) the provision of a risk score specific to the CPPS and the indication of the priority of the vulnerabilities, and (ii) an estimated likelihood of exploitation, combining structured indicators with features derived from CVE text. These rankings make triage possible by identifying a set of high priority vulnerabilities while reducing the priority of many others, allowing identification of CPPS components with high-risk issues not accounted for by KEV. The analysis of proposed method is shown to yield more informative prioritization than the severity-only baselines by distinguishing between operationally urgent and non-urgent vulnerabilities. The produced risk levels are intended to be interpretable and deployable, serving as a practical decision support tool for CPPS vulnerability management with the understanding that the true label is uncertain.