noah/CG_Example_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
CG_Example_Networks/Schrick-Noah_CG.tex
noah e83c3dcbdb Updates
2024-11-07 11:19:50 -06:00

284 lines
39 KiB
TeX
Raw Permalink Blame History

\documentclass[conference]{IEEEtran}
\RequirePackage{setspace}
\usepackage{graphicx} % Images
\graphicspath{ {./images/} }
\usepackage{float} % Table captions on top
\floatstyle{plaintop}
\restylefloat{table}
\usepackage{ifpdf} % Detect PDF or DVI mode
\usepackage{babel} % Bibliography
\usepackage{dsfont} % mathbb
\usepackage[utf8]{inputenc}
\usepackage{indentfirst}
\setlength{\parskip}{\baselineskip}
% Table of Contents/Figure Spacing
\usepackage[titles]{tocloft}
\cftsetindents{figure}{0em}{3.5em}
\cftsetindents{table}{0em}{3.5em}
\usepackage{dsfont} % mathbb
\usepackage{amsmath}
\usepackage{url}
\begin{document}
\title{
Generation of Compliance Graphs Across Industries for Providing an Analysis Testbed
}
\author{
\IEEEauthorblockN{Noah L. Schrick}
\IEEEauthorblockA{
\textit{Information Technology Laboratory} \\
\textit{U.S. Army Corps of Engineers} \\
\textit{Engineer Research and Development Center} \\
Vicksburg, MS, USA \\
Noah.L.Schrick@erdc.dren.mil
}
\and
\IEEEauthorblockN{Peter J. Hawrylak}
\IEEEauthorblockA{
\textit{Tandy School of Computer Science} \\
\textit{College of Engineering and Computer Science} \\
\textit{The University of Tulsa}\\
Tulsa, OK, USA \\
peter-hawrylak@utulsa.edu
}
}
\maketitle
\begin{abstract}
Compliance graphs provide the ability to analyze an environment in terms of its standing to a regulation, mandate, or standard. These graphs are directed acyclic graphs, and share commonalities with attack graphs. Though generator tools and example graph sets are available for attack graphs, the novelty of compliance graphs presents its own set of challenges with a lack of publicly available data that has been processed and formatted in order to generate example graphs. In order to develop analysis techniques for compliance graphs, thorough examination and testing processes should be conducted, particularly on known, available data sets in the form of compliance graphs or compliance graph input files. This work presents the generation of compliance graphs and releases their affiliated data for use in furthering the analysis process of this research area.
\end{abstract}
\begin{IEEEkeywords}
Compliance Graph; Attack Graph; Automotive Industry; Healthcare Industry; HIPAA; Oil and Gas Industry; OSHA 1910H;
\end{IEEEkeywords}
\section{Introduction}
Attack graphs are a common tool used to address and examine a system or set of systems under a cybersecurity lens \cite{AG-Analysis-Explan}. These graphs are directed acyclic graphs (DAGs) that present the paths from a state of information for an environment to any potential state of vulnerability. Compliance graphs \cite{j_hale_compliance_nodate} aim to shift the focus of attack graphs to focus on the standings of environments to any local, private, or federal regulations. Each node in a compliance graph can be embedded with information regarding maintenance schedules for industrial equipment, insurance policy terms, physical component characteristics, or any other descriptor for an asset as it relates to an environment's standing toward compliance. Each edge in the compliance graph defines the transition that leads to a deviation in a previous node's information. These changes could include a repair or replacement of a component, the addition or removal of an asset, or changes to policies. Work and investigations have already been conducted to present the semantic and generator tool changes required to generate these graphs \cite{noah_ths}. Though the generation of compliance graphs has been the primary focus of the research topic, there is an increasing need of analysis work to address the challenges of maintaining compliance. Governance, Risk, and Compliance (GRC) Officers assist groups or organizations with preventing or mitigating incurred costs as a result of a violation of a mandate. With the wide array of mandates that organizations may need to follow regarding health or personally identifiable information (PII), specific industry standards such as FinCEN \cite{fincen}, FDA QSR \cite{fdaqsr}, NERC-CIP \cite{nerccip}, internal standards, or equipment maintenance schedules to avoid voiding a warranty, it becomes increasingly difficult for GRC Officers to manage and track all mandate statuses. In addition, organizations rapidly and frequently bring changes into environments with new software, new equipment, new products, new contracts, or new processes. Each of these changes propagates additional change, all of which may affect the standing in regard to a compliance or regulation mandate. Rather than manual compliance checks, compliance graphs can be automatically generated, and analysis can be conducted on the resulting graph to aid in decision-making and visualization.
To determine the adaptivity and soundness of compliance graph analysis work, example networks across multiple, disconnected sectors are generated in this work for future analysis use. These sectors maintain their own different set of local, private, and federal regulations that must be adhered to in order to avoid penalties. For the generated examples, each additionally possesses unique characteristics and properties that allow for the examination of the depth and range of any compliance graph analysis techniques, especially under the consideration of edge cases or unexpected behaviors. To fully examine the accuracy and level of analysis output detail, this work strove to generate example cases that were accurately sourced, described fully, scalable, and of high fidelity. This work presents and describes the example networks that can be used and referenced for future compliance graph analysis works. Section \ref{sec:Automotive} describes the Automobile Maintenance application that falls under the automotive industry. Section \ref{sec:Healthcare} describes a small network of healthcare clinics striving to maintain HIPAA \cite{noauthor_health_1996} compliance through the lens of the healthcare industry. Section \ref{sec:OSHA} describes an engineering firm as they attempt to maintain compliance with OSHA Standard 1910 Subpart H (Hazardous Materials) \cite{OSHA} within the oil and gas industry of the energy sector. Each of these example networks has been made publicly available, and their data files can be found at \cite{data}.
For each example network in the subsequent Sections, their properties are described. These properties are defined below. Each compliance graph was generated using a modified version of RAGE \cite{RAGE}.
\begin{itemize}
\item{Nodes: The number of states in the network that contain embedded information.}
\item{Edges: The number of edges in the network that caused a change or deviation from a prior state.}
\item{Exploits: The number of events, mandates, regulations, or checks that are investigated.}
\item{Assets: The number of entities in the network or environment. Examples include devices, vessels, people, policies, etc.}
\item{Qualities: The total number of descriptors for all assets. Examples include versions, make or model, material, policy limits, etc.}
\item{Average Degree: The average number of new nodes that a node directs to.}
\end{itemize}
\section{Automotive} \label{sec:Automotive}
The automotive industry is a substantial sector in the United States, and is one of the largest automotive markets globally \cite{AutoInd}. This industry invests \$7.5 billion in innovative R\&D, supports over 500,000 direct jobs in the US alone, has a Foreign Direct Investment of over \$115 billion, and expands the US exports by over \$56 billion \cite{AutoInd}, \cite{AutoIndFS}, \cite{BEAFS}, \cite{BEATables}, \cite{BEATablesOutput}. This work includes a compliance graph within this sector as a means to showcase its application and utility for analyzing cost-savings and methodologies for following compliance mandates. Specifically, this work examines the Automotive Repair and Maintenance Service subsector of this industry. This subsector is globally applicable, and has a wide range of focal points and scale that include personal passenger vehicle maintenance and commercial vehicle servicing. This market has an estimated CAGR (Compounded Annual Growth Rate) of 10.2\%, and passenger car maintenance holds a market share of 35\% \cite{GMInsight}. Due to the size of this market share, its applicability, its ease-of-understanding in compliance graph format, and its ability to scale to larger, more complex challenges in the automotive industry, this work generates and analyzes an automobile maintenance compliance graph. This Section discusses the generation process, graph properties, unique features, and incurred challenges with this example application.
\subsection{Network Properties, Data, and Violation Specifications}
The automobile maintenance example is centered around the maintenance of a single, 2006 Toyota Corolla over the span of 6 years. For this example, the compliance requirements follow the provided warranty and maintenance specifications as provided by the vehicle manufacturer. This document is accessible through the manufacturer's website \cite{Corolla}. The maintenance schedule provides the recommended maintenance routine based on either mileage or time since last maintenance, depending on which condition is met sooner. Following the recommended maintenance schedule is imperative to comply with any vendor or purchaser warranty, as well as to ensure proper operating conditions of the vehicle. Compliance graph generator input files were created following the maintenance document, and the properties for the generated automotive maintenance compliance graph are listed below.
\begin{itemize}
\item{Number of Nodes: 66,945}
\item{Number of Edges: 468,221}
\item{Number of Exploits: 28}
\item{Number of Qualities: 93}
\item{Number of Assets: 1}
\item{Average Degree: 6.994}
\end{itemize}
Properties and assumptions of the Toyota Corolla are listed below.
\begin{itemize}
\item{The vehicle is brand new, with 0 miles.}
\item{It has a gas engine.}
\item{It is an automatic.}
\item{It includes a daytime running light system.}
\item{The owner will perform minimal maintenance every 6 months or 6000 miles:}
\begin{itemize}
\item{Oil and fuel filter change.}
\item{AC filter replacement.}
\item{Maintain proper tire pressure.}
\end{itemize}
\item{The owner will take the vehicle to a mechanic shop every 1 year and 6 months for the following inspections and repairs:}
\begin{itemize}
\item{Drive Belts}
\item{Battery}
\item{Spark Plugs}
\item{Brake Pedals}
\item{Brake Pads and Discs}
\item{Tires (Pressure, Alignment, Rotation)}
\item{Lights, Horn, Wipers, Windshield Washers}
\item{Refrigerant and Coolant}
\end{itemize}
\item{Additional components modeled in this compliance graph include:}
\begin{itemize}
\item{Fuel tank lines}
\item{Steering wheel, linkage, and gear box}
\item{Brake pipes and hoses}
\item{Drive shaft boots}
\item{Suspension ball joints}
\item{Front and rear suspensions}
\item{Fuel tank cap, lines, connections, and fuel vapor control valve}
\end{itemize}
\end{itemize}
For this example, there is a single asset used to represent the 2006 Toyota Corolla. All parts, maintenances, timelines, properties, or any other features or components were considered to be a ``quality" of the asset. By reducing the example graph to center around a single asset, state space explosion is able to be mitigated by preventing the deviation and permutation exploration of assets. Various exploit locks and flags were also implemented to prevent diverting, duplicated branches of simultaneous exploit triggers. This was implemented through the use of precondition guarding, and was necessary since exploits could be fired through either time or mileage, but should only be fired once. Additionally, the problem space was able to be reduced through the use of combined events. Rather than having exploits or events contain single quality changes, events could be grouped to update multiple qualities simultaneously. This was implemented through maintenance events, which acted as the single point of action for all inspections, repairs, maintenances, or any other event that would service the vehicle and return it to a state of compliance. To further prevent divergence, all pre-defined events were also described using locks and flags, so the event (e.g. a traffic citation for a broken brake light) would happen a single time at a specific point in the generation.
The data sourcing for the violation specifications and prior-knowledge network consisted of maintenance and repair estimates at large, as well as for individual components or malfunctions. This also included mileages per year, by month, and various other personal automobile transportation statistics. Sourcing was collected from government entities like the Department of Energy \cite{carDOE}, Department of Transportation \cite{carDOT}, and Federal Highway Administration \cite{carFWHA}, aggregated car performance, reliability, and safety reports from Consumer Reports \cite{carCR}, and insurance companies like AAA \cite{carAAA}, Farmers \cite{carFarmers}, and external reports \cite{carExt}. At the time of this release, the prior-knowledge network is undergoing additional formatting and feature work before its release. The prior-knowledge networks are intended to be added to the released dataset, and the initial work is described in this publication. The prior-knowledge network contained additional detail about each exploit in the network. For each exploit, the cost of occurrence was described. These costs were expressed as one-time monetary costs, recurring monetary costs and their rate of charge, and one-time time-commitment costs, recurring time-commitment costs and their rate of charge. For each exploit, possible mitigation schemes were described. Each exploit could have zero or many mitigation options. Each mitigation option described one-time monetary costs, recurring monetary costs and their rate of charge, and one-time time-commitment costs, recurring time-commitment costs and their rate of charge for preventing the exploit. For this example, most exploits had at least one mitigation that was represented as a maintenance or service event.
\subsection{Objectives and Goals of the Network}
The primary objective of this example is to highlight the usefulness of the analysis methods for small, individual scale problems. Though the analysis methods are intended to work at a large scale, showcasing the utility of the approaches at a daily, understandable, personal level can lead to a greater adoption. In addition, this example network has unique properties not seen in the other example networks. This network is isolated to a single asset to highlight how the analysis methods can function even when centered on only one object of interest. Budgetary constraints are allocated at a monthly rate, rather than through lump sums. Many individuals may be able to allocate a limited amount of their monthly income to repairs and maintenance, but may have a more difficult time paying for unexpected costs and repairs all at once. This example includes a large number of qualities in proportion to the number of assets, and bolsters how effective the analysis techniques are when given more information. This example showcases how repeated, consistent, small-scale investments in repair and maintenance pay off significantly over the lifespan of a vehicle in terms of avoided malfunctions, damages, or fines.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Healthcare} \label{sec:Healthcare}
The healthcare industry is another significant sector in the United States, and accounts for 17.3\% of the GDP \cite{CMS, WB, OECD, CDC}. National Health Expenditures (NHE) have grown to over \$4.5 trillion \cite{CMS, WB, OECD, CDC, BEAHC}, Medicare and Medicaid spending have grown to over \$944 billion and over \$805 billion, respectively \cite{CMS, CDC, BEAHCM}, R\&D spending has grown to over \$114 billion spread across biotechnology, nanotechnology, and software \cite{NCSES} (with \$83 billion in the pharmaceutical industry alone \cite{CBO}), and there are over 6,100 \cite{AHA} hospitals, 10,200 urgent care clinics \cite{DefHC}, and 938,000 active physicians \cite{AAMC}. This work includes a compliance graph within this sector as a means to showcase its application and utility for analyzing cost-savings and methodologies for following compliance mandates. This work examines compliance of the Health Insurance Portability and Accountability Act (HIPAA) \cite{noauthor_health_1996}. This is a broadly applicable federal act that mandates proper handling for the containment and dissemination of all healthcare information. HIPAA complaints have now exceeded 350,000, with 2,074 complaints being referred to the U.S. Department of Justice \cite{HHS}. A total dollar amount exceeding \$142 million has been collected as a result of noncompliance \cite{HHSDol}. The Office for Civil Rights of the U.S. Department of Health and Human Services have reported the following as the most common occurrences of noncompliance complaints \cite{HHSDol}:
\begin{itemize}
\item{``Impermissible uses and disclosures of protected health information."}
\item{``Lack of safeguards of protected health information."}
\item{``Lack of patient access to their protected health information."}
\item{``Lack of administrative safeguards of electronic protected health information."}
\item{``Use or disclosure of more than the minimum necessary protected health information."}
\end{itemize}
Due to the applicability of HIPAA to all healthcare related activities and processing, the quantity of noncompliance complaints, and the total monetary collection as a result of noncompliance, this work generates and analyzes a HIPAA compliance graph. This Section discusses the generation process, graph properties, unique features, and incurred challenges with this example application.
\subsection{Network Properties, Data, and Violation Specifications}
The HIPAA example is centered around a network of urgent care clinics and their compliance to HIPAA over the span of one year. For this example, the compliance requirements follow the provided guidelines as set by HIPAA. Since this is a federal regulation, specific guidelines and mandates are publicly accessible through the U.S. Department of Health and Human Services, as well as with summaries through the Center for Disease Control. HIPAA necessitates a range of requirements be met to ensure compliance, which include document control, training, reporting options, officers, physical and digital access control, and mandatory assessments. Compliance graph generator input files were created following the HIPAA guidelines, and the properties for the generated HIPAA compliance graph are listed below.
\begin{itemize}
\item{Number of Nodes: 62,217}
\item{Number of Edges: 400,917}
\item{Number of Exploits: 27}
\item{Number of Qualities: 62}
\item{Number of Assets: 5}
\item{Average Degree: 6.444}
\end{itemize}
Properties and assumptions of the urgent care clinics are listed below.
\begin{itemize}
\item{Each clinic has five employees.}
\item{The organization has an in-house IT staff (that is \textbf{not} modeled).}
\item{Each clinic will submit a HIPAA attestation letter.}
\item{HIPAA attestation letters are not sent simultaneously.}
\item{Each employee has a different renewal date for their trainings.}
\item{Employee trainings and requirements enforced by the organization include the following:}
\begin{itemize}
\item{HIPAA training.}
\item{Mobile and/or portable device regulation agreements.}
\item{Hardware inventories.}
\item{Security awareness.}
\end{itemize}
\item{There are three total, distinct HIPAA officers:}
\begin{itemize}
\item{HIPAA Compliance Officer}
\item{HIPAA Privacy Officer}
\item{HIPAA Security Officer}
\end{itemize}
\item{Audits and assessments include:}
\begin{itemize}
\item{Security risk assessment.}
\item{Privacy standing audit.}
\item{HIPAA audit.}
\item{Security standing audit.}
\item{Physical audit.}
\item{Device and asset audit.}
\end{itemize}
\item{Additional components modeled in this compliance graph include:}
\begin{itemize}
\item{An encrypted database.}
\item{Reporting processes.}
\item{A ``company" asset that is independent of the employee and database assets.}
\item{Certificate expirations.}
\end{itemize}
\end{itemize}
For this example, multiple assets are implemented to capture and model their relationships individually, as well as to other assets. These assets include employee assets, a database asset, and a company asset which is used to model the organization overall. Each asset had its own set of qualities, and their own quality for measuring the progression of time. In order to prevent unnecessary state space exploration on unfeasible states caused by a deviation in time progression, a synchronous firing feature \cite{10124989} in the generator tool was used. Various exploit locks and flags were also implemented to prevent diverting, duplicated branches of simultaneous exploit triggers. This was implemented through the use of precondition guarding, and was necessary since exploits could be fired through multiple conditions, but should only be fired once. Additionally, the problem space was able to be reduced through the use of combined events. Rather than having exploits or events contain single quality changes, events could be grouped to update multiple qualities simultaneously. This was implemented through audit, assessment, or time-based events, which acted as a single point of action for all assessments, audits, services, or any other event that would correct any violation and return the organization to a state of compliance. To further prevent divergence, all pre-defined events were also described using locks and flags, so the event (e.g. an addition to or the removal of the number of employees) would happen a single time at a specific point in the generation.
The data sourcing for the violation specifications and prior-knowledge network consisted of imposed civil monetary penalties for noncompliance, time closures for noncompliance, and implementation or mitigation costs to prevent a compliance violation. At the time of this release, the prior-knowledge network is undergoing additional formatting and feature work before its release. The prior-knowledge networks are intended to be added to the released dataset, and the initial work is described in this publication. The penalty structure as set by the Office for Civil Rights (OCR) consists of four tiers. Tier 1 is defined as a lack of knowledge of the violation, Tier 2 is for having reasonable cause for possessing knowledge of the violation, Tier 3 is for willful neglect, and Tier 4 is for willful neglect and a lack of correction within 30 days. Each tier has an associated minimum and maximum, with annual caps. These violations are stipulated by the Office of Management and Budget (OMB). In addition, the U.S. Department of Health and Human Services publishes a yearly summary of all OCR HIPAA settlements and judgments \cite{HHSPen}. Reports to Congress \cite{HHSCong}, audits \cite{HHSAud}, and case examples \cite{HHSCE} are also published. The prior-knowledge network was constructed around all publicly available sources, and contained additional detail about each exploit in the network. For each exploit, the cost of occurrence was described. These costs were expressed as one-time monetary costs, recurring monetary costs and their rate of charge, and one-time time-commitment costs, recurring time-commitment costs and their rate of charge. For each exploit, possible mitigation schemes were described. Each exploit could have zero or many mitigation options. Each mitigation option described one-time monetary costs, recurring monetary costs and their rate of charge, and one-time time-commitment costs, recurring time-commitment costs and their rate of charge for preventing the exploit. For this example, most exploits had two mitigations. This will be described further in Section \ref{sec:hipaa-obj}.
\subsection{Objectives and Goals of the Network} \label{sec:hipaa-obj}
The primary objective of this example is to highlight the usefulness of the analysis methods for broadly applicable regulations. Though the input for this specific example was a network of urgent care clinics, the methods, procedure, and output would be largely similar to an input of a pharmacy, hospital, or biotechnology company. In addition, this example network has unique properties not seen in the other example networks. This network includes the addition and removal of employees, and attempts to mimic the behaviors of individuals. Though no claims of human behavior modeling is claimed, this work statically made events that were executed during the generation process as a way to represent human error (such as failing to complete a mandatory training). For the analysis of this work, this example showcases how a company could invest more time, rather than money, to maintain compliance. Most mitigatable exploits include at least two mitigations: one for contracting a correction, and one for utilizing the in-house staff. The contracting option requires minimal time cost, but has a greater monetary cost. The in-house implementation requires minimal monetary cost, but a greater time cost. This allows for the analysis to offer more robust correction schemes that can utilize both the monetary and time budgets to minimize and correct compliance violations.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Oil and Gas} \label{sec:OSHA}
The oil and gas industry contributes roughly 8\% of the U.S. GDP, totaling to nearly \$1.7 trillion \cite{Census}. This industry supports over 10 million jobs \cite{Census, EnergyGov}, invests over \$30 billion in R\&D spending \cite{IEA}, and 72\% of companies had positive free cash flow in the last year, with 86\% reporting positive upstream earning \cite{EIA}. This work includes a compliance graph within this sector as a means to showcase its application and utility for analyzing cost-savings and methodologies for following compliance mandates. This subsector is globally applicable, and has a wide range of focal points and scale that include upstream, midstream, and downstream related services and processes. Specifically, this work examines the processing, transportation, and storage of oil and gas related products, byproducts, and intermediates as they relate to Occupational Safety and Health Administration (OSHA) regulations, and in particular, Standard 1910, Subpart H - Hazardous Materials \cite{OSHA}. In past years, the top 10 OSHA standard citations were from Standard 1910 \cite{oshonline}. From 2022 to 2023, specifically for Standard 1910 Subpart H, there were a total of 996 citations, 589 investigations, and a total imposed civil monetary fines of \$4,995,005 across relevant North American Industry Classification System (NAICS) sectors \cite{OSHAHist}. Due to the applicability of OSHA Standard 1910 Subpart H to all Hazardous Material related activities of the oil and gas industry and relevant subsectors, the quantity of noncompliance complaints, and the total monetary collection as a result of noncompliance, this work generates and analyzes an OSHA 1910H compliance graph. This Section discusses the generation process, graph properties, unique features, and incurred challenges with this example application.
\subsection{Network Properties, Data, and Violation Specifications}
The OSHA 1910H example is centered an oil and gas company that processes, transports, and stores oil and gas related products, byproducts, and intermediates. This example models and analyzes their compliance standings to OSHA Standard 1910 Subpart H - Hazardous Materials over the course of 8 years. Since this is a federal regulation, specific guidelines and mandates are publicly accessible through the Occupational Safety and Health Administration. OSHA Standard 1910 Subpart H necessitates a range of requirements be met to ensure compliance, which include requirements for specific hazardous materials such as compressed gases, acetylene, flammable liquids, chemicals, and waste, among others. Compliance graph generator input files were created following the OSHA guidelines, and the properties for the generated OSHA compliance graph are listed below.
\begin{itemize}
\item{Number of Nodes: 48,369}
\item{Number of Edges: 408,330}
\item{Number of Exploits: 32}
\item{Number of Qualities: 109}
\item{Number of Assets: 3}
\item{Average Degree: 8.442}
\end{itemize}
Properties and assumptions of the oil and gas company are listed below.
\begin{itemize}
\item{The company has separate divisions for transportation, storage, and processing.}
\item{The organization has an in-house Safety staff (that is \textbf{not} modeled).}
\item{The company has an in-house fabrication/machining/manufacturing shop.}
\item{The company has ownership of the vehicle transportation fleet.}
\item{In addition to any imposed fines, failures or malfunctions can and/or will cause additional damages, such as:}
\begin{itemize}
\item{Leakage or spillage.}
\item{Gaseous emissions.}
\item{Contamination.}
\item{Physical damage to company and/or non-company assets.}
\item{Burst pipes.}
\item{Schedule delays.}
\item{Violations in contracts.}
\end{itemize}
\item{As part of, and in addition to, upholding OSHA 1910 Subpart H requirements, examples of other compliance standards include:}
\begin{itemize}
\item{ASTM A 53/A 53M-06a into § 173.5b}
\item{CGA Pamphlet G-2.2 into § 173.315}
\item{Dwg. 106-6 into § 178.337-8}
\item{ASTM A 20/A 20M-93a into §§ 178.337-2; 179.102-4; 179.102-1; 179.102-17}
\item{ASTM A 302/A 302M-93 into § 179.100-7; 179.200-7; 179.220-7}
\item{Among others.}
\end{itemize}
\item{Inspections include specific testing, such as:}
\begin{itemize}
\item{Plastic Film Impact Resistance Testing.}
\item{Chlorine Flow Valve Removable Baskets.}
\item{Water in Anhydrous Ammonia.}
\item{Anhydrous Ammonia Hose pressure and burst pressures.}
\end{itemize}
\item{Additional components modeled in this compliance graph include:}
\begin{itemize}
\item{Ventiliation and exhaust systems.}
\item{Coatings, castings, and materials.}
\item{Transportation staff.}
\item{Bleeder valves, backflow check valves, and bin discharge gates.}
\end{itemize}
\end{itemize}
For this example, multiple assets are implemented to capture and model their relationships individually, as well as to other assets. These assets include transportation, ventilation, and vessel assets. Each asset had its own set of qualities, and their own quality for measuring the progression of time. In order to prevent unnecessary state space exploration on unfeasible states caused by a deviation in time progression, a synchronous firing feature \cite{10124989} in the generator tool was used. Various exploit locks and flags were also implemented to prevent diverting, duplicated branches of simultaneous exploit triggers. This was implemented through the use of precondition guarding, and was necessary since exploits could be fired through multiple conditions, but should only be fired once. Additionally, the problem space was able to be reduced through the use of combined events. Rather than having exploits or events contain single quality changes, events could be grouped to update multiple qualities simultaneously. This was implemented through inspection, assessment, or time-based events, which acted as a single point of action for all assessments, inspections, repairs, services, or any other event that would correct any violation and return the organization to a state of compliance. To further prevent divergence, all pre-defined events were also described using locks and flags, so the event (e.g. challenges with design scope, or improperly fabricated parts) would happen a single time at a specific point in the generation.
The data sourcing for the violation specifications and prior-knowledge network consisted of imposed civil monetary penalties for noncompliance, time closures for noncompliance, and implementation or mitigation costs to prevent a compliance violation. At the time of this release, the prior-knowledge network is undergoing additional formatting and feature work before its release. The prior-knowledge networks are intended to be added to the released dataset, and the initial work is described in this publication. The penalty structure as set by the Occupational Safety and Health Administration is defined as per Standard 1903.15 - Inspections, Citations, and Proposed Penalties \cite{OSHAPen}. These penalties are categorized by type of violation, which include willful violations, repeated violations, serious violations, other-than-serious violations, and posting requirement violation. Each of these categories has a defined maximum penalty, with some categories having minimum requirements, and with some categories including units of time (e.g. monetary penalties per day). The prior-knowledge network was constructed around all publicly available sources, and contained additional detail about each exploit in the network. Damages, as relevant, were estimated in terms of costs of repairs, repeated fabrications, or other fines as necessary. No estimations were made regarding environmental damage, damages to animal or wildlife populations, or any other type of damages. For each exploit, the cost of occurrence was described. These costs were expressed as one-time monetary costs, recurring monetary costs and their rate of charge, and one-time time-commitment costs, recurring time-commitment costs and their rate of charge. For each exploit, possible mitigation schemes were described. Each exploit could have zero or many mitigation options. Each mitigation option described one-time monetary costs, recurring monetary costs and their rate of charge, and one-time time-commitment costs, recurring time-commitment costs and their rate of charge for preventing the exploit. For this example, most exploits had two mitigations. This will be described further in Section \ref{sec:osha-obj}.
\subsection{Objectives and Goals of the Network} \label{sec:osha-obj}
The primary objective of this example is to highlight the usefulness of the analysis methods for preventing or mitigating larger, more catastrophic events or penalties. Many events or exploits would lead to further, repeated or increased damages. This example highlights the effectiveness of how investing in better policies, procedures, materials, and quality of components has substantial cost-saving benefits over time. This example network has unique properties not seen in the other example networks. This network includes cascading or repeated costs. If one (or multiple) components fall into a state of noncompliance, the resulting fines and damage costs increase. For the analysis of this work, this example showcases how a company could invest earlier on in a company project to maintain compliance and avoid cascading costs. This example also includes the ability to invest more time, rather than monetary investments. Most mitigatable exploits include at least two mitigations: one for including longer timeframes for inspections, testing, and quality control, and another for investing in better quality material, machinery, and staff investment. The latter option requires minimal time cost, but has a greater monetary cost. The former requires minimal monetary cost, but a greater time cost. This allows for the analysis to offer more robust correction schemes that can utilize both the monetary and time budgets to minimize and correct compliance violations.
\section{Future Works}
Due to the novelty of compliance graphs, there are multiple avenues available for future research investigations. This work provided the compliance graph input and output files for the RAGE Attack Graph Engine. Future works could include the output compliance graphs when using these input files for alternative generator tools. The output compliance graphs could undergo a comparison to identify or uncover information that could assist in future analysis works. The compliance graph analysis space would also benefit both from a broader range of compliance graphs, and compliance graphs with finer detail. Though this work implemented a compliance graph for OSHA 1910H, the various standards and guidelines that fit under this regulation (such as various ASTM standards) possess more detail and information than was incorporated in this example. Including full, in-depth input files that describe all details of a regulation would provide researchers the tools to conduct a thorough investigation into compliance graph analysis.
Future works are likely to include additional input files that describe potential mitigation or solution opportunities for known states of noncompliance. These input files would not be included as part of the generation process, but could be used to further describe the known nodes and edges of a given compliance graph. These files could indicate transitional probabilities or weights of edges, the fines or penalties when states of noncompliance are identified, or the costs of repair or replacement of components.
\section{Conclusion}
This work presented the generation process of three distinct compliance graphs across three unique industries. The generation of each of these example graphs was described in each respective Section along with the data sourcing techniques. The output files of these graphs have been publicly released, along with their input data files. This work aims to provide a starting foundation for compliance graph analysis through example cases that can be explored and improved upon. The automobile maintenance network provides a compliance graph that describes the state of a personal vehicle over a period of time as it relates to the recommended maintenance schedule provided by the vehicle manufacturer. The healthcare network provides a compliance graph that describes the state of an urgent care clinic as it strives to maintain compliance to HIPAA. The oil and gas network provides a compliance graph that describes the state of an oil and gas company as it transports, stores, and processes hazardous material and works to maintain compliance to OSHA 1910H. Each of these example networks contains unique properties that highlights edge cases and insightful information about each industry and various compliance and noncompliance information.
\addcontentsline{toc}{section}{Bibliography}
\bibliography{Bibliography}
\bibliographystyle{ieeetr}
\end{document}
Reference in New Issue View Git Blame Copy Permalink