Cyber-physical System Risk Assessment

Peng, Yong; Lu, Tianbo; Liu, Jingli; Gao, Yang; Guo, Xiaobo; Xie, Feng

doi:10.1109/iih-msp.2013.116

Cited by 40 publications

(27 citation statements)

References 5 publications

(5 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The authors of a previous paper Ref. [13], in their risk assessment process, identified some risks such as unsuspicious use of infected information media, giving away of sensitive information, and lack of awareness. Our work identified all these risks, including human errors, loss of power supply, unavailability of power supply, loss of revenue to the power grid, and breach of security goals.…”

Section: Comparison With Existing Study Resultsmentioning

confidence: 99%

An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System

2018

View full text Add to dashboard Cite

A cyber-physical system (CPS) is a combination of physical system components with cyber capabilities that have a very tight interconnectivity. CPS is a widely used technology in many applications, including electric power systems, communications, and transportation, and healthcare systems. These are critical national infrastructures. Cybersecurity attack is one of the major threats for a CPS because of many reasons, including complexity and interdependencies among various system components, integration of communication, computing, and control technology. Cybersecurity attacks may lead to various risks affecting the critical infrastructure business continuity, including degradation of production and performance, unavailability of critical services, and violation of the regulation. Managing cybersecurity risks is very important to protect CPS. However, risk management is challenging due to the inherent complex and evolving nature of the CPS system and recent attack trends. This paper presents an integrated cybersecurity risk management framework to assess and manage the risks in a proactive manner. Our work follows the existing risk management practice and standard and considers risks from the stakeholder model, cyber, and physical system components along with their dependencies. The approach enables identification of critical CPS assets and assesses the impact of vulnerabilities that affect the assets. It also presents a cybersecurity attack scenario that incorporates a cascading effect of threats and vulnerabilities to the assets. The attack model helps to determine the appropriate risk levels and their corresponding mitigation process. We present a power grid system to illustrate the applicability of our work. The result suggests that risk in a CPS of a critical infrastructure depends mainly on cyber-physical attack scenarios and the context of the organization. The involved risks in the studied context are both from the technical and nontechnical aspects of the CPS.

show abstract

Section: Comparison With Existing Study Resultsmentioning

confidence: 99%

An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System

2018

View full text Add to dashboard Cite

show abstract

“…51 Persistently, however, researchers agree on the Stuxnet worm attack to an Iranian nuclear facility in 2010 as the turning point on the physical safety risks exploited by cyber threats in the context of CPSs. 48,49,[52][53][54][55] The Stuxnet worm entered the system through a USB drive that an operator plugged to a Windows computer. Then, the worm propagated throughout the SCADA system infecting the PLCs connected to the network.…”

Section: Compatibility Of Cps Features In Security For Safety Casesmentioning

confidence: 99%

Conceptualizing the key features of cyber‐physical systems in a multi‐layered representation for safety and security analysis

Guzman

Wied

Kozine

et al. 2019

Systems Engineering

View full text Add to dashboard Cite

Many safety‐related systems are evolving into cyber‐physical systems (CPSs), integrating information technologies in their control architectures and modifying the interactions among automation and human operators. Particularly, a promising potential exists for enhanced efficiency and safety in applications such as autonomous transportation systems, control systems in critical infrastructures, smart manufacturing and process plants, robotics, and smart medical devices, among others. However, the modern features of CPSs are ambiguous for system designers and risk analysts, especially considering the role of humans and the interactions between safety and security. The sources of safety risks are not restricted to accidental failures and errors anymore. Indeed, cybersecurity attacks can now cascade into safety risks leading to physical harm to the system and its environment. These new challenges demand system engineers and risk analysts to understand the security vulnerabilities existing in CPS features and their dependencies with physical processes. Therefore, this paper (a) examines the key features of CPSs and their relation with other system types; (b) defines the dependencies between levels of automation and human roles in CPSs from a systems engineering perspective; and (c) applies systems thinking to describe a multi‐layered diagrammatic representation of CPSs for combined safety and security risk analysis, demonstrating an application in the maritime sector to analyze an autonomous surface vehicle.

show abstract

“…CPS is basically a control system with distributed networked, adapted and predictable, real-time, intelligent characteristics, where human-computer interaction may exist. It is widely used in critical national infrastructure, such as electric power, petroleum and chemical and so on [20]. Moreover, many urban transportation and railway systems around the world have deployed some form of communications-based automatic train control (e.g., [21], [22]).…”

Section: Chapter Five: a Comprehensive Framework To Achieve A High Comentioning

confidence: 99%

The Importance to Manage Data Protection in the Right Way: Problems and Solutions

Mokalled

Debertol

Meda

et al. 2017

Springer Proceedings in Mathematics &Amp; Statistics

View full text Add to dashboard Cite

Information and communication technology (ICT) has made remarkable impact on the society, especially on companies and organizations. The use of computers, databases, servers, and other technologies has made an evolution on the way of storing, processing, and transferring data. However, companies access and share their data on internet or intranet, thus there is a critical need to protect this data from destructive forces and from the unwanted actions of unauthorized users. This thesis groups a set of solutions proposed, from a company point of view, to reach the goal of "Managing data protection". The work presented in this thesis represents a set of security solutions, which focuses on the management of data protection taking into account both the organizational and technological side. The work achieved can be divided into set of goals that are obtained particularly from the needs of the research community. This thesis handles the issue of managing data protection in a systematic way, through proposing a Data protection management approach, aiming to protect the data from both the organizational and the technological side, which was inspired by the ISO 27001 requirements. An Information Security Management System (ISMS) is then presented implementing this approach, an ISMS consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security to achieve business objectives, The goal of ISMS is to minimize risk and ensure continuity by pro-actively limiting the impact of a security breach. To be well-prepared to the potential threats that could occur to an organization, it is important to adopt an ISMS that helps in managing the data protection process, and in saving time and effort, minimizes cost of any loss. After that, a comprehensive framework is designed for the security risk management of Cyber Physical Systems (CPSs), this framework represents the strategy used to manage the security risk management, and it falls inside the ISMS as a security strategy. Traditional IT risk assessment methods can do the job (security risk management for a CPS); however, and because of the characteristics of a CPS, it is more efficient to adopt a solution that is wider than a method that addresses the type, functionalities and complexity of a CPS. Therefore, there is a critical need to follow a solution that breaks the restriction to a traditional risk assessment method, and so a high-level framework is proposed, it encompasses wider set of procedures and gives a great attention to the cybersecurity of these systems, which consequently leads to the safety of the physical world. In addition, inside the ISMS, another part of the work takes place, suggesting the guidelines to select an applicable Security Incident and Event Management (SIEM) solution. It ...

show abstract

Cyber-physical System Risk Assessment

Cited by 40 publications

References 5 publications

An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System

An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System

Conceptualizing the key features of cyber‐physical systems in a multi‐layered representation for safety and security analysis

The Importance to Manage Data Protection in the Right Way: Problems and Solutions

Contact Info

Product

Resources

About