Much of the research on security of industrial automation systems has focused on countermeasures such as intrusion detection, certificate management or public key infrastructures. Due to limited resources, countermeasures should be focused to prevent the attacks with highest potential for damage. The impact of an attack can only be determined through a detailed analysis of the interactions of the automation system and the physical system under control. Attacks against single components are similar to ordinary component failures, so our focus is on deliberate damage to several components, since such scenarios are not considered in reliability engineering methods used for industrial automation systems. A simulation based security impact assessment method is proposed, using genetic algorithms to explore the range of possible attacks.
Technology is increasingly being used by organisations to mediate social/business relationships and social/business transactions. While traditional models of impact assessment have focused on the loss of confidentiality, integrity and availability, we propose a new model based upon socio-technical systems thinking that places the people and the technology within an organisation’s business/functional context. Thus in performing risk management in a cyber security and safety context, a detailed picture of the impact that a security/safety incident can have on an organisation is developed. This in turn stimulates a more holistic view of the effectiveness, and appropriateness, of a counter measure.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.