To cite this version:H Abdo, M. Kaouk, J-M. Flaus, F. Masse. A safety/security risk analysis approach of industrial control systems: a cyber bowtie -combining new version of attack tree with bowtie analysis. Computers Security, 2017, 72, pp.175-195 AbstractThe introduction of connected systems and digital technology in process industries creates new cyber-security vulnerabilities that can be exploited by sophisticated threats and lead to undesirable safety accidents. Thus, identifying these vulnerabilities during risk analysis becomes an important part for effective industrial risk evaluation. However, nowadays, safety and securityare analyzed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial risk analysis is proposed. This approach combines bowtie analysis, commonly used for safety analysis, with a new extended version of attack tree analysis, introduced for security analysis of industrial control systems. The combined use of bowtie and attack tree provides an exhaustive representation of risk scenarios in terms of safety and security. We then propose an approach for evaluating the risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a risk scenario in a chemical facility.Keywords: Risk analysis, safety, cyber-security, bowtie analysis, Attack-Tree analysis, SCADA. INTRODUCTIONAnalyzing risks of industrial and complex systems such as those found in nuclear plants, chemical factories, etc., is of crucial importance given the hazards linked to these systems (explosion, dispersion, etc.) (Abdo and Flaus, 2016b). Quantifying and analyzing these major risks contributes to better decision making and ensures that risks are managed according to defined acceptance criteria (Arunraj and Maiti, 2007).Industrial safety risk analysis aims to evaluate undesirable risk scenarios that can lead to major accidents that affect human and the environment. Traditionally, a systematic risk analysis process is made up of three steps: (i) identification of risk scenarios, (ii) likelihood analysis, (iii) effect analysis (Purdy, 2010). Based on these steps, a level of risk will be given to each scenario to see if it is acceptable or not. If not, safety measures should be added to reduce the level of risk to an acceptable level by diminishing the likelihood or the effects. This work considers the first two steps. Identifying a risk scenario aims to explore how an undesirable hazard can be developed starting from causes and ending with the consequences. Likelihood analysis aims to estimate the likelihood of occurrence of risk scenarios. This estimate can be qualitative or quantitative depending on the available data.Traditional industries were based on mechanical devices and closed systems (Kriaa et al., 2015). Only safety related risks generated from accidental com...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.