2018
DOI: 10.1177/1748006x18765885
|View full text |Cite
|
Sign up to set email alerts
|

A new safety and security risk analysis framework for industrial control systems

Abstract: The migration of modern Industrial Control Systems (ICS) towards information and communication technologies exposes them to cyber-attacks that can alter the way they function, thereby causing adverse consequences on the system and its environment. It has consequently become crucial to consider security risks in traditional safety risk analyses for industrial systems controlled by modern ICS. We propose in this paper a new framework for safety and security joint risk analysis for industrial control systems. S-c… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1

Citation Types

0
4
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
4
3

Relationship

0
7

Authors

Journals

citations
Cited by 8 publications
(4 citation statements)
references
References 24 publications
0
4
0
Order By: Relevance
“…In her doctoral thesis, Kriaa (2016) described the SCADA safety and security joint modelling method (S-cube). Building on previous work using a Boolean logic Driven Markov Processes (BDMP) formalism in industrial security scenarios (Kriaa et al, 2012), the S-cube method includes a taxonomy of attack vectors and a knowledge base of failure/ attack steps and propagations (Kriaa et al, 2019). This knowledge base in S-cube addresses the dependency on expert knowledge mentioned for STPA-Sec and CHASSIS.…”
Section: Existing Methods For Integrated Safety and Security Analysis...mentioning
confidence: 99%
See 1 more Smart Citation
“…In her doctoral thesis, Kriaa (2016) described the SCADA safety and security joint modelling method (S-cube). Building on previous work using a Boolean logic Driven Markov Processes (BDMP) formalism in industrial security scenarios (Kriaa et al, 2012), the S-cube method includes a taxonomy of attack vectors and a knowledge base of failure/ attack steps and propagations (Kriaa et al, 2019). This knowledge base in S-cube addresses the dependency on expert knowledge mentioned for STPA-Sec and CHASSIS.…”
Section: Existing Methods For Integrated Safety and Security Analysis...mentioning
confidence: 99%
“…Furthermore, S-cube offers a better scalability of the analysis that adapts to different levels of abstraction of the system (Kriaa et al, 2013). However, S-cube decouples the information flows in the digital control system from the analysis of energies controlled in the physical plant (Kriaa et al, 2019). This decoupling, aimed at keeping the analysis scope into the domain of the digital control system, may be a critical weakness to identify new and unknown risks that have important safety repercussions in the physical domain of the system.…”
Section: Existing Methods For Integrated Safety and Security Analysis...mentioning
confidence: 99%
“…For instance, cyber attacks against IoT systems can cause negative consequences in the physical world and, thus, compromise the safety of the user and the environment. In this regard, several studies have attested that, despite the differences and dichotomies between the safety and security properties, they still share several commonalities, interdependence, and relationships, which make them closely intertwined for a viable analysis of many systems, including the IoT [18][19][20]23,[58][59][60].…”
Section: Relationship Between Iot Safety and Security Analysismentioning
confidence: 99%
“…Emergencies arise due to causes such as explosions in a processing plant, accidents in storage facilities, during transportation, or due to technological failures, inappropriate or inadequate plant safety design, arson, malicious acts, human error, and natural calamities. Therefore, it is essential to investigate petroleum refineries' worst possible safety hazards, evaluate their impact on people, property, plants, and society, and devise risk-control strategies [15].…”
Section: Introductionmentioning
confidence: 99%