Analysis of Affordance, Time, and Adaptation in the Assessment of Industrial Control System Cybersecurity Risk

Busby, J S; Green, Ben; Hutchison, David

doi:10.1111/risa.12681

Cited by 23 publications

(8 citation statements)

References 80 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Where we see "understanding the system" to be a key phase within the overall assessment process, it also presents a challenge to assessors. This is a salient point to which we experienced a similar reaction during some of our previous work [3,15]. Also, we see from the broader literature that this phase receives little attention from within the academic community [6].…”

Section: Discussionsupporting

confidence: 59%

“…While there are a number of established approaches to the assessment of risk, particularly within the standards community [2], it can be seen that their application to ICSs poses a challenge. Therefore, the development of tailored ICS specific approaches have been witnessed across both academic [3] and industry contexts [17]. Our previous work summarised a handful of approaches within existing industry standards and guidelines (S&G) [13], with the work of [20] and [6] providing more comprehensive discussions.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

"How Long is a Piece of String":

Green

Prince

Busby

et al. 2017

Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy

View full text Add to dashboard Cite

The numbers and severity of global cyber security attacks on Industrial Control Systems have increased over recent years. However, there are also significant efforts to improve defensive capabilities. While comprehensive reviews of risk assessment efforts exist, little detail is currently available on how they are being applied by security practitioners. This paper provides a summary of the approaches adopted by security practitioners, outlining key phases applied to risk assessment, application of existing predefined methodologies, and challenges faced throughout the overall process.

show abstract

Section: Discussionsupporting

confidence: 59%

Section: Introductionmentioning

confidence: 99%

"How Long is a Piece of String":

Green

Prince

Busby

et al. 2017

Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy

View full text Add to dashboard Cite

show abstract

“…At the extreme end of the spatial considerations, non-geographically bound systems (such as the internet) require minimal logistical capabilities, yet may require HRSC intervention due to the interconnectivity of critical infrastructure with the internet (Umberger and Gheorghe, 2011). Cyber-attacks can cripple infrastructure across non-geographically bound space (Paté-Cornell et al, 2017), particularly when such systems are connected to public assets (Busby et al, 2017). As such, HRSCs tasked with delivering aid to spatially dispersed communities will have vastly different design considerations to their counterparts servicing settings with higher population concentrations.…”

Section: Spatial Considerationsmentioning

confidence: 99%

A disaster typology towards informing humanitarian relief supply chain design

Mackay

Muñoz

Pepper

2019

JHLSCM

View full text Add to dashboard Cite

Purpose The purpose of this paper is to construct a typology of a disaster that informs humanitarian-relief supply chain (HRSC) design across the stages of disaster relief. Design/methodology/approach In addition to an interdisciplinary review of pertinent literature, this paper utilises a typology construction method to propose theoretically and methodologically sound dimensions of disasters. Findings Whilst semantic arguments surrounding the concept of a “disaster” are ongoing, the authors propose three typologies based upon six dimensions that serve as interdependent variables informing resultant HRSC design considerations. These are speed of onset, time horizon, spatial considerations, affected population needs, perceived probability of occurrence and perceived magnitude of consequence. These combinational and independent relationships of the variables offer insight into key HRSC design-making considerations. Research limitations/implications The study improves conceptual knowledge of disasters, distilling the concept to only the dimensions applicable to HRSC design, omitting other applications. The typologies provide empirical cell types based on extant literature, but do not apply the models towards new or future phenomena. Practical implications This paper provides HRSC practitioners with normative guidance through a more targeted approach to disaster relief, with a focus on the impacted system and resulting interactions’ correspondence to HRSC design. Originality/value This paper provides three typological models of disasters uniquely constructed for HRSC design across the various stages of disaster relief.

show abstract

“…In the context of military combat modeling, the effects of military deceit and of gaining insights into aggregating longer chains of military events were modeled (Roponen & Salo, ). Recently, Busby, Green, and Hutchison () analyzed the effects of cyber attacks on industrial control systems.…”

Section: Introductionmentioning

confidence: 99%

Adversarial Risk Analysis to Allocate Optimal Defense Resources for Protecting Cyber–Physical Systems from Cyber Attacks

2019

View full text Add to dashboard Cite

Defenders have to enforce defense strategies by taking decisions on allocation of resources to protect the integrity and survivability of cyber-physical systems (CPSs) from intentional and malicious cyber attacks. In this work, we propose an adversarial risk analysis approach to provide a novel one-sided prescriptive support strategy for the defender to optimize the defensive resource allocation, based on a subjective expected utility model, in which the decisions of the adversaries are uncertain. This increases confidence in cyber security through robustness of CPS protection actions against uncertain malicious threats compared with prescriptions provided by a classical defend-attack game-theoretical approach. We present the approach and the results of its application to a nuclear CPS, specifically the digital instrumentation and control system of the advanced lead-cooled fast reactor European demonstrator.

show abstract

Analysis of Affordance, Time, and Adaptation in the Assessment of Industrial Control System Cybersecurity Risk

Cited by 23 publications

References 80 publications

"How Long is a Piece of String":

"How Long is a Piece of String":

A disaster typology towards informing humanitarian relief supply chain design

Adversarial Risk Analysis to Allocate Optimal Defense Resources for Protecting Cyber–Physical Systems from Cyber Attacks

Contact Info

Product

Resources

About