Managing cybersecurity risks of cyber-physical systems: The MARISMA-CPS pattern

Rosado, David G.; Santos-Olmo, Antonio; Sánchez, Luís Enrique; Serrano, Manuel Alberca; Blanco, Carlos; Mouratidis, Haralambos; Fernández‐Medina, Eduardo

doi:10.1016/j.compind.2022.103715

Cited by 26 publications

(7 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, Mokalled et al [29] proposed a general risk management framework for CPSs focusing on specific characteristics of the CPSs. Rosado et al [30] proposed a risk analysis approach for CPS based on MARISMA. However, this approach focuses on general elements of the CPS.…”

Section: Related Work On Cps Risk Assessment Methodologiesmentioning

confidence: 99%

Risk assessment and control selection for cyber-physical systems: a case study on supply chain tracking systems

Kavallieratos¹,

Grigoriadis²,

Katsika³

et al. 2022

J Surveill Secur Saf

View full text Add to dashboard Cite

Aim: The paper proposes a novel risk assessment method ology for complex cyber-physical systems: The proposed method ology may assist risk assessors to: (a) assess the risks deriving from cyber and physical interactions among cyber-physical components; and (b) prioritize the control selection process for mitigating these risks. Methods: To achieve this, we combine and modify appropriately two recent risk assessment method ologies targeted to cyber physical systems and interactions, as underlying building blocks. By applying the existing method ology, we enable the utilization of well-known software vulnerability taxonomies, to extract vulnerability and impact submetrics for all the interactions among the system components. These metrics are then fed to the risk analysis phase in order to assess the overall cyber-physical risks and to prioritize the list of potential mitigation controls. Results: To validate the applicability and efficiency of the proposed method ology, we apply it in a realistic scenario involving supply chain tracking systems. Conclusion: Our results show that the proposed method ology can be effectively applied to capture the risks deriving from cyber and physical interactions among system components in realistic application scenarios, while for large scale networks further testing should be carried out.

show abstract

Section: Related Work On Cps Risk Assessment Methodologiesmentioning

confidence: 99%

Risk assessment and control selection for cyber-physical systems: a case study on supply chain tracking systems

Kavallieratos¹,

Grigoriadis²,

Katsika³

et al. 2022

J Surveill Secur Saf

View full text Add to dashboard Cite

show abstract

“…We have seen this in practice through MARISMA [15,33], which is our dynamic approach to risk analysis and management that we have designed, improved and extended and which we have been applying to many types of companies and technologies (electric, hydrocarbons, governments, health, shipbuilding, chemical industry, etc.) for more than a decade with clients in eight Latin American countries.…”

Section: Sustainable Management Of Security Incidentsmentioning

confidence: 99%

“…MARISMA is a methodology based on the reuse of knowledge for RAM purposes using structures known as "patterns" that allow different types of cases to be supported. In this sense, a pattern was developed to manage and control risks in CPSs considering the inherent needs of this type of systems (MARISMA-CPS) [15]. This template is based on the main standards and recommendations for CPSs, the IoT and risk management (ISO/IEC 27.000 and IEC 62443, ENISA (Ross, 2017) and the CPS framework by NIST (Griffor, 2017)).…”

Section: Introductionmentioning

confidence: 99%

QISS: Quantum-Enhanced Sustainable Security Incident Handling in the IoT

Blanco,

Santos-Olmo,

Sánchez

2024

Information

Self Cite

View full text Add to dashboard Cite

As the Internet of Things (IoT) becomes more integral across diverse sectors, including healthcare, energy provision and industrial automation, the exposure to cyber vulnerabilities and potential attacks increases accordingly. Facing these challenges, the essential function of an Information Security Management System (ISMS) in safeguarding vital information assets comes to the fore. Within this framework, risk management is key, tasked with the responsibility of adequately restoring the system in the event of a cybersecurity incident and evaluating potential response options. To achieve this, the ISMS must evaluate what is the best response. The time to implement a course of action must be considered, as the period required to restore the ISMS is a crucial factor. However, in an environmentally conscious world, the sustainability dimension should also be considered to choose more sustainable responses. This paper marks a notable advancement in the fields of risk management and incident response, integrating security measures with the wider goals of sustainability and corporate responsibility. It introduces a strategy for handling cybersecurity incidents that considers both the response time and sustainability. This approach provides the flexibility to prioritize either the response time, sustainability or a balanced mix of both, according to specific preferences, and subsequently identifies the most suitable actions to re-secure the system. Employing a quantum methodology, it guarantees reliable and consistent response times, independent of the incident volume. The practical application of this novel method through our framework, MARISMA, is demonstrated in real-world scenarios, underscoring its efficacy and significance in the contemporary landscape of risk management.

show abstract

“…IoT and CPS devices are becoming incresingly key elements of CIIs, and the majority of CPS-security related works are focusing on these critical infrastructures for any sector ( Adepu et al, 2019 ). Rosado et al (2022) have, therefore, developed a pattern called MARISMA-CPS that builds the scaffolding for the management of risk analysis processes that is specifically oriented towards CPS-based environments and is, owing to its nature, extensible to ICIs. This pattern contains catalogues of different types of key elements involved in the technical infrastructure of an SCP environment.…”

Section: Control Mechanismmentioning

confidence: 99%