2016
DOI: 10.14236/ewic/ics2016.12
|View full text |Cite
|
Sign up to set email alerts
|

Measuring the Risk of Cyber Attack in Industrial Control Systems

Abstract: Cyber attacks on industrial control systems (ICS) that underpin critical national infrastructure can be characterised as high-impact, low-frequency events. To date, the volume of attacks versus the overall global footprint of ICS is low, and as a result there is an insufficient dataset to adequately assess the risk to an ICS operator, yet the impacts are potentially catastrophic. This paper identifies key elements of existing decision science that can be used to inform and improve the cyber security of ICS aga… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
11
0

Year Published

2017
2017
2022
2022

Publication Types

Select...
4
4
1

Relationship

5
4

Authors

Journals

citations
Cited by 20 publications
(11 citation statements)
references
References 28 publications
0
11
0
Order By: Relevance
“…Cook et al [8] present an overview of risk assessment strategies for industrial control systems (ICS) that includes, among others, the game theoretic approach. The authors conclude that there exists no unified risk model for hitherto unconsidered ICS scenarios that incorporates events, threats, vulnerabilities, and general consequences with a measure of uncertainty.…”
Section: Game Theory and Serious Gamesmentioning
confidence: 99%
“…Cook et al [8] present an overview of risk assessment strategies for industrial control systems (ICS) that includes, among others, the game theoretic approach. The authors conclude that there exists no unified risk model for hitherto unconsidered ICS scenarios that incorporates events, threats, vulnerabilities, and general consequences with a measure of uncertainty.…”
Section: Game Theory and Serious Gamesmentioning
confidence: 99%
“…In the core of the cyber security lifecycle lies the cyber threat intelligence, which is the process of collecting data and deriving meaningful information for the system. SCADA systems are nowadays the targets of cyber attackers, and it is worthwhile to note that attacking them affects a substantial number of persons, potentially causing significant damage and ultimately threatening human lives [11]. Post-event investigation has frequently linked these attacks to the exploitation of vulnerabilities deeply rooted in the ICS design philosophy which focuses on availability rather than security.…”
Section: Introductionmentioning
confidence: 99%
“…A simulation of malware on the US electricity grid [16] resulted in blackouts across 15 states, 93 million people without power, and impacts on the US economy of between USD 243bn and 1trn. Such high-impact, low-frequency (HILF) events [17] do not provide an adequate dataset to characterise the threat and do not provide sufficient inputs to established risk analysis models [18]. This lack of evidence complicates the cost-justification of investment in ICS cyber security, as the costs can be high versus the demonstrated number of incidents.…”
Section: Introductionmentioning
confidence: 99%