2015
DOI: 10.1515/jaiscr-2015-0029
|View full text |Cite
|
Sign up to set email alerts
|

Risk Assessment For Industrial Control Systems Quantifying Availability Using Mean Failure Cost (MFC)

Abstract: 1 Industrial Control Systems (ICS) are commonly used in industries such as oil and natural gas, transportation, electric, water and wastewater, chemical, pharmaceutical, pulp and paper, food and beverage, as well as discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control. Originally, ICS implementations were susceptible primarily to local threats because most of their compone… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
8
0

Year Published

2016
2016
2021
2021

Publication Types

Select...
5
3
1

Relationship

0
9

Authors

Journals

citations
Cited by 19 publications
(8 citation statements)
references
References 35 publications
0
8
0
Order By: Relevance
“…The [24] used previously in industrial settings [25]; applied to industry standards [26] [27]; and applied to cloud environments [27] [28]. The cost/benefits risk assessment of the project [2] was carried out by computing the Mean Failure Cost (MFC) for various UPS stakeholders addressing grid vulnerability, consequence, and risk analysis.…”
Section: Process and Resultsmentioning
confidence: 99%
“…The [24] used previously in industrial settings [25]; applied to industry standards [26] [27]; and applied to cloud environments [27] [28]. The cost/benefits risk assessment of the project [2] was carried out by computing the Mean Failure Cost (MFC) for various UPS stakeholders addressing grid vulnerability, consequence, and risk analysis.…”
Section: Process and Resultsmentioning
confidence: 99%
“…Using the probability determined in this way, it is possible to state the formula which estimates the risk [68,69]:…”
Section: Risk Analysismentioning
confidence: 99%
“…Leveraging the definitions just presented, and to qualify the impact of dependencies between EDS assets, we developed a Dependency Matrix inspired in part by the matrix that qualifies availability developed by Chen et al [2]. This matrix allows the security relationships between all assets within a system to be qualified by specific factors.…”
Section: Dependency Matrixmentioning
confidence: 99%
“…For example, the MTU is considered in an acceptable state of security if its ExSol score is within the range of 2,000 to 4,500. However, in part (2), an attacker has discovered a vulnerability in the third system. As a response, collaborators come together and, using ExSol, determine that the RTU and Firewall security configurations have been taken advantage of.…”
Section: Example Use Casementioning
confidence: 99%