Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

Consider the Consequences: A Risk Assessment Approach for Industrial Control Systemsopen access

Authors
Kim, AramOh, JunhyoungKwon, KookheuiLee, Kyungho
Issue Date
22-6월-2022
Publisher
WILEY-HINDAWI
Citation
SECURITY AND COMMUNICATION NETWORKS, v.2022
Indexed
SCIE
SCOPUS
Journal Title
SECURITY AND COMMUNICATION NETWORKS
Volume
2022
URI
https://scholar.korea.ac.kr/handle/2021.sw.korea/145547
DOI
10.1155/2022/3455647
ISSN
1939-0114
Abstract
The development of information and communication technologies extended the application of digitalized industrial control systems (ICSs) to critical infrastructure. With this circumstance, emerging sophisticated cyberattacks by adversaries, including nation-backed terrorists, target ICSs due to their strategic value that critical infrastructure can cause severe consequences to equipment, people, and the environment due to the cyberattacks on ICSs. Therefore, critical infrastructure owners should provide high assurance to those involved, such as neighboring residents and governments, that the facility is adequately protected against cyberattacks. The risk assessment that identifies, estimates, and prioritizes risks is vital to provide high assurance. This study proposes a framework for evaluating risks by quantifying the likelihood of cyber exploitation and the consequences of cyberattacks. The quantification of the likelihood of cyber exploitation is inspired by research on Bayesian attack graphs (BAGs), allowing probability evaluation that considers the causal relationship between ICSs and multistage attacks. For the cyberattack consequences quantification, we propose a methodology to evaluate how far an impact will spread and thus how many functions will be influenced when an ICS is exploited. The methodology is conducted by ICS experts identifying and listing functional dependencies and essential function goals among ICSs that they are already familiar with and do not require in-depth cybersecurity knowledge. Through experiments, we demonstrated how to apply our framework to assess the risks of the plant protection system, which is a safety-grade digital system used in nuclear power plants. The result shows that risk can be multidimensionally assessed than previous literature, such as discovering that components that were not considered important have high risk due to their functional connectivity.
Files in This Item
There are no files associated with this item.
Appears in
Collections
School of Cyber Security > Department of Information Security > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Lee, Kyung Ho photo

Lee, Kyung Ho
정보보호학과
Read more

Altmetrics

Total Views & Downloads

BROWSE