A Method of Entropy Weight Quantitative Risk Assessment for the Safety and Security Integration of a Typical Industrial Control System

Abstract

Aiming at the risk assessment requirements of typical industrial control systems with integrated architecture of security and safety, we propose an objective and quantitative integrated security and safety assessment scheme based on Fuzzy Analytic Hierarchy Process (FAHP). First, we establish a safety and security integrated (SSI) architecture for typical industrial control systems with security measures integrated into safety failure modes. On this basis, we establish a hierarchical model of risk assessment with SSI failure mode as an element of the evaluation layer, and then standardize characteristic values of various safety-related heterogeneous index parameters. We design an entropy weight method that uses Grey Relation Analysis (GRA) method to modify the correlation of multiple indicators as a parameter strategy for determining the relative importance of element layer and evaluation layer and then use the membership function method of fuzzy statistical method to obtain the membership degree of hierarchical elements, and finally obtain the failure risk level value of equipment and system by fuzzy comprehensive evaluation. Based on a typical distributed control system, we build an experimental platform to test and verify the risk assessment plan, and compared with expert experience parameter method. The result shows that the scheme takes into account the correlation between indicators which measure the SSI risk level of industrial control system, and the entropy weight method is used to evaluate the risk of industrial control system which can overcome the subjectivity and uncertainty of individual judgment. Furthermore, the quantitative evaluation of system risk is completed by using fuzzy statistical method in the case of industrial control system without prior knowledge, and the idea of this scheme has a wide range of engineering value.