Abstract
A cyber-physical system (CPS) is a combination of physical system components with cyber capabilities that have a very tight interconnectivity. CPS is a widely used technology in many applications, including electric power systems, communications, and transportation, and healthcare systems. These are critical national infrastructures. Cybersecurity attack is one of the major threats for a CPS because of many reasons, including complexity and interdependencies among various system components, integration of communication, computing, and control technology. Cybersecurity attacks may lead to various risks affecting the critical infrastructure business continuity, including degradation of production and performance, unavailability of critical services, and violation of the regulation. Managing cybersecurity risks is very important to protect CPS. However, risk management is challenging due to the inherent complex and evolving nature of the CPS system and recent attack trends. This paper presents an integrated cybersecurity risk management framework to assess and manage the risks in a proactive manner. Our work follows the existing risk management practice and standard and considers risks from the stakeholder model, cyber, and physical system components along with their dependencies. The approach enables identification of critical CPS assets and assesses the impact of vulnerabilities that affect the assets. It also presents a cybersecurity attack scenario that incorporates a cascading effect of threats and vulnerabilities to the assets. The attack model helps to determine the appropriate risk levels and their corresponding mitigation process. We present a power grid system to illustrate the applicability of our work. The result suggests that risk in a CPS of a critical infrastructure depends mainly on cyber-physical attack scenarios and the context of the organization. The involved risks in the studied context are both from the technical and nontechnical aspects of the CPS.
Highlights
Cyber-physical systems are real-time and robust independent systems with high performances requirements [1]
We follow an empirical investigation through a case study and action research to determine the usefulness of the integrated risk management approach
There are many security challenges faced by infrastructure service providers, which tend to bring down their business operations and disrupt the continuity of their operation
Summary
Cyber-physical systems are real-time and robust independent systems with high performances requirements [1] They are used in many application domains, including critical infrastructures, such as the national power grid, transportation, medical, and defense. These applications require the attainment of stability, performance, reliability, efficiency, and robustness, which require tight integration of computing, communication, and control technological systems [2]. CPSs of critical infrastructures have always been the target of criminals and are affected by security threats [3] because of their complexity and cyber-physical connectivity These CPSs face security breaches when people, processes, technology, or other components are being attacked or risk management systems are missing, inadequate, or fail in any way. The management team agreed that, depending on the discussion, those risks having risk a level of more than three are considered the controls and those risk levels below three are considered within the acceptance level
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
