Abstract

Malicious interferences to Industrial Automation and Control Systems (IACS) such as the Basic Process Control System (BPCS) and the Safety Instrumented System (SIS) of chemical and process facilities may initiate events with severe consequences such as major accident scenarios (e.g., loss of containment of hazardous substances) and production outages. Existing security vulnerability and risk assessment (SVA/SRA) methodologies, as well as the cybersecurity risk assessment approach proposed by ISA/IEC 62443 series of standards, do not provide any practical method or guideline supporting cyber-risk identification. Moreover, an evident lack of procedures addressing the concrete connection between malicious manipulations of the BPCS and SIS and the impacts on the physical process system that can be initiated, is present in the scientific literature. Given the outlined gap, in the present study, a synergic framework of tools is described and applied to a case study (offshore Oil&Gas platform for gas compression), supporting the systematic identification of the risks that can originate as a result of a malicious interference to the BPCS and SIS. The framework consists of a past incident analysis (PIA) and of two rigorous methodologies, PHAROS, focused on major accident hazards, and POROS, addressing also operability issues. The concept of cyber-attack credibility is here introduced to identify the most credible sets of manipulations based on the score of the plant knowledge level required by the attacker and that of the cyber complexity of the attack pattern, allowing to provide valuable information on how to effectively allocate resources for a more secure network architecture.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.