Abstract
Information security risk assessment for industrial control system is usually influenced by uncertain factors. For effectively dealing with problem that the uncertainty and quantification difficulties are caused by subjective and objective factors in the assessment process, an information security risk assessment method based on attack tree model with fuzzy set theory and probability risk assessment technology is proposed, which is applied in a risk scenario of ship control system. Firstly, potential risks of the control system are analyzed and the attack tree model is established. Then triangular fuzzy numbers and expert knowledge are used to determine the factors that influence the probability of a leaf node and the leaf nodes are quantified to obtain the interval probability. Finally, the fuzzy arithmetic is used to determine the interval probability of the root node and the attack path. After defuzzification, the potential risks of the system and the probability of occurrence of each attack path are obtained. Compared with other methods, the proposed method can greatly reduce the impact of subjectivity on the risk assessment of industrial control systems and get more stable, reliable, and scientific evaluation results.
Highlights
Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) are important components of the modern industrial environment and critical infrastructure [1]
Information security risk assessment of industrial control systems can effectively help users to identify potential system risks and take appropriate defensive measures, which has become the focus of current industrial research
Huikang Lu et al [8] proposed an ICS information security risk assessment method based on fuzzy analytic hierarchy process
Summary
Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) are important components of the modern industrial environment and critical infrastructure [1]. Huikang Lu et al [8] proposed an ICS information security risk assessment method based on fuzzy analytic hierarchy process. CheeWooi Ten et al [11] proposed a method for evaluating network security vulnerabilities using attack trees and conducting risk assessment for SCADA systems in power control networks. Traditional probabilistic techniques neglect the uncertainty and difficulties in quantifying security incidents, which affect the reliability of assessment To address these problems, an information security risk assessment method based on attack tree model is proposed in this paper, which combines fuzzy theory and probabilistic risk assessment technology. The case study of information security risk assessment of ship control system shows that the method can effectively reduce the uncertainty caused by subjective and objective factors, increasing the stability and reliability of evaluation results. The fifth part is the conclusion and prospect of the research work
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
