Abstract
Aligned with the development needs of Industry 4.0, industrial cyber-physical systems (ICPSs) are widely applied to chemical facilities to facilitate so-called intelligent production processes. Meanwhile, emerging cyber-to-physical (C2P) risks are introduced due to the vulnerability of ICPSs to cyberattacks. An integrated safety and security risk assessment of chemical facilities equipped with industrial cyber-physical systems becomes challenging, particularly in performing a probabilistic/quantitative risk assessment. Targeting this gap, this study develops a systematic approach to construct accident scenarios concerning both safety hazards and security threats and performs a probabilistic risk assessment of chemical facilities considering the interdependency between safety-associated events and security-associated events. In the proposed approach, bow-tie technique is used to perform a safety risk analysis, and meanwhile, the possible dangerous scenarios caused by physical attacks and C2P attacks are also identified and integrated into the bow-tie diagram. Particularly, attack impact modeling of C2P attacks helps to identify dangerous attack modes, and a time-to-compromise (TTC) based method is used to quantify the vulnerability of ICPSs to C2P attacks. Then, a Bayesian network (BN) model is developed to perform an integrated safety and security risk analysis. An illustrative case study is used in this study to give guidance on performing integrated safety and security risk assessment of ICPSs and validate the feasibility of the proposed approach.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.