A New Evaluation Model for Information Security Risk Management of SCADA Systems | IEEE Conference Publication | IEEE Xplore

A New Evaluation Model for Information Security Risk Management of SCADA Systems


Abstract:

Supervisory control and data acquisition (SCADA) systems are becoming increasingly susceptible to cyber-physical attacks on both physical and cyber layers of critical inf...Show More

Abstract:

Supervisory control and data acquisition (SCADA) systems are becoming increasingly susceptible to cyber-physical attacks on both physical and cyber layers of critical information infrastructure. Failure Mode and Effects Analysis (FMEA) have been widely used as a structured method to prioritize all possible vulnerable areas (failure modes) for design review of security of information systems. However, traditional RPN based FMEA has some inherent problems. Besides, there is a lacking of application of FMEA for security in SCADAs under vague and uncertain environment. Thus, the main purpose of this study was to propose a new evaluation model, which not only intends to recover above mentioned problems, but also intends to evaluate, prioritize and correct security risk of SCADA system's threat modes. A numerical case study was also conducted to demonstrate that the proposed new evaluation model is not only capable of addressing FMEA's inherent problems but also is best suited for a semi-quantitative high level analysis of a secure SCADA's failure modes in the early design phases.
Date of Conference: 06-09 May 2019
Date Added to IEEE Xplore: 01 August 2019
ISBN Information:
Conference Location: Taipei, Taiwan

References

References is not available for this document.