Holistic Risk Assessment in Industrial Control Systems: Combining Multiple Bayesian Networks with Multi-Criteria Decision Making | IEEE Conference Publication | IEEE Xplore

Holistic Risk Assessment in Industrial Control Systems: Combining Multiple Bayesian Networks with Multi-Criteria Decision Making


Abstract:

In recent years, the increase in cyber-attacks on Industrial Control Systems (ICS) due to open industrial protocols has highlighted the vulnerability of critical infras-t...Show More

Abstract:

In recent years, the increase in cyber-attacks on Industrial Control Systems (ICS) due to open industrial protocols has highlighted the vulnerability of critical infras-tructures to such threats. Notable incidents like Stuxnet and BlackEnergy3 have demonstrated the potential for significant operational disruptions. Such a new situation calls for a successful risk assessment approach that can address the multifaceted nature of cyber threats. Addressing such need, this paper in-troduces a novel holistic risk assessment framework combining Bayesian Networks (BNs) with Multi-Criteria Decision Making (MCDM) to compute and integrate heterogeneous risk values into a single, comprehensive risk metric. In more detail, a set of heterogeneous risk metrics, derived by resorting to an array of risk-specific BNs, is combined through the Incomplete Analytic Hierarchy Process (AHP) technique. Briefly, a set of experts is asked to compare the relevance of pairs of risks, and this relative information is translated into a weight associated to each metric. The effectiveness of the proposed risk assessment technique is evaluated against a real hardware-in-the-loop case study in a laboratory environment, namely the Water Distribution Testbed (WDT) for cyber-physical security testing.
Date of Conference: 11-14 June 2024
Date Added to IEEE Xplore: 27 June 2024
ISBN Information:

ISSN Information:

Conference Location: Chania - Crete, Greece

References

References is not available for this document.