TY - JOUR
T1 - Integrated process safety and process security risk assessment of industrial cyber-physical systems in chemical plants
AU - Yuan, Shuaiqi
AU - Yang, Ming
AU - Reniers, Genserik
PY - 2023
Y1 - 2023
N2 - Aligned with the development needs of Industry 4.0, industrial cyber-physical systems (ICPSs) are widely applied to chemical facilities to facilitate so-called intelligent production processes. Meanwhile, emerging cyber-to-physical (C2P) risks are introduced due to the vulnerability of ICPSs to cyberattacks. An integrated safety and security risk assessment of chemical facilities equipped with industrial cyber-physical systems becomes challenging, particularly in performing a probabilistic/quantitative risk assessment. Targeting this gap, this study develops a systematic approach to construct accident scenarios concerning both safety hazards and security threats and performs a probabilistic risk assessment of chemical facilities considering the interdependency between safety-associated events and security-associated events. In the proposed approach, bow-tie technique is used to perform a safety risk analysis, and meanwhile, the possible dangerous scenarios caused by physical attacks and C2P attacks are also identified and integrated into the bow-tie diagram. Particularly, attack impact modeling of C2P attacks helps to identify dangerous attack modes, and a time-to-compromise (TTC) based method is used to quantify the vulnerability of ICPSs to C2P attacks. Then, a Bayesian network (BN) model is developed to perform an integrated safety and security risk analysis. An illustrative case study is used in this study to give guidance on performing integrated safety and security risk assessment of ICPSs and validate the feasibility of the proposed approach.
AB - Aligned with the development needs of Industry 4.0, industrial cyber-physical systems (ICPSs) are widely applied to chemical facilities to facilitate so-called intelligent production processes. Meanwhile, emerging cyber-to-physical (C2P) risks are introduced due to the vulnerability of ICPSs to cyberattacks. An integrated safety and security risk assessment of chemical facilities equipped with industrial cyber-physical systems becomes challenging, particularly in performing a probabilistic/quantitative risk assessment. Targeting this gap, this study develops a systematic approach to construct accident scenarios concerning both safety hazards and security threats and performs a probabilistic risk assessment of chemical facilities considering the interdependency between safety-associated events and security-associated events. In the proposed approach, bow-tie technique is used to perform a safety risk analysis, and meanwhile, the possible dangerous scenarios caused by physical attacks and C2P attacks are also identified and integrated into the bow-tie diagram. Particularly, attack impact modeling of C2P attacks helps to identify dangerous attack modes, and a time-to-compromise (TTC) based method is used to quantify the vulnerability of ICPSs to C2P attacks. Then, a Bayesian network (BN) model is developed to perform an integrated safety and security risk analysis. An illustrative case study is used in this study to give guidance on performing integrated safety and security risk assessment of ICPSs and validate the feasibility of the proposed approach.
KW - Bayesian network
KW - Bow-tie diagram
KW - Cyber-physical systems
KW - Cyber-to-physical attacks
KW - Probabilistic risk assessment
KW - Safety and security risks
UR - http://www.scopus.com/inward/record.url?scp=85178394538&partnerID=8YFLogxK
U2 - 10.1016/j.compind.2023.104056
DO - 10.1016/j.compind.2023.104056
M3 - Article
AN - SCOPUS:85178394538
SN - 0166-3615
VL - 155
JO - Computers in Industry
JF - Computers in Industry
M1 - 104056
ER -