Integrated process safety and process security risk assessment of industrial cyber-physical systems in chemical plants

Aligned with the development needs of Industry 4.0, industrial cyber-physical systems (ICPSs) are widely applied to chemical facilities to facilitate so-called intelligent production processes. Meanwhile, emerging cyber-to-physical (C2P) risks are introduced due to the vulnerability of ICPSs to cyberattacks. An integrated safety and security risk assessment of chemical facilities equipped with industrial cyber-physical systems becomes challenging, particularly in performing a probabilistic/quantitative risk assessment. Targeting this gap, this study develops a systematic approach to construct accident scenarios concerning both safety hazards and security threats and performs a probabilistic risk assessment of chemical facilities considering the interdependency between safety-associated events and security-associated events. In the proposed approach, bow-tie technique is used to perform a safety risk analysis, and meanwhile, the possible dangerous scenarios caused by physical attacks and C2P attacks are also identified and integrated into the bow-tie diagram. Particularly, attack impact modeling of C2P attacks helps to identify dangerous attack modes, and a time-to-compromise (TTC) based method is used to quantify the vulnerability of ICPSs to C2P attacks. Then, a Bayesian network (BN) model is developed to perform an integrated safety and security risk analysis. An illustrative case study is used in this study to give guidance on performing integrated safety and security risk assessment of ICPSs and validate the feasibility of the proposed approach.