An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System

Halima  Ibrahim Kure; Shareeful Islam; Mohammad  Abdur Razzaque

doi:10.3390/app8060898

Applied Sciences (May 2018)

An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System

Halima Ibrahim Kure,
Shareeful Islam,
Mohammad Abdur Razzaque

Affiliations

Halima Ibrahim Kure: School of Architecture, Computing and Engineering, University of East London, London E16 2RD, UK
Shareeful Islam: School of Architecture, Computing and Engineering, University of East London, London E16 2RD, UK
Mohammad Abdur Razzaque: School of Computing, Media and Arts, Teesside University, Middleborough TS1 3BX, UK

DOI: https://doi.org/10.3390/app8060898
Journal volume & issue: Vol. 8, no. 6
p. 898

Abstract

Read online

A cyber-physical system (CPS) is a combination of physical system components with cyber capabilities that have a very tight interconnectivity. CPS is a widely used technology in many applications, including electric power systems, communications, and transportation, and healthcare systems. These are critical national infrastructures. Cybersecurity attack is one of the major threats for a CPS because of many reasons, including complexity and interdependencies among various system components, integration of communication, computing, and control technology. Cybersecurity attacks may lead to various risks affecting the critical infrastructure business continuity, including degradation of production and performance, unavailability of critical services, and violation of the regulation. Managing cybersecurity risks is very important to protect CPS. However, risk management is challenging due to the inherent complex and evolving nature of the CPS system and recent attack trends. This paper presents an integrated cybersecurity risk management framework to assess and manage the risks in a proactive manner. Our work follows the existing risk management practice and standard and considers risks from the stakeholder model, cyber, and physical system components along with their dependencies. The approach enables identification of critical CPS assets and assesses the impact of vulnerabilities that affect the assets. It also presents a cybersecurity attack scenario that incorporates a cascading effect of threats and vulnerabilities to the assets. The attack model helps to determine the appropriate risk levels and their corresponding mitigation process. We present a power grid system to illustrate the applicability of our work. The result suggests that risk in a CPS of a critical infrastructure depends mainly on cyber-physical attack scenarios and the context of the organization. The involved risks in the studied context are both from the technical and nontechnical aspects of the CPS.

Published in Applied Sciences

ISSN: 2076-3417 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Engineering (General). Civil engineering (General); Science: Biology (General); Science: Physics; Science: Chemistry
Website: http://www.mdpi.com/journal/applsci

About the journal

Abstract

Keywords