IEEE Access (Jan 2023)

Extended Dependency Modeling Technique for Cyber Risk Identification in ICS

  • Ayodeji O. Rotibi,
  • Neetesh Saxena,
  • Pete Burnap,
  • Alex Tarter

DOI
https://doi.org/10.1109/ACCESS.2023.3263671
Journal volume & issue
Vol. 11
pp. 37229 – 37242

Abstract

Read online

Complex systems such as Industrial Control Systems (ICS) are designed as a collection of functionally dependent and highly connected units with multiple stakeholders. Identifying the risk of such complex systems requires an overall view of the entire system. Dependency modelling (DM) is a highly participative methodology that identifies the goals and objectives of a system and the required dependants to satisfy these goals. Researchers have proved DM to be suitable for identifying and quantifying impact and uncertainty in complex environments. However, there exist limitations in the current expressions of DM that hinder its complete adaptation for risk identification in a complex environment such as ICS. This research investigates how the capability of DM could be extended to address the identified limitations and proposes additional variables to address phenomena that are unique to ICS environments. The proposed extension is built into a system-driven ICS dependency modeller, and we present an illustrative example using a scenario of a generic ICS environment. We reflect that the proposed technique supports an improvement in the initial user data input in the identification of areas of risk at the enterprise, business process, and technology levels.

Keywords