Integrated Safety-Security Risk Assessment for Production Systems: A Use Case Using Bayesian Belief Networks

2023 IEEE 21st International Conference on Industrial Informatics (INDIN) Pub Date : 2023-07-18 DOI:10.1109/INDIN51400.2023.10217926

Pushparaj Bhosale, W. Kastner, T. Sauter

{"title":"Integrated Safety-Security Risk Assessment for Production Systems: A Use Case Using Bayesian Belief Networks","authors":"Pushparaj Bhosale, W. Kastner, T. Sauter","doi":"10.1109/INDIN51400.2023.10217926","DOIUrl":null,"url":null,"abstract":"Industrial control systems (ICSs) are complex networked systems that enable automation of large-scale processes. Depending on the application domain, the risk of the failure of components can have catastrophic repercussions. Up to now, a safety risk assessment is carried out to identify and narrow down possible failures. However, with the recent increase of cybersecurity attacks, a need of an integrated safety and security risk assessment is rising. This encompasses a comprehensive approach to assess the risks associated with ICSs and develop strategies for mitigating those risks. This paper proposes Bayesian Belief Network (BBN) as a representative of a probabilistic method and show its suitability for an integrated safety and security risk assessment. The method is evaluated by means of a use case. It provides risk propagation of functional safety, human safety and shows a propagation path from security to functional safety. The assessment is based on practical vulnerability assessments, technical documentations, manual observation and expert opinions.","PeriodicalId":174443,"journal":{"name":"2023 IEEE 21st International Conference on Industrial Informatics (INDIN)","volume":"192 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 21st International Conference on Industrial Informatics (INDIN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INDIN51400.2023.10217926","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Industrial control systems (ICSs) are complex networked systems that enable automation of large-scale processes. Depending on the application domain, the risk of the failure of components can have catastrophic repercussions. Up to now, a safety risk assessment is carried out to identify and narrow down possible failures. However, with the recent increase of cybersecurity attacks, a need of an integrated safety and security risk assessment is rising. This encompasses a comprehensive approach to assess the risks associated with ICSs and develop strategies for mitigating those risks. This paper proposes Bayesian Belief Network (BBN) as a representative of a probabilistic method and show its suitability for an integrated safety and security risk assessment. The method is evaluated by means of a use case. It provides risk propagation of functional safety, human safety and shows a propagation path from security to functional safety. The assessment is based on practical vulnerability assessments, technical documentations, manual observation and expert opinions.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

生产系统的综合安全风险评估:使用贝叶斯信念网络的用例

工业控制系统(ics)是复杂的网络系统，可以实现大规模过程的自动化。根据应用程序领域的不同，组件失败的风险可能会产生灾难性的后果。到目前为止，进行安全风险评估以识别和缩小可能出现的故障。然而，随着近年来网络安全攻击的增加，对综合安全和安全风险评估的需求正在上升。这包括采用综合方法评估与国际计量系统有关的风险，并制定减轻这些风险的战略。本文提出了贝叶斯信念网络(BBN)作为概率方法的代表，并证明了其在综合安全和安全风险评估中的适用性。该方法通过用例进行评估。提供了功能安全、人的安全的风险传播，并给出了从安全到功能安全的传播路径。评估基于实际脆弱性评估、技术文档、人工观察和专家意见。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2023 IEEE 21st International Conference on Industrial Informatics (INDIN)

自引率

0.00%

发文量