Matteo Iaiani, Giuseppe Fazari, Alessandro Tugnoli, Valerio Cozzani
{"title":"Identification of reference security scenarios from past event datasets by Bayesian Network analysis","authors":"Matteo Iaiani, Giuseppe Fazari, Alessandro Tugnoli, Valerio Cozzani","doi":"10.1016/j.ress.2024.110615","DOIUrl":null,"url":null,"abstract":"<div><div>The global threat of deliberate attacks on chemical, process, and energy facilities underscores the urgent need to enhance Security Vulnerability/Risk Assessment (SVA/SRA) approaches. Traditional assessments often use historical data and Exploratory Data Analysis (EDA) to identify reference scenarios. However, EDA lacks a standardized approach to identify and rank the incident chains. A novel methodology based on Bayesian Networks (BN), named BAS<sup>2</sup>E, was developed to support the systematic identification of reference scenarios from past event datasets. The methodology is based on the development of a static quantified BN, that accurately reflects the causal relationships in incident chains, focusing specifically on those between threats, attack methods, and physical damage scenarios. The BN is quantified by statistical information from the analysis of the incident records and employs the Noisy-OR gate model to manage data gaps in the conditional probability tables (CPTs) specification. The application of the BN sensitivity analysis provides quantification of the reciprocal influence between nodes using a specific derivative-based parameter, allowing for the systematic ranking of the most impactful incident chains to be included as reference scenarios in SVA/SRA. The methodology is demonstrated through its application to a dataset of 109 security incidents that occurred in the offshore Oil&Gas sector.</div></div>","PeriodicalId":54500,"journal":{"name":"Reliability Engineering & System Safety","volume":"254 ","pages":"Article 110615"},"PeriodicalIF":9.4000,"publicationDate":"2024-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Reliability Engineering & System Safety","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0951832024006860","RegionNum":1,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, INDUSTRIAL","Score":null,"Total":0}
引用次数: 0
Abstract
The global threat of deliberate attacks on chemical, process, and energy facilities underscores the urgent need to enhance Security Vulnerability/Risk Assessment (SVA/SRA) approaches. Traditional assessments often use historical data and Exploratory Data Analysis (EDA) to identify reference scenarios. However, EDA lacks a standardized approach to identify and rank the incident chains. A novel methodology based on Bayesian Networks (BN), named BAS2E, was developed to support the systematic identification of reference scenarios from past event datasets. The methodology is based on the development of a static quantified BN, that accurately reflects the causal relationships in incident chains, focusing specifically on those between threats, attack methods, and physical damage scenarios. The BN is quantified by statistical information from the analysis of the incident records and employs the Noisy-OR gate model to manage data gaps in the conditional probability tables (CPTs) specification. The application of the BN sensitivity analysis provides quantification of the reciprocal influence between nodes using a specific derivative-based parameter, allowing for the systematic ranking of the most impactful incident chains to be included as reference scenarios in SVA/SRA. The methodology is demonstrated through its application to a dataset of 109 security incidents that occurred in the offshore Oil&Gas sector.
期刊介绍:
Elsevier publishes Reliability Engineering & System Safety in association with the European Safety and Reliability Association and the Safety Engineering and Risk Analysis Division. The international journal is devoted to developing and applying methods to enhance the safety and reliability of complex technological systems, like nuclear power plants, chemical plants, hazardous waste facilities, space systems, offshore and maritime systems, transportation systems, constructed infrastructure, and manufacturing plants. The journal normally publishes only articles that involve the analysis of substantive problems related to the reliability of complex systems or present techniques and/or theoretical results that have a discernable relationship to the solution of such problems. An important aim is to balance academic material and practical applications.