Integrated physical safety–cyber security risk assessment based on layers of protection analysis

The extensive application of information technology in process industries has increased production efficiency but has also introduced new risks. Therefore, it is necessary to systematically analyse the risks within factories to ensure the stable operation of their production systems. This study proposes an integrated risk assessment method based on layers of protection analysis (LOPA), which combines physical safety and cyber security analyses to provide comprehensive risk assessments for the process industry. The method first identifies the hazardous scenarios and protection layers relevant to a process facility. It then identifies potential cyberattack types and existing countermeasures. Subsequently, the functional impacts of attacks on protection layers and potential coupling relationships are discussed. Using common vulnerability scoring system (CVSS) and semi-quantitative methods, the probability of attack is determined to optimize the probability of failure on demand (PFD) of the protection layers. Finally, a case study of a steam separator in a catalytic cracking unit is used to quantitatively explore the potential attacks and risks of coupled protection layers. The application of Bayesian network (BN) is used for further validation of the method. This study offers a novel quantitative tool for risk assessment in the process industry, which can enhance the security and reliability of industrial production and control systems.