DRIVERS: A platform for dynamic risk assessment of emergent cyber threats for industrial control systems

2023 31st Mediterranean Conference on Control and Automation (MED) Pub Date : 2023-06-26 DOI:10.1109/MED59994.2023.10185686

Martina Nobili, Camilla Fioravanti, S. Guarino, S. Ansaldi, M. Milazzo, P. Bragatto, R. Setola

{"title":"DRIVERS: A platform for dynamic risk assessment of emergent cyber threats for industrial control systems","authors":"Martina Nobili, Camilla Fioravanti, S. Guarino, S. Ansaldi, M. Milazzo, P. Bragatto, R. Setola","doi":"10.1109/MED59994.2023.10185686","DOIUrl":null,"url":null,"abstract":"A good cyber risk assessment is nowadays a matter of paramount importance for industrial systems and critical infrastructures. In a radical change and continuous development scenario such as that represented by Industry 4.0 plants, it is no longer sufficient to consider only static risks relating to the analysis of past data, but there is a need for a risk assessment that takes into account risks arising from emergent threats. In this paper, we propose a novel methodology for dynamic risk assessment that takes into account both the known values related to the static components of the system and the risks related to the emergence of new threats that have not yet been verified but are plausible according to experts. To achieve this, as part of the national “DRIVERS” project, an analysis of the most significant cyber-security factors was conducted to classify them in terms of relevance, considering both risk acceleration and risk mitigation aspects. This assessment is carried out by means of the multi-criteria decision support technique Analytic Hierarchy Process (AHP), performed by dividing the threat into a hierarchical structure.","PeriodicalId":270226,"journal":{"name":"2023 31st Mediterranean Conference on Control and Automation (MED)","volume":"163 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 31st Mediterranean Conference on Control and Automation (MED)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MED59994.2023.10185686","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

A good cyber risk assessment is nowadays a matter of paramount importance for industrial systems and critical infrastructures. In a radical change and continuous development scenario such as that represented by Industry 4.0 plants, it is no longer sufficient to consider only static risks relating to the analysis of past data, but there is a need for a risk assessment that takes into account risks arising from emergent threats. In this paper, we propose a novel methodology for dynamic risk assessment that takes into account both the known values related to the static components of the system and the risks related to the emergence of new threats that have not yet been verified but are plausible according to experts. To achieve this, as part of the national “DRIVERS” project, an analysis of the most significant cyber-security factors was conducted to classify them in terms of relevance, considering both risk acceleration and risk mitigation aspects. This assessment is carried out by means of the multi-criteria decision support technique Analytic Hierarchy Process (AHP), performed by dividing the threat into a hierarchical structure.

查看原文本刊更多论文

驱动程序:工业控制系统紧急网络威胁动态风险评估平台

如今，良好的网络风险评估对工业系统和关键基础设施至关重要。在工业4.0工厂所代表的激进变化和持续发展情景中，仅考虑与过去数据分析相关的静态风险已经不够了，而是需要进行风险评估，将紧急威胁产生的风险考虑在内。在本文中，我们提出了一种新的动态风险评估方法，该方法既考虑了与系统静态组件相关的已知值，也考虑了与尚未验证但专家认为合理的新威胁出现相关的风险。为此，作为国家"驱动因素"项目的一部分，对最重要的网络安全因素进行了分析，根据相关性对其进行分类，同时考虑到风险加速和风险缓解两个方面。该评估通过多准则决策支持技术层次分析法(AHP)进行，该方法通过将威胁划分为层次结构来执行。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 31st Mediterranean Conference on Control and Automation (MED)

自引率

0.00%

发文量