Integrated physical safety–cyber security risk assessment based on layers of protection analysis

IF 3.7 3区 工程技术 Q2 ENGINEERING, CHEMICAL
Feilong Zhang , Jianfeng Yang , Jing Li , Jianwen Zhang , Jinghai Li , Liangchao Chen , Xu Diao , Qianlin Wang , Zhan Dou
{"title":"Integrated physical safety–cyber security risk assessment based on layers of protection analysis","authors":"Feilong Zhang ,&nbsp;Jianfeng Yang ,&nbsp;Jing Li ,&nbsp;Jianwen Zhang ,&nbsp;Jinghai Li ,&nbsp;Liangchao Chen ,&nbsp;Xu Diao ,&nbsp;Qianlin Wang ,&nbsp;Zhan Dou","doi":"10.1016/j.cherd.2024.10.036","DOIUrl":null,"url":null,"abstract":"<div><div>The extensive application of information technology in process industries has increased production efficiency but has also introduced new risks. Therefore, it is necessary to systematically analyse the risks within factories to ensure the stable operation of their production systems. This study proposes an integrated risk assessment method based on layers of protection analysis (LOPA), which combines physical safety and cyber security analyses to provide comprehensive risk assessments for the process industry. The method first identifies the hazardous scenarios and protection layers relevant to a process facility. It then identifies potential cyberattack types and existing countermeasures. Subsequently, the functional impacts of attacks on protection layers and potential coupling relationships are discussed. Using common vulnerability scoring system (CVSS) and semi-quantitative methods, the probability of attack is determined to optimize the probability of failure on demand (PFD) of the protection layers. Finally, a case study of a steam separator in a catalytic cracking unit is used to quantitatively explore the potential attacks and risks of coupled protection layers. The application of Bayesian network (BN) is used for further validation of the method. This study offers a novel quantitative tool for risk assessment in the process industry, which can enhance the security and reliability of industrial production and control systems.</div></div>","PeriodicalId":10019,"journal":{"name":"Chemical Engineering Research & Design","volume":"212 ","pages":"Pages 405-420"},"PeriodicalIF":3.7000,"publicationDate":"2024-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Chemical Engineering Research & Design","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S026387622400621X","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENGINEERING, CHEMICAL","Score":null,"Total":0}
引用次数: 0

Abstract

The extensive application of information technology in process industries has increased production efficiency but has also introduced new risks. Therefore, it is necessary to systematically analyse the risks within factories to ensure the stable operation of their production systems. This study proposes an integrated risk assessment method based on layers of protection analysis (LOPA), which combines physical safety and cyber security analyses to provide comprehensive risk assessments for the process industry. The method first identifies the hazardous scenarios and protection layers relevant to a process facility. It then identifies potential cyberattack types and existing countermeasures. Subsequently, the functional impacts of attacks on protection layers and potential coupling relationships are discussed. Using common vulnerability scoring system (CVSS) and semi-quantitative methods, the probability of attack is determined to optimize the probability of failure on demand (PFD) of the protection layers. Finally, a case study of a steam separator in a catalytic cracking unit is used to quantitatively explore the potential attacks and risks of coupled protection layers. The application of Bayesian network (BN) is used for further validation of the method. This study offers a novel quantitative tool for risk assessment in the process industry, which can enhance the security and reliability of industrial production and control systems.
基于保护层分析的物理安全-网络安全综合风险评估
信息技术在流程工业中的广泛应用提高了生产效率,但也带来了新的风险。因此,有必要对工厂内部的风险进行系统分析,以确保生产系统的稳定运行。本研究提出了一种基于保护层分析(LOPA)的综合风险评估方法,它结合了物理安全和网络安全分析,为流程工业提供全面的风险评估。该方法首先确定与流程设施相关的危险情景和保护层。然后,确定潜在的网络攻击类型和现有的应对措施。随后,讨论攻击对保护层的功能影响和潜在的耦合关系。利用通用漏洞评分系统 (CVSS) 和半定量方法确定攻击概率,以优化保护层的按需故障概率 (PFD)。最后,以催化裂化装置中的蒸汽分离器为例,定量探讨了耦合保护层的潜在攻击和风险。应用贝叶斯网络(BN)对该方法进行了进一步验证。这项研究为流程工业的风险评估提供了一种新颖的定量工具,可提高工业生产和控制系统的安全性和可靠性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Chemical Engineering Research & Design
Chemical Engineering Research & Design 工程技术-工程:化工
CiteScore
6.10
自引率
7.70%
发文量
623
审稿时长
42 days
期刊介绍: ChERD aims to be the principal international journal for publication of high quality, original papers in chemical engineering. Papers showing how research results can be used in chemical engineering design, and accounts of experimental or theoretical research work bringing new perspectives to established principles, highlighting unsolved problems or indicating directions for future research, are particularly welcome. Contributions that deal with new developments in plant or processes and that can be given quantitative expression are encouraged. The journal is especially interested in papers that extend the boundaries of traditional chemical engineering.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信