Feilong Zhang , Jianfeng Yang , Jing Li , Jianwen Zhang , Jinghai Li , Liangchao Chen , Xu Diao , Qianlin Wang , Zhan Dou
{"title":"Integrated physical safety–cyber security risk assessment based on layers of protection analysis","authors":"Feilong Zhang , Jianfeng Yang , Jing Li , Jianwen Zhang , Jinghai Li , Liangchao Chen , Xu Diao , Qianlin Wang , Zhan Dou","doi":"10.1016/j.cherd.2024.10.036","DOIUrl":null,"url":null,"abstract":"<div><div>The extensive application of information technology in process industries has increased production efficiency but has also introduced new risks. Therefore, it is necessary to systematically analyse the risks within factories to ensure the stable operation of their production systems. This study proposes an integrated risk assessment method based on layers of protection analysis (LOPA), which combines physical safety and cyber security analyses to provide comprehensive risk assessments for the process industry. The method first identifies the hazardous scenarios and protection layers relevant to a process facility. It then identifies potential cyberattack types and existing countermeasures. Subsequently, the functional impacts of attacks on protection layers and potential coupling relationships are discussed. Using common vulnerability scoring system (CVSS) and semi-quantitative methods, the probability of attack is determined to optimize the probability of failure on demand (PFD) of the protection layers. Finally, a case study of a steam separator in a catalytic cracking unit is used to quantitatively explore the potential attacks and risks of coupled protection layers. The application of Bayesian network (BN) is used for further validation of the method. This study offers a novel quantitative tool for risk assessment in the process industry, which can enhance the security and reliability of industrial production and control systems.</div></div>","PeriodicalId":10019,"journal":{"name":"Chemical Engineering Research & Design","volume":"212 ","pages":"Pages 405-420"},"PeriodicalIF":3.7000,"publicationDate":"2024-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Chemical Engineering Research & Design","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S026387622400621X","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENGINEERING, CHEMICAL","Score":null,"Total":0}
引用次数: 0
Abstract
The extensive application of information technology in process industries has increased production efficiency but has also introduced new risks. Therefore, it is necessary to systematically analyse the risks within factories to ensure the stable operation of their production systems. This study proposes an integrated risk assessment method based on layers of protection analysis (LOPA), which combines physical safety and cyber security analyses to provide comprehensive risk assessments for the process industry. The method first identifies the hazardous scenarios and protection layers relevant to a process facility. It then identifies potential cyberattack types and existing countermeasures. Subsequently, the functional impacts of attacks on protection layers and potential coupling relationships are discussed. Using common vulnerability scoring system (CVSS) and semi-quantitative methods, the probability of attack is determined to optimize the probability of failure on demand (PFD) of the protection layers. Finally, a case study of a steam separator in a catalytic cracking unit is used to quantitatively explore the potential attacks and risks of coupled protection layers. The application of Bayesian network (BN) is used for further validation of the method. This study offers a novel quantitative tool for risk assessment in the process industry, which can enhance the security and reliability of industrial production and control systems.
期刊介绍:
ChERD aims to be the principal international journal for publication of high quality, original papers in chemical engineering.
Papers showing how research results can be used in chemical engineering design, and accounts of experimental or theoretical research work bringing new perspectives to established principles, highlighting unsolved problems or indicating directions for future research, are particularly welcome. Contributions that deal with new developments in plant or processes and that can be given quantitative expression are encouraged. The journal is especially interested in papers that extend the boundaries of traditional chemical engineering.