Measuring the Risk of Cyber Attack in Industrial Control Systems
Cyber attacks on industrial control systems (ICS) that underpin critical national infrastructure can be characterised as high-impact, low-frequency events. To date, the volume of attacks versus the overall global footprint of ICS is low, and as a result there is an insufficient dataset to adequately assess the risk to an ICS operator, yet the impacts are potentially catastrophic. This paper identifies key elements of existing decision science that can be used to inform and improve the cyber security of ICS against antagonistic threats and highlights the areas where further development is required to derive realistic risk assessments, as well as detailing how data from established safety processes may inform the decision-making process. The paper concludes by making recommendations as to how a validated dataset could be constructed to support investment in ICS cyber security.
Open Access article
Citation : Cook A., Smith R., Maglaras L. and Janicke H. (2016) Measuring the Risk of Cyber Attack in Industrial Control Systems. Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research (ICS-CSR 2016), Belfast, 23-25 August 2016, DOI: 10.14236/ewic/ICS2016.12
Research Institute : Cyber Technology Institute (CTI)
Peer Reviewed : Yes