Analyzing the Impact of Cybersecurity on Monitoring and Control Systems in the Energy Sector

Abstract

Monitoring and control systems in the energy sector are specialized information structures that are not governed by the same information technology standards as the rest of the world’s information systems. Such industrial control systems are also used to handle important infrastructures, including smart grids, oil and gas facilities, nuclear power plants, water management systems, and so on. Industry equipment is handled by systems connected to the internet, either via wireless or cable connectivity, in the present digital age. Further, the system must work without fail, with the system’s availability rate being of paramount importance. Furthermore, to certify that the system is not subject to a cyber-attack, the entire system must be safeguarded against cyber security vulnerabilities, threats, and hazards. In addition, the article looks at and evaluates cyber security evaluations for industrial control systems, as well as their possible impact on the accessibility of industrial control system operations in the energy sector. This research work discovers that the hesitant fuzzy-based method of the Analytic Hierarchy Process (AHP) and the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is an operational procedure for estimating industrial control system cyber security assessments by understanding the numerous characteristics and their impacts on cyber security industrial control systems. The author evaluated the outputs of six distinct projects to determine the quality of the outcomes and their sensitivity. According to the results of the robustness analysis, alternative 1 shows the utmost effective cybersecurity project for the industrial control system. This research work will be a conclusive reference for highly secure and managed monitoring and control systems.

1. Introduction

Any energy infrastructure’s central nervous system is comprised of control systems. It consists of extensive networks of linked electronic devices that are critical for monitoring and controlling power generation and transmission in the electric grid, as well as in petroleum and gas production. An industrial control system is a broad term that involves a variety of things employed in industries and essential infrastructures, such as multiple configuration control systems, supervisory control, distributed control systems, and data collection [1,2,3]. In addition, chemicals, water and sewage, power, oil and natural gas, and transportation are just a few of the industries that use industrial control systems. Vulnerabilities in industrial control systems are caused by the operating system, hardware, and industrial control system failures, as well as arrangement challenges and insufficient system maintenance.

A failure in the energy sector’s monitoring and control systems may lead to a huge blackout. Many energy firms offer power system stabilizing devices that quickly control the system (for example, shutting off a plant) in the case of a system malfunction, preventing widespread disruptions. The central arithmetic unit (which calculates control information), the central control unit (which performs fault detection, control decision, and control command output), and the terminal unit make up the power system stabilizing systems [4]. The following Figure 1 shows the general architecture of monitoring and control systems in the energy sector.

Vulnerabilities can be mitigated using a range of security measures, including network security, physical security systems, operating systems, and program patching [4,5]. Because most industrial control system advances do not adhere to the security criteria of a given instruction, cyber-attacks on their integrity, availability, and confidentiality can be carried out. A cyber threat to availability, for example, involves removing efficiency tools and making significant control and sophisticated information inaccessible at all times. Manipulation of complicated data on resources constitutes a threat to integrity, whilst listening in on relevant data constitutes a threat to secrecy.

Further, conducting a cyber-security evaluation is essential for minimizing and closing the gap between cyber security issues in industrial control systems [6,7,8]. Malicious attacks on industrial control systems have increased dramatically in recent years. Any hacker with a tainted USB stick or a single spear-phishing email can access a remote network, as proved by the BlackEnergy and Stuxnet assaults. To protect industrial systems from safety procedures, traditional security, and cyber-attacks are insufficient. Given the surge in threats to critical infrastructure and systems, finding the best technology provider and consultant to protect our infrastructure and systems is critical.

The authors are focusing our efforts on securing fog platforms for industrial control systems so that practitioners can detect any harmful or unusual activity. To put it another way, we are investigating how to build a secure industrial control system with an advanced intrusion detection system to protect it from cyber-attacks. It is vital that we first look at the cloudification of industrial control systems, as well as current work on industrial control system cyber-security vulnerabilities. The authors employed the Multiple Criteria Decision Making (MCDM) technique to analyze the cyber security assessment of the industrial control system and compile it more effectively [9,10,11,12,13,14,15].

For solving decision-related problems, there are numerous MCDM techniques [16,17,18]. This research work employed the hesitant fuzzy-based AHP and TOPSIS procedure for the projected paper [18,19,20,21,22,23,24,25]. Additional, AHP and TOPSIS are two common MCDM techniques for finding precise solutions among a variety of options and characteristics. The nature of the characteristics involved in estimating a cyber security assessment of the industrial control system necessitates the use of an AHP-based hierarchy-based MCDM technique. TOPSIS technique also appears to be a good MCDM technique for choosing the best option among numerous choices. This hybrid procedure has been employed by a number of academics to solve decision-making difficulties [26,27,28,29,30].

AHP, on the other hand, is the most extensively employed MCDM procedure, and it is recognized as providing more accurate findings. In AHP, the hierarchy model is employed for an estimate, while in the Analytic Network Process (ANP), the networked model is employed for estimating in decision making. Furthermore, both methods collect pair-wise assessment matrix statistics and prioritize the options for outcome testing. Every property of the mentioned hierarchy is self-determining in itself, and the same is also implemented in alternatives, which is a complementary advantage of AHP. The qualities and options, on the other hand, are mutually dependent on each other, as shown in real-time scenarios [31,32,33,34].

Bijoyeta Roy et al. employed the MCDM procedure of hesitant fuzzy AHP-TOPSIS for industrial control systems selection [35]. This tactic assisted in prioritizing the greatest available solutions from a plethora of project decisions, as well as alternative positions. Madjit Tavana et al. employed the hesitant fuzzy AHP-TOPSIS method to estimate a single variable, for example, community, for e-governance willingness [36]. Using the hesitant fuzzy AHP technique, Baozhu Li et al. assessed the security features of computers [37]. As a result, a review of existing research in this area reveals that there are a variety of MCDM tactics for tackling decision-related problems [38]. The authors employed the hesitant fuzzy-based Analytic Hierarchy Process (AHP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) for the proposed article [39,40,41]. AHP and TOPSIS are two common MCDM methodologies for locating accurate solutions among a variety of options and features.

The remainder of the article is organized as follows. The authors will address the characteristics and consequences of industrial control system cyber security in Segment 2. We will also discuss the consequences of recent cyber-attacks in Segment 3. We will talk about the security concerns and issues with industrial control systems in Segment 4. In Segment 5, we will go through the approach, and in Segment 6, we will go over data analysis and outcomes, sensitivity analysis, and containment comparisons using various methods. Finally, in Segment 7, we reach the end of the document and also discuss possible future research directions.

2. Industrial Control System

An industrial control system is a collection of control systems and related equipment that includes networks, devices, systems, and controls employed to operate and/or systematize industrial procedures. Each industrial control system is designed to handle work efficiently and electronically, and performs differently depending on the industry. Devices and protocols for industrial control systems may now be found in almost every critical infrastructure and industrial location, including transportation, manufacturing, water, and energy treatment [40,41,42,43,44,45]. In the perspective of information security, the confidentiality, integrity, and availability triangle is a well-known approach for designing security rules. Each character redirects an initial data security aim in instruction to accomplish success:

• Integrity

To protect against unauthorized information tampering or loss, a statement of non-repudiation, correctness, and validity of information is necessary.

• Confidentiality

Maintaining allowed access and transparency limits while protecting data privacy and classified information.

• Availability

Ensure that information is readily available and is employed in a timely and accurate manner.

In the safety triangle, the availability and integrity of industrial control systems are more important than secrecy. They seek to increase availability so that systems can run and execute without being accidentally disrupted. In control systems, data integrity is critical. It could have a substantial influence on the operation or even security if the operator’s screen in the command center does not precisely represent what is going on. Integrity and confidentiality are frequently less of a concern in industrial control systems than availability. Because data in an industrial control systems environment, such as speed, vibration, and temperature is only temporary, this is the case.

Industrial control systems are generally designed to work as reliably as possible for as long as possible. Industrial control systems are often designed to endure 20 years or more [12,13,14,15]. Further, it is difficult to upgrade the security patch. Furthermore, conducting various forms of cyber security assessments on industrial control systems is difficult, especially when guaranteeing that the cyber security assessment does not disrupt the system.

2.1. Impact of Industrial Control System: Electric Power Grid Perspective

To integrate generating, transmission and distribution functions, the information technology infrastructure for energy utilities today uses many types of industrial control systems [11,12,13,14,15]. From a cyber-security standpoint, the danger has increased as an outcome of the improved connectivity and network linkages. Consequently, the integration of operating technology systems and information technology is widened, and as a result the occurrence of the power supply area is widened. These two components have been separated in the past, yet they are still linked in many situations. In the operating technology sector, the industrial control systems platform is likewise based on a commercial information technology operating system. This suggests that the operational technology environment has exposed weaknesses in the information technology environment.

Because of software compatibility, which is primarily supported by the unique apparatus industrialist for software updates, a typical way of increasing the system security in an operational technology environment is frequently not to reinforce or preserve the information technology environment [15]. This shows that operational technology systems are falling behind their information technology counterparts defensively. Many industrial control systems networks eventually lack authentication methods and regulated access regulations, and cyber security management is often insufficient or non-existent, leaving them susceptible.

2.2. Impact of Cyber-Attack: Industrial Control System Perspective

Cyber security evaluation in control systems of industry assists the asset owner or organization in determining the cyber security strength of its infrastructure [4,15,16,17]. It also aids in the detection of any vulnerabilities or flaws that could permit a hacker to interrupt or seize control of the system. Following the discovery of ambiguities and vulnerabilities, the flaws are corrected and mitigated in an attempt to prevent cyber-attacks that could jeopardize industrial control systems. As seen in

Table 1. Impact of Cyber-Attack.

Cyber Occurrence Name	Place Happened	Year	Impact
BlackEnergy	Ukraine Power Grid	2014/ 2015	In Ukraine, a 6-h power outage occurs, affecting an estimated 230,000 people.
Industroyer/Crash Override	Ukraine Power Grid (North City of Kiev)	2016	1 h of power outage causes Ukraine to lose 1/5 of its electric capacity, according to estimates.
Triton	Oil and Gas Plant Saudi Arabia	2017	The attackers intended to produce a plant-wide explosion, however, their scheme was foiled due to a vulnerability and defect in their virus.

, many cyber incidents have happened as an outcome of insufficient cyber security evaluation.

The availability of a security triad has long been a primary priority for industrial control systems. Some systems refuse to apply patches or system updates because they may jeopardize the system’s availability. The lack of modernizing or the most recent patch version can result in catastrophic cyber-attacks. As a result, several vulnerabilities and security issues exist in control systems of industry [20,21,22,23]. A cyber security assessment is required in instruction to distinguish these security problems and vulnerabilities in industrial control systems. To do so, the information security professional must be familiar with the industrial control systems they are evaluating. A single blunder when conducting a cyber-security assessment in an industrial control systems environment might cause downtime and disrupt routine operations. As a result, this research looks at different methods for conducting cyber security assessments in control systems of industry.

2.3. Impact of Scanning Tools/Techniques: Industrial Control System Perspective

In the industrial control systems context, a standard system or software application is utilized to undertake cyber security assessment [24,25,26,27]. The majority of the tools utilized are comparable to those employed by analysts to examine the IT infrastructure. Due to the assessment itself, several tools employed in the information technology environment can have an influence on the accessibility of control systems of industry, such as causing some systems and disturbing operations to failure. The following (

Table 2. Scanning tools for industrial control systems.

Software	Objective	Impact on Accessibility
Nmap	To identify and detect hosts on a network, as well as obtain information about them, such as the services they provide and the ports they open.	Yes
Shodan	To execute and conduct searching and scanning for hosts or services that run on internet-connected devices.	No
Nessus	To execute vulnerability analysis and host investigation on an identified host, as well as to provide a summary of the discovered vulnerability and a method to fix it.	Yes

) are some of the most frequent tools employed by analysts, which may have an influence on accessibility.

2.3.1. NMAP

Nmap is a network scanning program that is often employed to identify and detect hosts on a network [4,5,6,7,8,9]. Concurrently, this program collects data about the host, for example, the facilities they provide and the host’s primary port. When employed in industrial control systems, Nmap might cause the system to crash, causing havoc in the environment. If the tool scans legacy systems or devices, the device will crash. Rare legacy systems may have difficulty processing the stack of TCP/IP requirements from the scanner, and in some situations, the device may be unable to accept numerous requests from Nmap, leading the device to crash or misbehave.

The effect of this tool is that the scanned devices or systems may crash, thereby disrupting the procedure of industrial control systems. Finally, Nmap should be fine-tuned to work in the context of control systems of industry. Nmap should not run disturbing scans, and the system’s threshold and time should be fine-tuned. This reduces the risk of system crashes and misbehavior during scanning and ensures that the network is not overburdened with scanning traffic.

2.3.2. SHODAN

Shodan is a search engine that is employed to find systems that are associated with the internet [6,7,8,9]. It differs from other famous search engines, like Yahoo, Bing, and Google, in that it searches for systems that are connected with the internet. Misconfiguration errors are revealed when devices or systems are visible on Shodan. Shodan scans the network for connected devices. It looks for accessible terminals, and a customer can use Shodan to look for specific facilities that run on a certain host. As an outcome, if a single IP address hosts many services, Shodan displays a list of all available services at that address. An illustration of a Shodan search outcome is shown in Figure 2.

Shodan collects data in metadata format, which includes hostnames, operating systems, geographic locations, and features relevant to transport or application layer protocols, such as server message blocks, SSH, SSL, and TLS protocol. The observable system that Shodan has distinguished should be evaluated to see if it is harmless. In instruction to perimeter the approachability the of Shodan search engine scan in obtaining data, the system should be configured.

2.3.3. NESSUS

The Nessus tool is employed to do vulnerability analysis and host discovery on discovered hosts, as well as to provide an outline of the identified vulnerability and the method to fix it [10,11,12,13,14,15,16]. Nessus has the capability to continually test each method employed to build internal services in order to uncover potential susceptibilities based on host replies to each probe and request. The vulnerability signature is then compared to the Nessus database to discover probable flaws (Figure 3).

Denial of service testing, dictionary attack plugins, and brute force, for example, should be immobilized first. These two plugins have the potential to cause the system to crash or malfunction. A dynamic investigation on the host might cause a system crash and denial of service, disrupting the availability of industrial control systems. This incident might occur in either information technology or an operational technology setting. Finally, Nessus needs to be fine-tuned to work in the industrial control systems environment. Prior to scanning using Nessus, make sure you have a complete picture of the system.

To avoid a crash and allow the industrial control systems to work normally, appropriate extenuation planning should be completed to verify if the system misbehaves. Because of software compatibility, which is primarily supported by the unique apparatus industrialist for any modernizes of software, a typical way of increasing the security of a system in an operational technology environment is usually not to patch or preserve the information technology environment. This shows that operational technology systems are falling behind their information technology counterparts defensively. Many industrial control systems networks eventually lack authentication methods and regulated access regulations, and cyber security management is often insufficient or non-existent, leaving them susceptible.

3. Issues and Challenges Related to Industrial Control System

Attacks on industrial control systems have risen year after year. Some have had a significant impact at the national level, while others are tiny occurrences. With the recent cyber incidents that have targeted the industrial control systems industry, there is a compelling need to undertake a cyber-security estimation to determine the robustness of industrial control systems from a cyber-security standpoint. The majority of cyber security evaluations are geared toward information technology systems and do not take into account the limits that industrial control systems face. As a result, this study offers many appropriate ways of conducting assessments of cyber security in control systems of industry.

Obtaining real-time and unbiased datasets is a major difficulty when using machine learning methods. Numerous datasets are inner and cannot be united due to confidentiality and consumer privacy concerns, or they may be missing key statistical properties. Because of these difficulties, most industry settings avoid exchanging their protected network data. As a result, researchers choose to create datasets for testing and training in confined or simulated experimental contexts, which may be limited in scope. When machine learning frameworks are educated on a single dataset, the semantic gap between the outcomes and their application is common. The supervised machine learning frameworks that perform well with one dataset may or may not perform well with totally various datasets generated under various simulation or experimental circumstances, according to Bhamare et al. [5]. To demonstrate this, Bhamare et al. employed a separate dataset to test the aforementioned frameworks and found that they performed significantly worse, as presented in Figure 4 and Figure 5.

A similar difficulty arises when machine learning approaches are applied to the cybersecurity of industrial control systems. There is a scarcity of research that shows the efficacy of machine learning frameworks across diverse datasets collected in various situations. There is a scarcity of research that shows the efficacy of these frameworks across many datasets collected in various situations. It is stated that machine learning frameworks must be tested for resilience, especially under a variety of operating situations, which are common in control system scenarios. The findings highlight the necessity for a security testbed for industrial control systems, which can be employed to mimic genuine industrial control systems and investigate the consequences of assaults on them. Researchers would be able to investigate cyber-attacks and defense measures while assessing their influence on control systems in an innovative setting.

4. Security Attributes in Perspective of Industrial Control System

Security is one of the primary characteristics of an industrial control system that has an indirect impact. Figure 6 shows how using the security factor in the secure phase can improve the quality of the industrial control system. In Figure 6, six options for selecting the best option between two industrial control systems have been shown.

There are two tiers to the security attributes: C1 and C2 in level-1 signify security and trust. C11, C12, C13, C14, C15, C16, and C17 in security signify confidentiality, availability, integrity, authentication, reliability, efficiency, and accessibility (level-2). Durability, survivability, availability, maintainability, and accessibility are categorized as C21, C22, C23, C24, and C25 in terms of trustworthiness at level-2. The following is the definition of the qualities of industrial control systems:

Emotional stability is a key feature of pre-adolescents. When acquiring a pre-owned automobile, security is an important factor to consider. Security is a vital component for preserving and protecting industrial control systems from damaging attacks and other threats presented by malicious data and hackers. Confidentiality in the perspective of security denotes permitting approved access to secure and sensitive data [24]. We must protect data from leakage since confidentiality is the foundation of cybersecurity and privacy. The value of the data will be lost if it is leaked. If hackers attack the data and change it or locate hidden information, the benefit of cyber security may be lost. Integrity is a demand characteristic that ethical assurance and resolution recognize. Integrity is also necessary for obtaining useful and reliable data. We cannot analyze the proper conclusion if the data is wrong or partial, especially if the missing data is the most sensitive and useful. From a computer system perspective, availability refers to a customer’s ability to access data or assets for a specific amount of time [27].

This work contributes to a fuzzy AHP assessment of cyber security. Because cyber security and privacy necessitate a large amount of network bandwidth, efficiency is especially important. Authenticity is required to ensure that data sources, processors, and authorized data requesters are trustworthy. The identification of a user profile is determined by the authentication of industrial control systems. It is the procedure of defining whether or not a customer is who they claim to be [5]. It might help you to avoid erroneous analysis results and get the most out of your cyber security. Reliability is a capability that demonstrates an application’s performance consistency in a controlled environment over a period of time. Cyber security’s capacity to restrict user information rights within a secure environment is known as accessibility. Figure 6 depicts a tree structure of cyber security features.

The capacity to manage and provide data solely to authorized users is referred to as confidentiality. Level-2 is depicted in Figure 6. According to the definitions of trustworthiness, cyber security industrial control systems are trustworthy if they can prevent, respond to, and survive assaults, malfunctions, and other potentially detrimental scenarios. The control system’s trustworthiness ensures that it will function as planned. The need for safety is paramount. The term “durability” refers to a cyber-security system’s ability to last for an extended length of time [21]. Security durability has a big impact on cyber security because the time limit of security has a substantial impact on total cyber security. The capacity to define patching and rearrangements in industrial control systems for a certain course of work is known as maintainability. Survivability refers to a cyber-security system’s ability to achieve its goal, whether it is in the face of an assault or a failure. Only authorized users have access to the information, which is referred to as availability. In the perspective of cyber-security, availability states to a user’s ability to access data or resources for a set period of time. Cyber security’s capacity to restrict user information rights within a secure environment is known as accessibility.

5. Methodology

Some real-world problems necessitate one-of-a-kind or multi-choice-based solutions that allow users to pick the best option from a variety of possibilities without relying on a solid foundation. Various scholars [12,13,14] have employed MCDM methodologies to address this circumstance and provide an optimal quantitative solution to these issues. In comparison to other approaches, the particularly approved AHP tactic joined with a fuzzy set theory is easy and extra effective. Several earlier research projects [15,16,17] have demonstrated this. If there is more than one selection for assessment in the approach during the computing process, this situation has a stronger impact on the computed outcomes. The authors use a hesitant fuzzy set-based MCDM approach in the suggested study, which delivers added efficiency in outcomes from the perspective of assessment. In addition, the TOPSIS technique was utilized to examine the impact of cyber security on industrial control systems. Furthermore, this work employs the hesitant fuzzy-based TOPSIS approach to obtain more productive and correct findings. The TOPSIS methodology is the most suited strategy accessible among the MCDM methodologies for testing the evaluated findings. The most significant benefit of this system is that it considers both positive and negative impacts in the computation.

In our study, we employed HF-AHP procedures to determine the important characteristics of security risk, and then we employed their HF-TOPSIS approach to examine alternatives for similar criteria [45]. In brief, the following is the sequential procedure:

Step 1: The establishment of a factor hierarchy is the first stage in the adopted approach.

Step 2: Investigators employ linguistic terms in

Table 3. Scale for HF-AHP technique.

Rank	Linguistic Term	Abbreviation	Triangular Fuzzy Numbers
10	Absolutely High Importance	AHI	(7.00, 9.00, 9.00)
9	Very High Importance	VHI	(5.00, 7.00, 9.00)
8	Essentially High Importance	ESHI	(3.00, 5.00, 7.00)
7	Weakly High Importance	WHI	(1.00, 3.00, 5.00)
6	Equally High Importance	EHI	(1.00, 1.00, 3.00)
5	Exactly Equal	EE	(1.00, 1.00, 1.00)
4	Equally Low Importance	ELI	(0.33, 1.00, 1.00)
3	Weakly Low Important	WLI	(0.20, 0.33, 1.00)
2	Essentially Low Importance	ESLI	(0.14, 0.20, 0.33)
1	Very Low Importance	VLI	(0.11, 0.14, 0.20)
0	Absolutely Low Importance	ALI	(0.11, 0.11, 0.14)

to develop precise and useful estimation criteria for experts.

Step 3: The incorporation of fuzzy wrappers [46,47,48] from Equation (1) is the next stage in approach evaluation.

$$OWA\left(a_1,a_2,\dots a_n\right)={\displaystyle \sum }_{j=1}^n{W}_j{b}_j$$

(1)

In the same way that professionals estimate the trapezoidal numbers, $\tilde{C}=\left(a,b,c,d\right)$ by the Equations (2)–(5) after Equation (1).

$$a=min\left\{a_L^i, a_M^i,a_M^{i+1}, \dots \dots a_M^j,a_R^j\right\}=a_L^i$$

(2)

$$d=max\left\{a_L^i, a_M^i,a_M^{i+1}, \dots \dots a_M^j,a_R^j\right\}=a_R^j$$

(3)

$$b=\left\{\begin{array}{c}{a}_M^i,if i+1=j\\ OW{A}_{w^{2\left(a_m^j, \dots \dots a_m^{\frac{i+j}{2}}\right), if i+j is even}}\\ OW{A}_{w^{2\left(a_m^j, \dots \dots a_m^{\frac{i+j+1}{2}}\right), if i+j is odd}}\end{array}\right\}$$

(4)

$$c=\left\{\begin{array}{c}{a}_M^{i+1},ifi+1=j\\ OW{A}_{w^{2\left(a_m^j{a}_m^{j-1}, \dots \dots a_m^{\frac{\left(i+j\right)}{2}}\right) , if i+j is even}}\\ OW{A}_{w^{2\left(a_m^j,a_m^{j-1} \dots \dots a_m^{\frac{\left(i+j+1\right)}{2}}\right) , if i+j is odd}}\end{array}\right\}$$

(5)

Following the application of Equations (3)–(5), the practitioners choose the first and second form of weights, i.e., the number between [0, 1] and Equations (6) and (7) to acquire these values.

First type weights $(W1=$($w_1^1,w_2^1,\dots \dots \dots w_n^1$)):

$$w_1^1={\mathsf{\eta }}_2,w_2^1={\mathsf{\eta }}_2\left(1-{\mathsf{\eta }}_2\right),\dots \dots .w_n^1{\mathsf{\eta }}_2{\left(1-{\mathsf{\eta }}_2\right)}^{n-2}$$

(6)

Second type weights $\left(W2=\left(w_1^2,w_2^2,\dots \dots \dots w_n^2\right)\right):$

$$w_1^2={\mathsf{\eta }}_1^{n-1},w_2^2=\left(1-{\mathsf{\eta }}_1\right){\mathsf{\eta }}_1^{n-1}$$

(7)

The mathematical system for the highest rank in the formula ${\mathsf{\eta }}_1=\frac{g-\left(j-1\right)}{g-1}$s, and ${\mathsf{\eta }}_2=\frac{g-\left(j-1\right)}{g-1}$ is g and lowest, highest rank factors are displayed by i and j, respectively.

Step 4: Experts employ Equations (8) and (9) to meet the remaining comparison matrix qualities after analyzing the full prior approach. The experts then defuzzify the matrix using Equation (10) to determine the comparison matrix.

$$\tilde{A}=\left[\begin{array}{ccc}1& \cdots & {\tilde{c}}_{1n}\\ ⋮& \ddots & ⋮\\ {\tilde{c}}_{n1}& \dots & 1\end{array}\right]$$

(8)

$${\tilde{c}}_{ji}=\left(\frac{1}{ci{j}_u},\frac{1}{ci{j}_{m2}},\frac{1}{ci{j}_{m1}},\frac{1}{ci{j}_1}\right)$$

(9)

$${\mu }_x=\frac{l+2m_1+2m_2+h}{6}$$

(10)

Step 5: Correct values are obtained during the defuzzification phase. The experts assess the consistency ratio (CR) of these data by using Equations (11) and (12) to analyze the CR.

$$CI=\frac{{\gamma }_{max}-n}{n-1}$$

(11)

$$CR=\frac{CI}{RI }$$

(12)

Step 6: The experts evaluate the geometrical mean of the variables in this step using Equation (13).

$${\tilde{r}}_i={\left({\tilde{c}}_{i1}{\displaystyle ⨂}{\tilde{c}}_{i2}\dots \dots ⨂{\tilde{c}}_{in}\right)}^{\raisebox{1ex}{$1$}\!\left/ \!\raisebox{-1ex}{$n$}\right.}$$

(13)

Step 7: Experts estimate the most important criterion in the full collection by using the Equation (14).

$${\tilde{w}}_i={\tilde{r}}_1⨂{\left({\tilde{r}}_1⨂{\tilde{r}}_2\dots \dots .{\tilde{r}}_n\right)}^{-1}$$

(14)

.

Step 8: Examiners use Equation (15) to examine the defuzzified values.

$${\mu }_x=\frac{l+2m_1+2m_2+h}{6}$$

(15)

Step 9: Experts convert defuzzified values into normalized values or weights by using Equation (16).

$$\frac{{\tilde{w}}_i}{{{\displaystyle \sum }}_i{{\displaystyle \sum }}_j{\tilde{w}}_j}$$

(16)

The second TOPSIS procedure is now employed to examine the usefulness of the produced findings after determining the priority list for specified criteria. As a MADM technique, TOPSIS is effective at recommending the most favored alternative for use. Torra and Narukawa [49] provided a definition of the TOPSIS technique. TOPSIS technique is the synthesis of positive and negative thoughts; the most exact and trustworthy factor is the most accurate and effective solution. An unimportant factor, on the other hand, is the worst option. To evaluate and measure the security risk of industrial control systems, the authors employed the hesitant fuzzy AHP TOPSIS technique [45,46,47,48,49,50]. The TOPSIS approach computes and associates the distance between two linguistic values, such as H1s and H2s. The procedure (Equation (17)) has been clarified below:

$$d\left(H1s,H2s\right)=\left|q^{*}-q\right|+\left|p^{*}-p\right|$$

(17)

Step 10: The following terms are described as the starting process:

• The following written formulas are applied as $\left(C=\left\{C_1, C_2,\dots \dots C_E\right\}\right)$ and n criteria $\left(C=\left\{C_1, C_2,\dots \dots C_n\right\}\right)$ to define alternatives and criteria in TOPSIS.
• Similarly, k is employed to show the numeric count of experts in TOPSIS; $e_x$ denotes the experts.
• The equation ${\tilde{X}}^l={\left[H_{S_{ij}}^l\right]}_{E\times n}$ is employed in the TOPSIS procedure to signify the HF matrix.
• The standards are written for TOPSIS to determine the criteria and effect of outcomes:

The standard for TOPSIS evaluation lies in between very poor and very good scale,

$r_1^1$ = between medium and good (bt M&G)

$r_2^1$ = at most medium (am M)

$r_1^2$ = at least good (al G)

$r_2^2$ = between very bad and medium (bt VB&M)

For HF matrix, the following formulas are employed [45,46,47,48,49]:

$en{v}_F$(EGH (btM&G)) = T (0.3300, 0.5000, 0.6700, 0.8300)

$en{v}_F$(EGH (amM)) = T (0.0000, 0.0000, 0.3500, 0.6700)

$en{v}_F$(EGH (alG)) = T (0.5000, 0.8500, 1.0000, 1.0000)

$en{v}_F$(EGH (btVB&M)) = T (0.0000, 0.3000, 0.3700, 0.6700)

Step 11: By applying the Equation (18) formula, the associated combined matrix is created:

$$T_{pij}=min\left\{mi{n}_{i=1}^K\left(max{H}_{t_{ij}}^x\right),ma{x}_{i=1}^K\left(min{H}_{t_{ij}}^x\right)\right\}$$

$$T_{qij}=max\left\{mi{n}_{i=1}^K\left(max{H}_{t_{ij}}^x\right),ma{x}_{i=1}^K\left(min{H}_{t_{ij}}^x\right)\right\}$$

(18)

Step 12: In the TOPSIS assessment, the effective characteristics, where the utmost effective characteristic is specified by Aj, is presented by alpha, and alpha indicates the cost-related preferences. Furthermore, the most recent efficient alternatives necessitate a high level of precision for cost-related choices. To describe and link the cost and effective characteristics, use the following Equations (19)–(22):

$${\tilde{V}}_{pj}^{+}=ma{x}_{i=1}^K\left(ma{x}_i\left(min{H}_{S_{ij}}^x\right)\right)j\in {\alpha }_{b }\mathrm{and} mi{n}_{i=1}^K\left(mi{n}_i\left(min{H}_{S_{ij}}^x\right)\right)j\in {\alpha }_c)$$

(19)

$${\tilde{V}}_{qj}^{+}=ma{x}_{i=1}^K\left(ma{x}_i\left(min{H}_{S_{ij}}^x\right)\right)j\in {\alpha }_{b }\mathrm{and}mi{n}_{i=1}^K\left(mi{n}_i\left(min{H}_{S_{ij}}^x\right)\right)j\in {\alpha }_c)$$

(20)

$${\tilde{V}}_{pj}^{-}=ma{x}_{i=1}^K\left(ma{x}_i\left(min{H}_{S_{ij}}^x\right)\right)j\in {\alpha }_c \mathrm{and} mi{n}_{i=1}^K\left(mi{n}_i\left(min{H}_{S_{ij}}^x\right)\right)j\in {\alpha }_b)$$

(21)

$${\tilde{V}}_{qj}^{-}=ma{x}_{i=1}^K\left(ma{x}_i\left(min{H}_{S_{ij}}^x\right)\right)j\in {\alpha }_c \mathrm{and} mi{n}_{i=1}^K\left(mi{n}_i\left(min{H}_{S_{ij}}^x\right)\right)j\in {\alpha }_b)$$

(22)

Step 13: Professionals assess TOPISIS positive and negative ideas components by relating following Equations (23) and (24).

$$D^{+}=\left[\begin{array}{ccc}d\left(x_{11},{\tilde{V}}_1^{+}\right)+& d\left(x_{12},{\tilde{V}}_2^{+}\right)+& \dots \\ d\left(x_{21},{\tilde{V}}_1^{+}\right)+& d\left(x_{22},{\tilde{V}}_2^{+}\right)+& \dots \\ d\left(x_{m1},{\tilde{V}}_1^{+}\right)+& d\left(x_{m2},{\tilde{V}}_1^{+}\right)+& \dots \end{array}\begin{array}{c}+d\left(x_{1n},{\tilde{V}}_n^{+}\right)\\ +d\left(x_{21},{\tilde{V}}_n^{+}\right)\\ +d\left(x_{mn},{\tilde{V}}_n^{+}\right)\end{array}\right]$$

(23)

$$D^{-}=\left[\begin{array}{ccc}d\left(x_{11},{\tilde{V}}_1^{-}\right)+& d\left(x_{12},{\tilde{V}}_2^{-}\right)+& \dots \\ d\left(x_{21},{\tilde{V}}_1^{-}\right)+& d\left(x_{22},{\tilde{V}}_2^{-}\right)+& \dots \\ d\left(x_{m1},{\tilde{V}}_1^{-}\right)+& d\left(x_{m2},{\tilde{V}}_1^{-}\right)+& \dots \end{array}\begin{array}{c}+d\left(x_{1n},{\tilde{V}}_n^{-}\right)\\ +d\left(x_{21},{\tilde{V}}_n^{-}\right)\\ +d\left(x_{mn},{\tilde{V}}_n^{-}\right)\end{array}\right]$$

(24)

Step 14: Professionals construct and evaluate the closeness of positive and negative factors assessed by Equations (25) and (26).

$$CS\left(A_i\right)=\frac{D_i^{+}}{D_i^{+}+D_i^{-}} , i=1,2,\dots .m$$

(25)

where

$$D_i^{+}={{\displaystyle \sum }}_{j=1}^{n}d\left(x_{ij},V_j^{+}\right) \mathrm{and} D_i^{-}={{\displaystyle \sum }}_{j=1}^{n}d\left(x_{ij},V_j^{-}\right)$$

(26)

Step 15: To bring the procedure to a close, the ranks are assigned, and the tabular form of the options is employed to assess their effectiveness.

A highly detailed and analyzed mathematical calculation of security risk has been undertaken in later stages of this study to improve the life duration of industrial control system cyber security

6. Data Analysis and Results

The authors started by identifying several security features for industrial control systems. Several qualities at level-1, namely availability and integrity, are specified as C1 and C2 for evaluating the security evaluation of industrial control systems. In terms of estimating the security of industrial control systems at level-2, confidentiality, availability, integrity, and accessibility are the properties of dependability, and they are denoted by the letters C11, C12, C13, C14, C15, C16, and C17, accordingly. Maintainability, accountability, survivability, availability, and accessibility are the properties of trustworthiness, and they are denoted by the letters C21, C22, C23, C24, and C25, respectively. The study then gathered the opinions of 110 experts from academia and industry (using a virtual environment) to determine the numerical assessment of these features.

These specialists had between two and ten years of experience in the subject of industrial control system security. The authors then calculated the security of the industrial control system using Equations (1)–(26) and Table 3, in which the authors converted language values into numeric values, then hesitant fuzzy-based crisp numerical values, and produced pair-wise comparison matrixes. The authors employed Equations (10)–(16) to defuzzify the pair-wise comparison matrixes into collective values, as well as determine the consistency ratio.

Table 4. HF Pairwise Comparison Matrix at level 1.

	C1	C2
C1	1.00000, 1.00000, 1.00000, 1.00000	1.00000, 1.00000, 3.00000, 5.00000
C2	0.20000, 0.30030, 1.00000, 1.00000	1.00000, 1.00000, 1.00000, 1.00000

and

Table 5. Final Weights through the Hierarchy.

Criteria of Level 1	Local Weights of Level 1	Criteria of Level 2	Local Weights of Level 2	Global Weights of Level 2	Defuzzified Weights	Normalized Weights	Ranks
C1	0.050080, 0.130010, 0.240000, 0.450010	C11	0.140010, 0.290010, 0.370010, 0.680070	0.005114, 0.006131, 0.019171, 0.125300	0.1921120	0.079191	8
		C12	0.050080, 0.130010, 0.240000, 0.450010	0.001150, 0.021119, 0.122264, 0.880081	0.1654270	0.068191	9
		C13	0.090020, 0.180000, 0.330040, 0.690090	0.000211, 0.001560, 0.022595, 0.235612	0.2157120	0.088919	3
		C14	0.040070, 0.130070, 0.250040, 0.350050	0.001412, 0.007788, 0.045673, 0.225336	0.1397560	0.057609	12
		C15	0.030010, 0.060040, 0.120090, 0.270000	0.005950, 0.025419, 0.125864, 0.887381	0.1956340	0.080643	6
		C16	0.030050, 0.080080, 0.180030, 0.340020	0.005212, 0.002688, 0.042773, 0.222336	0.2924730	0.120561	2
		C17	0.300100, 0.400100, 0.902000, 1.612000	0.004720, 0.014628, 0.044873, 0.322227	0.1624520	0.066965	10
C2	0.141200, 0.245000, 0.640000, 0.693000	C21	0.200040, 0.290010, 0.530050, 1.123000	0.002650, 0.024719, 0.124364, 0.885581	0.1994790	0.082228	5
		C22	0.120010, 0.230070, 0.500000, 1.120000	0.005604, 0.007531, 0.013581, 0.118973	0.1934550	0.079745	7
		C23	0.070090, 0.190080, 0.240050, 0.740040	0.015409, 0.048871, 0.157456, 0.165693	0.2955260	0.121820	1
		C24	0.030090, 0.090090, 0.180300, 0.450010	0.005920, 0.015228, 0.045373, 0.325727	0.1622270	0.066872	11
		C25	0.040090, 0.140050, 0.190040, 0.480010	0.005568, 0.035645, 0.125432, 0.335524	0.2116750	0.087255	4

show the calculated values of the trapezoidal fuzzy number, defuzzification values, and finalized values of the weights at level 1 and level 2.

Level 2 of the hierarchy displays a variety of qualities that influence its higher-level features, but their impacts on each aspect are distinct. The authors categorized the characteristics for effective results in this type of situation. The results are shown in

Table 6. Subjective Cognition Outcomes.

Criteria/Alternatives	A1	A2	A3	A4	A5	A6
C11	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	1.4500, 3.0700, 4.9100, 5.6500	0.9100, 2.4500, 4.4500, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	1.9100, 3.7300, 5.7300, 7.5100
C12	1.4500, 3.0700, 4.9100, 5.6500	0.9100, 2.4500, 4.4500, 5.6500	0.9100, 2.4500, 4.4500, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	0.8200, 2.2700, 4.2700, 6.6500
C13	0.9100, 2.4500, 4.4500, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	1.4500, 3.0700, 4.9100, 5.6500
C14	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	0.9100, 2.4500, 4.4500, 5.6500	1.4500, 3.0700, 4.9100, 5.6500	0.9100, 2.4500, 4.4500, 5.6500	0.9100, 2.4500, 4.4500, 5.6500
C15	1.4500, 3.0700, 4.9100, 5.6500	0.9100, 2.4500, 4.4500, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	0.9100, 2.4500, 4.4500, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	1.9100, 3.7300, 5.7300, 7.5100
C16	0.9100, 2.4500, 4.4500, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	0.8200, 2.2700, 4.2700, 6.6500
C17	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	1.4500, 3.0700, 4.9100, 5.6500	0.9100, 2.4500, 4.4500, 5.6500
C21	1.4500, 3.0700, 4.9100, 5.6500	0.9100, 2.4500, 4.4500, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	1.4500, 3.0700, 4.9100, 5.6500	0.9100, 2.4500, 4.4500, 5.6500
C22	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	1.4500, 3.0700, 4.9100, 5.6500	0.9100, 2.4500, 4.4500, 5.6500
C23	1.4500, 3.0700, 4.9100, 5.6500	0.9100, 2.4500, 4.4500, 5.6500	1.4500, 3.0700, 4.9100, 5.6500	0.9100, 2.4500, 4.4500, 5.6500	0.9100, 2.4500, 4.4500, 5.6500	2.8200, 4.6400, 6.6400, 8.5100
C24	0.9100, 2.4500, 4.4500, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	0.9100, 2.4500, 4.4500, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	1.9100, 3.7300, 5.7300, 7.5100	2.8200, 4.6400, 6.6400, 8.5100
C25	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	2.8200, 4.6400, 6.6400, 8.5100	1.4500, 3.0700, 4.9100, 5.6500	0.8200, 2.2700, 4.2700, 6.6500	2.8200, 4.6400, 6.6400, 8.5100

in a combinative way. With the use of Equations (18) and (19),

Table 7. The Normalized Fuzzy-Decision Matrix.

Criteria/Alternatives	A1	A2	A3	A4	A5	A6
C11	0.3340, 0.5240, 0.6180, 0.7800	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800
C12	0.4520, 0.6680, 0.7610, 0.8980	0.5740, 0.7250, 0.7920, 0.8960	0.2750, 0.4560, 0.5330, 0.7330	0.2750, 0.4560, 0.5330, 0.7330	0.6110, 0.7720, 0.8560, 0.9450	0.4520, 0.6680, 0.7610, 0.8980
C13	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.2750, 0.4560, 0.5330, 0.7330
C14	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.4520, 0.6680, 0.7610, 0.8980
C15	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.2750, 0.4560, 0.5330, 0.7330	0.3340, 0.5240, 0.6180, 0.7800	0.2750, 0.4560, 0.5330, 0.7330	0.4520, 0.6680, 0.7610, 0.8980
C16	0.03980, 0.10000, 0.19200, 0.3840	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840
C17	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.03980, 0.10000, 0.19200, 0.3840
C21	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800
C22	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.2750, 0.4560, 0.5330, 0.7330	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840
C23	0.03980, 0.10000, 0.19200, 0.3840	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.2750, 0.4560, 0.5330, 0.7330	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840
C24	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800
C25	0.03980, 0.10000, 0.19200, 0.3840	0.3340, 0.5240, 0.6180, 0.7800	0.03980, 0.10000, 0.19200, 0.3840	0.5740, 0.7250, 0.7920, 0.8960	0.2750, 0.4560, 0.5330, 0.7330	0.2750, 0.4560, 0.5330, 0.7330

and

Table 8. The Weighted Normalized Fuzzy-Decision Matrix.

Criteria/Alternatives	A1	A2	A3	A4	A5	A6
C11	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980	0.0190, 0.0325, 0.0380, 0.0510	0.0555, 0.0870, 0.1040, 0.1220	0.0320, 0.0470, 0.0530, 0.0630	0.1420, 0.1790, 0.1980, 0.2190
C12	0.0555, 0.0870, 0.1040, 0.1220	0.0555, 0.0870, 0.1040, 0.1220	0.0320, 0.0470, 0.0530, 0.0630	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980	0.0190, 0.0325, 0.0380, 0.0510
C13	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980	0.0555, 0.0870, 0.1040, 0.1220	0.0555, 0.0870, 0.1040, 0.1220	0.0320, 0.0470, 0.0530, 0.0630
C14	0.0555, 0.0870, 0.1040, 0.1220	0.0555, 0.0870, 0.1040, 0.1220	0.0320, 0.0530, 0.0720, 0.0980	0.1420, 0.1790, 0.1980, 0.2190	0.1420, 0.1790, 0.1980, 0.2190	0.0190, 0.0325, 0.0380, 0.0510
C15	0.1420, 0.1790, 0.1980, 0.2190	0.1420, 0.1790, 0.1980, 0.2190	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0470, 0.0530, 0.0630
C16	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980	0.0555, 0.0870, 0.1040, 0.1220	0.0555, 0.0870, 0.1040, 0.1220	0.0320, 0.0530, 0.0720, 0.0980	0.0190, 0.0325, 0.0380, 0.0510
C17	0.0555, 0.0870, 0.1040, 0.1220	0.0555, 0.0870, 0.1040, 0.1220	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0470, 0.0530, 0.0630
C21	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980	0.0555, 0.0870, 0.1040, 0.1220	0.0555, 0.0870, 0.1040, 0.1220	0.0320, 0.0530, 0.0720, 0.0980	0.0190, 0.0325, 0.0380, 0.0510
C22	0.0555, 0.0870, 0.1040, 0.1220	0.0555, 0.0870, 0.1040, 0.1220	0.1420, 0.1790, 0.1980, 0.2190	0.1420, 0.1790, 0.1980, 0.2190	0.0555, 0.0870, 0.1040, 0.1220	0.0320, 0.0470, 0.0530, 0.0630
C23	0.1420, 0.1790, 0.1980, 0.2190	0.1420, 0.1790, 0.1980, 0.2190	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980	0.0190, 0.0325, 0.0380, 0.0510
C24	0.0555, 0.0870, 0.1040, 0.1220	0.0320, 0.0530, 0.0720, 0.0980	0.0555, 0.0870, 0.1040, 0.1220	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980	0.0320, 0.0530, 0.0720, 0.0980
C25	0.0320, 0.0530, 0.0720, 0.0980	0.0555, 0.0870, 0.1040, 0.1220	0.0320, 0.0530, 0.0720, 0.0980	0.0555, 0.0870, 0.1040, 0.1220	0.0555, 0.0870, 0.1040, 0.1220	0.0320, 0.0530, 0.0720, 0.0980

depict the normalized and weighted normalized values of alternatives in terms of durability characteristics (24). Finally, as shown in

Table 9. Closeness Coefficients of Various Alternatives.

Alternatives	d+i	d-i	Gap Degree of CC+i	Satisfaction Degree of CC-i
A1	0.043125254	0.025569685	0.378856965	0.644585699
A2	0.034566598	0.049656387	0.644856974	0.336636544
A3	0.044555269	0.036552654	0.387785859	0.635659756
A4	0.033363657	0.040225254	0.563635544	0.466967721
A5	0.040152547	0.045666398	0.533636598	0.446325454
A6	0.039665874	0.024555696	0.388854745	0.623655987

, satisfaction levels of various choices are evaluated using Equations (25) and (26).

In the table above, (CC-i) is evaluated. The effectiveness of alternatives is represented in the table above by quantitative values. As can be seen from the alternative assessment outcomes, the influence of security attributes prioritization is a respectable standard. The authors firmly feel and advise that the numeric calculation and result are acceptable and are in good working order. Furthermore, the prioritized table and ranking for industrial control system longevity are also helpful. The data in the table demonstrate that the second option has the greatest impact of all the other options.

The authors of the proposed study identified six options for estimating the security of industrial control systems. As a result, the authors employed the same six options for the sensitivity analysis as well.

Table 10. Sensitivity Analysis.

Tryouts		A1	A2	A3	A4	A5	A6
Tryout-0	Satisfaction Degree (CC-i)	0.6445857	0.3366365	0.63565976	0.4669677	0.4463255	0.6236560
Tryout-1		0.6444452	0.3367587	0.63555669	0.4669697	0.4464576	0.6234576
Tryout-2		0.6445587	0.3377874	0.63885687	0.4669696	0.4463364	0.6239464
Tryout-3		0.6445523	0.3385691	0.63464579	0.4669789	0.4466658	0.6231346
Tryout-4		0.6444472	0.3314474	0.63546546	0.4666355	0.4466679	0.6236379
Tryout-5		0.6444526	0.3378898	0.63545794	0.4667458	0.4499776	0.6233469
Tryout-6		0.6444587	0.3377458	0.63445131	0.4666325	0.4415644	0.6237798
Tryout-7		0.6446589	0.3477758	0.63454697	0.4696345	0.4465467	0.6236577
Tryout-8		0.6458577	0.3563685	0.63445164	0.4662567	0.4444576	0.6236397
Tryout-9		0.6455869	0.3445784	0.63457846	0.4669646	0.4445677	0.6236599
Tryout-10		0.6455869	0.3365558	0.63454697	0.4661245	0.4464576	0.6238875
Tryout-11		0.6477587	0.3367895	0.63445796	0.4667435	0.4445465	0.6236397
Tryout-12		0.6456988	0.3355874	0.63445794	0.4664456	0.4463257	0.6236688

depicts a well-established robustness assessment. Alternative 1 is the utmost active element for industrial control system security, according to the results of the robustness analysis. The principal row of the table signifies real-world computed findings in the context of robustness evaluation. By using robustness analysis criteria on weights for attributes, we discovered that all elements had a similar higher influence as in the genuine evaluation. The findings also show that quantitative outcomes are affected by weighted characteristics.

The author of the planned study chose six options to test. Comparing the outcomes of several approaches allows for a better understanding of the differences in numerical assessment in various ways. To assess the usefulness of the projected technique, the authors matched it to the other four MCDM techniques: fuzzy AHP-TOPSIS, classical AHP-TOPSIS, fuzzy ANP-TOPSIS, and classical ANP-TOPSIS [50,51,52,53]. Although hybrid procedures, such as fuzzy AHP-TOPSIS and fuzzy ANP TOPSIS produce noble outcomes, hesitant fuzzy AHP TOPSIS proves to be the most precise in the present example. The outcomes of the comparison were not as varied and dissimilar as they may have been, but the accuracy of the results varies.

When assigning values to attributes, the hesitant fuzzy AHP-TOPSIS technique offers the benefit of allocating hesitant fuzzy set evaluation. Web application durability estimation shows the calculated results in

Table 11. Comparative Analysis.

Procedures/Alternatives	A1	A2	A3	A4	A5	A6
Hesitant-Fuzzy-AHP-TOPSIS	0.6445857	0.3366365	0.63565976	0.4669677	0.4463255	0.6236560
Fuzzy-AHP-TOPSIS	0.6444526	0.3378898	0.63545794	0.4667458	0.4499776	0.6233469
Fuzzy-Delphi-AHP-TOPSIS	0.6446589	0.3477758	0.63454697	0.4696345	0.4465467	0.6236577
Classical-AHP-TOPSIS	0.6458577	0.3563685	0.63445164	0.4662567	0.4444576	0.6236397
Delphi-AHP-TOPSIS	0.6445587	0.3377874	0.63885687	0.4669696	0.4463364	0.6239464

and Figure 7. As a result, the authors employed the same six options for the sensitivity analysis as well. Table 10 depicts a well-established robustness assessment. Alternative 1 is the utmost effective factor for the industrial control system, according to the results of the robustness analysis. The principal row of the table signifies real-world computed findings in the context of robustness evaluation. By using robustness analysis criteria on weights for attributes, we discovered that all elements had the same higher influence as in the genuine evaluation. The findings also show that quantitative outcomes are affected by weighted characteristics.

Because of the added facility of the hesitant fuzzy set concept in the approach, findings measured by the hesitant fuzzy AHP TOPSIS procedure are more precise than the other four procedures, as shown in Table 11 and Figure 7. As a result, the method employed in this research work has more potential and produces better outcomes.

7. Conclusions

We feel that it is critical to developing a hybrid dataset using several main datasets that are accessible online, as well as datasets gathered through the testbed simulation setup or at power industry campuses, as future work. To verify the accuracy of machine learning approaches from the perspective of industrial control systems, we plan to extend our early work from the viewpoint of industrial control systems with hybrid datasets, including the one described in [28,29,30,31,32,33,34,35]. Intrusion detection, on the other hand, has not been substantially researched in the collected works. As a result, it can be employed as an impeccable benchmark for future work to verify and validate the built ML algorithms. The simplified framework of the TE process, which is mentioned, can be employed to analyze the consequences of attacks in the procedure control domain. We feel that an industrial control systems simulation testbed can be employed for the following purposes:

• To serve as a prototype for a shared technical platform for the establishment of future industrial control systems cybersecurity test centers.
• To give businesses a cost-effective test platform that lowers simulation and testing costs while delivering more noteworthy outcomes than a standard testbed.
• To perform cyber-attacks against a hybrid framework of real-world monitoring and control systems in the energy sector.
• To create an easy-to-use testbed that is more realistic than simulations and less expensive.
• To prepare hybrid datasets for machine learning frameworks to train on in order to develop robust intrusion detection systems for industrial control systems.

Previous cyber security incidents demonstrate the significance of conducting security assessments on industrial control systems, especially to detect and close system weaknesses. Not only this, but a threat assessment is included in the cyber security assessment. Because most energy firms place a premium on system availability, cyber security evaluations should not affect the day-to-day operations of industrial control systems. The problems of conducting cyber security assessments in control systems are discussed in this paper, as well as the impact they have had on industrial control systems in general. We believe that a cyber-security assessment can be carried out by setting up a virtual lab that mimics the real-world environment of industrial control systems. Energy firms that own or administer industrial control systems should be able to take the necessary steps to ensure that their systems are secure and dependable, based on the challenges stated in this article. Because of the complexity of new malware targeting control systems, such as zero-day rootkits and attacks, attacks at the component level of control systems are exceedingly difficult to avoid and detect. As a result, at the procedure control level, new intrusion detection algorithms for industrial control systems are necessary. In this case, machine learning technologies have proven to be quite beneficial. The key consequences of the proposed work are as follows.

• By focusing on industrial control system cyber security factors, security approaches will be improved, analyzed, identified, and prioritized.
• To analyze the security evaluation of industrial control systems, MCDM methodologies, such as the hesitant fuzzy sets-based AHP-TOPSIS procedure are employed.
• Hesitant fuzzy sets based on the AHP method and hesitant fuzzy sets based on the TOPSIS procedure are well-known and widely employed for resolving multi-criteria decision-making issues, and they produce accurate and effective answers.

This research work could serve as a model for similar future research activities and policy initiatives aimed at securing the energy industries. The target for the future is to implement similar research activities with other powerful MCDM methodology on internet-based channels. The real-world dataset will be assessed, and final findings will be obtained easily by involving broad-level energy industries.