Next Article in Journal
Co-Optimization of Communication and Sensing for Multiple Unmanned Aerial Vehicles in Cooperative Target Tracking
Next Article in Special Issue
Efficient Implementations of Four-Dimensional GLV-GLS Scalar Multiplication on 8-Bit, 16-Bit, and 32-Bit Microcontrollers
Previous Article in Journal
Plasmonic Conglobation of Ultrathin Ag Nanofilms Far below Their Melting Points by Infrared Illumination
Previous Article in Special Issue
On the Robustness of No-Feedback Interdependent Networks
Article Menu
Issue 6 (June) cover image

Export Article

Open AccessArticle
Appl. Sci. 2018, 8(6), 898; https://doi.org/10.3390/app8060898

An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System

1
School of Architecture, Computing and Engineering, University of East London, London E16 2RD, UK
2
School of Computing, Media and Arts, Teesside University, Middleborough TS1 3BX, UK
*
Authors to whom correspondence should be addressed.
Received: 30 March 2018 / Revised: 8 May 2018 / Accepted: 16 May 2018 / Published: 30 May 2018
(This article belongs to the Special Issue Security and Privacy for Cyber Physical Systems)
Full-Text   |   PDF [1264 KB, uploaded 30 May 2018]   |  

Abstract

A cyber-physical system (CPS) is a combination of physical system components with cyber capabilities that have a very tight interconnectivity. CPS is a widely used technology in many applications, including electric power systems, communications, and transportation, and healthcare systems. These are critical national infrastructures. Cybersecurity attack is one of the major threats for a CPS because of many reasons, including complexity and interdependencies among various system components, integration of communication, computing, and control technology. Cybersecurity attacks may lead to various risks affecting the critical infrastructure business continuity, including degradation of production and performance, unavailability of critical services, and violation of the regulation. Managing cybersecurity risks is very important to protect CPS. However, risk management is challenging due to the inherent complex and evolving nature of the CPS system and recent attack trends. This paper presents an integrated cybersecurity risk management framework to assess and manage the risks in a proactive manner. Our work follows the existing risk management practice and standard and considers risks from the stakeholder model, cyber, and physical system components along with their dependencies. The approach enables identification of critical CPS assets and assesses the impact of vulnerabilities that affect the assets. It also presents a cybersecurity attack scenario that incorporates a cascading effect of threats and vulnerabilities to the assets. The attack model helps to determine the appropriate risk levels and their corresponding mitigation process. We present a power grid system to illustrate the applicability of our work. The result suggests that risk in a CPS of a critical infrastructure depends mainly on cyber-physical attack scenarios and the context of the organization. The involved risks in the studied context are both from the technical and nontechnical aspects of the CPS. View Full-Text
Keywords: cybersecurity; risk management; cyber-physical systems; cybersecurity attack scenario; supervisory control and data acquisition (SCADA) systems; cascading effect cybersecurity; risk management; cyber-physical systems; cybersecurity attack scenario; supervisory control and data acquisition (SCADA) systems; cascading effect
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Kure, H.I.; Islam, S.; Razzaque, M.A. An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System. Appl. Sci. 2018, 8, 898.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Appl. Sci. EISSN 2076-3417 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top