| Title | A New Evaluation Model for Information Security Risk Management of SCADA Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Lin, Kuo-Sui |
| Conference Name | 2019 IEEE International Conference on Industrial Cyber Physical Systems (ICPS) |
| Keywords | compositionality, critical information infrastructure, cyber layers, cyber-physical attacks, design review, failure analysis, FMEA inherent problems, Human Behavior, Information Security Risk Management, Information systems, Monitoring, new evaluation model, Pattern recognition, physical layers, process control, pubcrawl, Resiliency, risk management, RPN, Safety, SCADA, SCADA system, SCADA systems, SCADA Systems Security, secure SCADA failure modes, security, security of data, semiquantitative high level analysis, structured method, uncertain environment, vague environment, Vague Set Theory |
| Abstract | Supervisory control and data acquisition (SCADA) systems are becoming increasingly susceptible to cyber-physical attacks on both physical and cyber layers of critical information infrastructure. Failure Mode and Effects Analysis (FMEA) have been widely used as a structured method to prioritize all possible vulnerable areas (failure modes) for design review of security of information systems. However, traditional RPN based FMEA has some inherent problems. Besides, there is a lacking of application of FMEA for security in SCADAs under vague and uncertain environment. Thus, the main purpose of this study was to propose a new evaluation model, which not only intends to recover above mentioned problems, but also intends to evaluate, prioritize and correct security risk of SCADA system's threat modes. A numerical case study was also conducted to demonstrate that the proposed new evaluation model is not only capable of addressing FMEA's inherent problems but also is best suited for a semi-quantitative high level analysis of a secure SCADA's failure modes in the early design phases. |
| DOI | 10.1109/ICPHYS.2019.8780280 |
| Citation Key | lin_new_2019 |
A New Evaluation Model for Information Security Risk Management of SCADA Systems