Comprehensive Network Security Risk Model for Process Control Networks
The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the lik...
Saved in:
Published in | Risk analysis Vol. 29; no. 2; pp. 223 - 248 |
---|---|
Main Authors | , |
Format | Journal Article |
Language | English |
Published |
Malden, USA
Blackwell Publishing Inc
01.02.2009
Blackwell Publishing Ltd |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example. |
---|---|
Bibliography: | http://dx.doi.org/10.1111/j.1539-6924.2008.01151.x ark:/67375/WNG-FH6TSQ5F-Q ArticleID:RISA1151 istex:C57777079EE5E51E66B7EB596A8304C861E38C45 Founding Director of the Center for Risk Management of Engineering Systems, established 1987, and Lawrence R. Quarles Professor of Systems and Information Engineering, University of Virginia, Charlottesville, VA, USA. Johns Hopkins University Applied Physics Laboratory, Laurel, MD, USA. ObjectType-Article-2 SourceType-Scholarly Journals-1 ObjectType-Feature-1 content type line 23 ObjectType-Article-1 ObjectType-Feature-2 |
ISSN: | 0272-4332 1539-6924 |
DOI: | 10.1111/j.1539-6924.2008.01151.x |