A new approach that considers cyber security within industrial risk analysis using a cyber bow-tie analysis
Résumé
The introduction of connected systems and digital technology in process industries creates new cyber-security threats that can lead to undesirable safety accidents. Thus, analyzing these threats during risk analysis becomes an important part for effective industrial risk evaluation. However, nowadays, safety and security are assessed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial risk analysis is proposed. This approach combines Bow-Tie Analysis (BTA), commonly used for safety analysis, with a new extended version of Attack Tree Analysis (ATA), introduced for security analysis of industrial control systems. The combined use of BT and AT provides an exhaustive representation of risk scenarios in terms of safety and security. We then propose an approach for evaluating the risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a risk scenario in a chemical facility.
Origine : Fichiers produits par l'(les) auteur(s)
Loading...