Security and Safety in Cyber-Physical System (CPS): An Inclusive Threat Model
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F62690094%3A18450%2F24%3A50021754" target="_blank" >RIV/62690094:18450/24:50021754 - isvavai.cz</a>
Result on the web
<a href="https://semarakilmu.com.my/journals/index.php/applied_sciences_eng_tech/article/view/6379" target="_blank" >https://semarakilmu.com.my/journals/index.php/applied_sciences_eng_tech/article/view/6379</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.37934/araset.40.2.176202" target="_blank" >10.37934/araset.40.2.176202</a>
Alternative languages
Result language
angličtina
Original language name
Security and Safety in Cyber-Physical System (CPS): An Inclusive Threat Model
Original language description
A Cyber-Physical System (CPS) is a combination of computational algorithms and physical processes that are integrated together. Cyber-Physical Systems (CPS) integrate computer and communication capabilities with the monitoring and management of physical parts, establishing a mutually beneficial interaction between the cyber and physical components. Industrial Control System (ICS) is one example of CPS which integrates the physical (OT) and cyber domains (IT), which makes them more vulnerable to attacks. Two essential characteristics of Cyber-Physical Systems (CPS) are safety and security. Threat models are methods for identifying, analysing, and proposing security control countermeasures for threats and their capabilities. However, the threat model methods which are used for the traditional IT systems are not sufficient as they do not include the physical interactions, consequences and impacts to the safety aspects in the Operational Technology (OT). On the other hand, a risk assessment analyses attack scenario, examines cybersecurity from the attacker's point of view, and gives cost-benefit data to support the expenditure on security measures. This study proposes an inclusive attacker’s centric threat model and pro-active risk assessment model for CPS using Mamdani Fuzzy Inference System (FIS). The outcomes of the threat model prove that the lateral propagation of the threat is possible and threat may also propagate from the CPS assets to the IT segment. The risk assessment by using FIS shown that the safety and security risk for the CPS is significant and calculated as medium level. Hence, the risk factors that are considered in calculating the overall risk for a CPS need to be immediately addressed and mitigated. © 2024, Semarak Ilmu Publishing. All rights reserved.
Czech name
—
Czech description
—
Classification
Type
J<sub>SC</sub> - Article in a specialist periodical, which is included in the SCOPUS database
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
—
Continuities
I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Others
Publication year
2024
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
Journal of Advanced Research in Applied Sciences and Engineering Technology
ISSN
2462-1943
e-ISSN
2462-1943
Volume of the periodical
40
Issue of the periodical within the volume
2
Country of publishing house
MY - MALAYSIA
Number of pages
27
Pages from-to
176-202
UT code for WoS article
—
EID of the result in the Scopus database
2-s2.0-85186616640