Security and Safety in Cyber-Physical System (CPS): An Inclusive Threat Model

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F62690094%3A18450%2F24%3A50021754" target="_blank" >RIV/62690094:18450/24:50021754 - isvavai.cz</a>

Výsledek na webu

<a href="https://semarakilmu.com.my/journals/index.php/applied_sciences_eng_tech/article/view/6379" target="_blank" >https://semarakilmu.com.my/journals/index.php/applied_sciences_eng_tech/article/view/6379</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.37934/araset.40.2.176202" target="_blank" >10.37934/araset.40.2.176202</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Security and Safety in Cyber-Physical System (CPS): An Inclusive Threat Model

Popis výsledku v původním jazyce

A Cyber-Physical System (CPS) is a combination of computational algorithms and physical processes that are integrated together. Cyber-Physical Systems (CPS) integrate computer and communication capabilities with the monitoring and management of physical parts, establishing a mutually beneficial interaction between the cyber and physical components. Industrial Control System (ICS) is one example of CPS which integrates the physical (OT) and cyber domains (IT), which makes them more vulnerable to attacks. Two essential characteristics of Cyber-Physical Systems (CPS) are safety and security. Threat models are methods for identifying, analysing, and proposing security control countermeasures for threats and their capabilities. However, the threat model methods which are used for the traditional IT systems are not sufficient as they do not include the physical interactions, consequences and impacts to the safety aspects in the Operational Technology (OT). On the other hand, a risk assessment analyses attack scenario, examines cybersecurity from the attacker&apos;s point of view, and gives cost-benefit data to support the expenditure on security measures. This study proposes an inclusive attacker’s centric threat model and pro-active risk assessment model for CPS using Mamdani Fuzzy Inference System (FIS). The outcomes of the threat model prove that the lateral propagation of the threat is possible and threat may also propagate from the CPS assets to the IT segment. The risk assessment by using FIS shown that the safety and security risk for the CPS is significant and calculated as medium level. Hence, the risk factors that are considered in calculating the overall risk for a CPS need to be immediately addressed and mitigated. © 2024, Semarak Ilmu Publishing. All rights reserved.

Název v anglickém jazyce

Security and Safety in Cyber-Physical System (CPS): An Inclusive Threat Model

Popis výsledku anglicky

A Cyber-Physical System (CPS) is a combination of computational algorithms and physical processes that are integrated together. Cyber-Physical Systems (CPS) integrate computer and communication capabilities with the monitoring and management of physical parts, establishing a mutually beneficial interaction between the cyber and physical components. Industrial Control System (ICS) is one example of CPS which integrates the physical (OT) and cyber domains (IT), which makes them more vulnerable to attacks. Two essential characteristics of Cyber-Physical Systems (CPS) are safety and security. Threat models are methods for identifying, analysing, and proposing security control countermeasures for threats and their capabilities. However, the threat model methods which are used for the traditional IT systems are not sufficient as they do not include the physical interactions, consequences and impacts to the safety aspects in the Operational Technology (OT). On the other hand, a risk assessment analyses attack scenario, examines cybersecurity from the attacker&apos;s point of view, and gives cost-benefit data to support the expenditure on security measures. This study proposes an inclusive attacker’s centric threat model and pro-active risk assessment model for CPS using Mamdani Fuzzy Inference System (FIS). The outcomes of the threat model prove that the lateral propagation of the threat is possible and threat may also propagate from the CPS assets to the IT segment. The risk assessment by using FIS shown that the safety and security risk for the CPS is significant and calculated as medium level. Hence, the risk factors that are considered in calculating the overall risk for a CPS need to be immediately addressed and mitigated. © 2024, Semarak Ilmu Publishing. All rights reserved.

Druh

J_SC - Článek v periodiku v databázi SCOPUS

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Journal of Advanced Research in Applied Sciences and Engineering Technology

ISSN

2462-1943

e-ISSN

2462-1943

Svazek periodika

40

Číslo periodika v rámci svazku

2

Stát vydavatele periodika

MY - Malajsie

Počet stran výsledku

27

Strana od-do

176-202

Kód UT WoS článku

—

EID výsledku v databázi Scopus

2-s2.0-85186616640