Skip to Main content Skip to Navigation
Conference papers

An extensive method to analyze impacts of cyber-security on major hazards

Abstract : Operators of industrial facilities must be able to control the risks that their installations pose to people or environment. To demonstrate this, they identify the major accident scenarios through preliminary and detailed risk analysis steps, then evaluate the performance of the risk control measures, and finally, risk acceptability in terms of likelihood and severity. The risk analysis methods used are adapted to evaluate accidental events. Industrial control systems (ICS) include control systems, safety instrumented systems and communication systems. They tend to be increasingly interconnected with the company's information systems and to use technologies derived from IT. They are therefore more vulnerable to cyber-attacks which can potentially generate major hazards for people and the environment. A cyber-attack can be targeted or not, can be internal or external to the targeted industrial site and the means of carrying out future attacks are potentially new and unknown. INERIS seeks to evaluate the impact of cyber-attacks on ICS in the process industry and particularly the possibility for the attacker to provoke dangerous effects for populations and environment. The approach should be focused on physical effects rather than on ICS vulnerabilities. A first approach, ATBT, consisted to link attack trees and bowtie diagrams (ESREL 2017, Computer and Security 2017). This allows to evaluate the likelihood of accidental and malicious causes of major hazards. This first approach relies on bowtie diagrams developed to assess accidental risks which are not exhaustive for attack scenarios. In this paper, we propose an approach to complete the identification of attack scenarios during the preliminary risk analysis. The aim of this methodology is to bridge the risk analysis related to cyber-attacks of IT and OT systems and risk analysis.
Document type :
Conference papers
Complete list of metadata

https://hal-ineris.archives-ouvertes.fr/ineris-03239679
Contributor : Gestionnaire Civs Connect in order to contact the contributor
Submitted on : Thursday, May 27, 2021 - 3:53:57 PM
Last modification on : Saturday, June 19, 2021 - 3:14:05 AM
Long-term archiving on: : Saturday, August 28, 2021 - 7:47:23 PM

File

2018-275_post-print.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : ineris-03239679, version 1

Collections

Citation

François Masse. An extensive method to analyze impacts of cyber-security on major hazards. 9. International Conference on Safety of Industrial Automated Systems (SIAS 2018), Oct 2018, Nancy, France. pp.32-38. ⟨ineris-03239679⟩

Share

Metrics

Record views

13

Files downloads

12