An extensive method to analyze impacts of cyber-security on major hazards - Ineris - Institut national de l'environnement industriel et des risques Accéder directement au contenu
Communication Dans Un Congrès Année : 2018

An extensive method to analyze impacts of cyber-security on major hazards

Résumé

Operators of industrial facilities must be able to control the risks that their installations pose to people or environment. To demonstrate this, they identify the major accident scenarios through preliminary and detailed risk analysis steps, then evaluate the performance of the risk control measures, and finally, risk acceptability in terms of likelihood and severity. The risk analysis methods used are adapted to evaluate accidental events. Industrial control systems (ICS) include control systems, safety instrumented systems and communication systems. They tend to be increasingly interconnected with the company's information systems and to use technologies derived from IT. They are therefore more vulnerable to cyber-attacks which can potentially generate major hazards for people and the environment. A cyber-attack can be targeted or not, can be internal or external to the targeted industrial site and the means of carrying out future attacks are potentially new and unknown. INERIS seeks to evaluate the impact of cyber-attacks on ICS in the process industry and particularly the possibility for the attacker to provoke dangerous effects for populations and environment. The approach should be focused on physical effects rather than on ICS vulnerabilities. A first approach, ATBT, consisted to link attack trees and bowtie diagrams (ESREL 2017, Computer and Security 2017). This allows to evaluate the likelihood of accidental and malicious causes of major hazards. This first approach relies on bowtie diagrams developed to assess accidental risks which are not exhaustive for attack scenarios. In this paper, we propose an approach to complete the identification of attack scenarios during the preliminary risk analysis. The aim of this methodology is to bridge the risk analysis related to cyber-attacks of IT and OT systems and risk analysis.
Fichier principal
Vignette du fichier
2018-275_post-print.pdf (214.83 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

ineris-03239679 , version 1 (27-05-2021)

Identifiants

  • HAL Id : ineris-03239679 , version 1

Citer

François Masse. An extensive method to analyze impacts of cyber-security on major hazards. 9. International Conference on Safety of Industrial Automated Systems (SIAS 2018), Oct 2018, Nancy, France. pp.32-38. ⟨ineris-03239679⟩

Collections

INERIS
39 Consultations
27 Téléchargements

Partager

Gmail Facebook X LinkedIn More