🌙

面向工业控制系统的安全、安保与可靠性风险评估混合本体及安全威胁分析方法

Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems

Reliability Engineering and System Safety · 2021
被引 64
ABS 3

中文导读

提出一种混合本体,统一可靠性、安全与安保概念,并基于此开发了工业控制系统的安全威胁分析方法,通过核燃料池冷却控制系统的案例验证了方法的可行性。

Abstract

This paper introduces a model-based methodology for hybrid reliability, availability, maintainability, safety, and security (RAMSS) risk assessment management, which extends our previous work of model-based, data-driven, support for engineering mission-critical systems. It represents a hybrid risk assessment ontology, which harmonises basic concepts between dependability, safety and security based on well-known industrial standards. Based on the proposed ontology, we create a cybersecurity risk analysis method, called Security Threat Analysis (STA), for industrial control systems and successfully demonstrate the method. For the demonstration, we introduce a data model for creating a tool-supported data repository for STA, then implement this repository with a commercial-off-the-shelf tool. We use the repository to carry out an exemplary STA of a nuclear fuel pool cooling control system, assessing a cybersecurity-related hazard. The demonstration suggests that the hybrid RAMSS risk assessment ontology and the related STA data model are ready to be tested in industrial use, offering a structured data repository to support assessment and traceability between the created artefacts.

工业控制系统风险评估网络安全本体可靠性工程