Journal
IEEE ACCESS
Volume 11, Issue -, Pages 37229-37242Publisher
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/ACCESS.2023.3263671
Keywords
Integrated circuit modeling; Business; Uncertainty; Risk management; Numerical models; Complex systems; Analytical models; Dependency modelling; industrial control system; risk; risk identification methodologies
Ask authors/readers for more resources
Identifying risks in complex systems like Industrial Control Systems (ICS) requires a holistic understanding of the entire system. Dependency modelling (DM) is a participative methodology that helps identify system goals and dependencies. However, there are limitations in the current expressions of DM that hinder its adaptation for risk identification in ICS environments. This research explores how DM can be extended to address these limitations and proposes additional variables specific to ICS environments. The proposed extension improves risk identification at the enterprise, business process, and technology levels.
Complex systems such as Industrial Control Systems (ICS) are designed as a collection of functionally dependent and highly connected units with multiple stakeholders. Identifying the risk of such complex systems requires an overall view of the entire system. Dependency modelling (DM) is a highly participative methodology that identifies the goals and objectives of a system and the required dependants to satisfy these goals. Researchers have proved DM to be suitable for identifying and quantifying impact and uncertainty in complex environments. However, there exist limitations in the current expressions of DM that hinder its complete adaptation for risk identification in a complex environment such as ICS. This research investigates how the capability of DM could be extended to address the identified limitations and proposes additional variables to address phenomena that are unique to ICS environments. The proposed extension is built into a system-driven ICS dependency modeller, and we present an illustrative example using a scenario of a generic ICS environment. We reflect that the proposed technique supports an improvement in the initial user data input in the identification of areas of risk at the enterprise, business process, and technology levels.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available