期刊
WATER
卷 15, 期 9, 页码 -出版社
MDPI
DOI: 10.3390/w15091687
关键词
risk assessment; cyber-physical attacks; agent-based model; sociotechnical system; probability of attack; cybersecurity; uncertainty; urban water systems; resilience; decision support
This study proposes a method to address the complex socio-technical dynamics and uncertainties in the digital era water system by incorporating socio-technical modeling. It uses a modular process, including estimation of vulnerability-induced probabilities and attack characteristics, generation of threat scenarios, cyber-physical stress-testing, and risk level assessment. By exploring different configurations, it investigates the effects of cyber-security practices and design traits on the modification of utility's risk level.
The identification and assessment of the cyber-physical-threat landscape that surrounds water systems in the digital era is governed by complex socio-technical dynamics and uncertainties that exceed the boundaries of traditional risk assessment. This work provides a remedy for those challenges by incorporating socio-technical modelling to account for the adaptive balance between goal-driven behaviours and available skills of adversaries, exploitable vulnerabilities of assets and utility's security posture, as well as an uncertainty-aware multi-scenario analysis to assess the risk level of any utility against cyber-physical threats. The proposed risk assessment framework, underpinned by a dedicated modelling chain, deploys a modular sequence of processes for (a) the estimation of vulnerability-induced probabilities and attack characteristics of the threat landscape under a spectrum of adversaries, (b) its formulation to a representative set of stochastically generated threat scenarios, (c) the combined cyber-physical stress-testing of the system against the generated scenarios and (d) the inference of the system's risk level at system and asset level. The proposed framework is demonstrated by exploring different configurations of a synthetic utility case study that investigate the effects and efficiency that different cyber-security practices and design traits can have over the modification of the risk level of the utility at various dimensions.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据