A review of cyber security risk assessment methods for SCADA systems

详细信息    查看全文

• 作者：Yulia Cherdantseva^a ; ^{y.v.cherdantseva@cs.cardiff.ac.uk" class="auth_mail" title="E-mail the corresponding author}Author Vitae ; Pete Burnap^a ; ^{burnapp@cardiff.ac.uk" class="auth_mail" title="E-mail the corresponding author}Author Vitae ; Andrew Blyth^b ; ^{andrew.blyth@southwales.ac.uk" class="auth_mail" title="E-mail the corresponding author}Author Vitae ; Peter Eden^b ; ^{peter.eden@southwales.ac.uk" class="auth_mail" title="E-mail the corresponding author}Author Vitae ; Kevin Jones^c ; ^{kevin.jones@airbus.com" class="auth_mail" title="E-mail the corresponding author}Author Vitae ; Hugh Soulsby^c ; ^{hugh.soulsby@eads.com" class="auth_mail" title="E-mail the corresponding author}Author Vitae ; Kristan Stoddart^d ; ^{kds@aber.ac.uk" class="auth_mail" title="E-mail the corresponding author}Author Vitae
• 关键词：SCADA ; ICS ; Cyber security ; Risk assessment methods ; Risk analysis ; Risk management ; Review
• 刊名：Computers & Security
• 出版年：2016
• 出版时间：February 2016
• 年：2016
• 卷：56
• 期：Complete
• 页码：1-27
• 全文大小：1625 K

文摘

This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluation and tool support. Based on the analysis, we suggest an intuitive scheme for the categorisation of cyber security risk assessment methods for SCADA systems. We also outline five research challenges facing the domain and point out the approaches that might be taken.