Evaluation of a Cyber Risk Assessment Approach for Cyber–Physical Systems: Maritime- and Energy-Use Cases-Reference-Cited by-同舟云学术

Evaluation of a Cyber Risk Assessment Approach for Cyber–Physical Systems: Maritime- and Energy-Use Cases

Published:2023-03-29 Issue:4 Volume:11 Page:744
ISSN:2077-1312
Container-title:Journal of Marine Science and Engineering
language:en
Short-container-title:JMSE

Author:

Amro Ahmed¹^ORCID,Gkioulos Vasileios¹

Affiliation:

1. Department of Information Security and Communication Technology, Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2815 Gjøvik, Norway

Abstract

In various domains such as energy, manufacturing, and maritime, cyber–physical systems (CPSs) have seen increased interest. Both academia and industry have focused on the cybersecurity aspects of such systems. The assessment of cyber risks in a CPS is a popular research area with many existing approaches that aim to suggest relevant methods and practices. However, few works have addressed the extensive and objective evaluation of the proposed approaches. In this paper, a standard-aligned evaluation methodology is presented and empirically conducted to evaluate a newly proposed cyber risk assessment approach for CPSs. The approach, which is called FMECA-ATT&CK is based on failure mode, effects and criticality analysis (FMECA) risk assessment process and enriched with the semantics and encoded knowledge in the Adversarial Tactics, Techniques, and Common Knowledge framework (ATT&CK). Several experts were involved in conducting two risk assessment processes, FMECA-ATT&CK and Bow-Tie, against two use cases in different application domains, particularly an autonomous passenger ship (APS) as a maritime-use case and a digital substation as an energy-use case. This allows for the evaluation of the approach based on a group of characteristics, namely, applicability, feasibility, accuracy, comprehensiveness, adaptability, scalability, and usability. The results highlight the positive utility of FMECA-ATT&CK in model-based, design-level, and component-level cyber risk assessment of CPSs with several identified directions for improvements. Moreover, the standard-aligned evaluation method and the evaluation characteristics have been demonstrated as enablers for the thorough evaluation of cyber risk assessment methods.

Funder

NTNU Digital transformation project Autoferry

Publisher

MDPI AG

Subject

Ocean Engineering,Water Science and Technology,Civil and Structural Engineering

Link

https://www.mdpi.com/2077-1312/11/4/744/pdf

Reference32 articles.

1. Duru, O. (2023, February 28). The Future Shipping Company: Autonomous Shipping Fleet Operators. Available online: https://www.maritime-executive.com/editorials/the-future-shipping-company-autonomous-shipping-fleet-operators.

2. NTNU Autoferry (2018). Autoferry—Autonomous All-Electric Passenger Ferries for Urban Water Transport, Norwegian University of Science and Technology.

3. Amro, A., Gkioulos, V., and Katsikas, S. (2019). Computer Security, Springer.

4. Johnson, B. (2023, February 28). Maritime Cyber Incidents Increased at Least 68 Percent in 2021, Coast Guard Reports. Available online: https://www.hstoday.us/featured/maritime-cyber-incidents-increased-at-least-68-percent-in-2021-coast-guard-reports/.

5. (2023, February 28). offshore energy.biz. COSCO Shipping Lines Falls Victim to Cyber Attack. Available online: https://www.offshore-energy.biz/cosco-shipping-lines-falls-victim-to-cyber-attack/.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Quantifying potential cyber-attack risks in maritime transportation under Dempster–Shafer theory FMECA and rule-based Bayesian network modelling;Reliability Engineering & System Safety;2024-03

2. Fuzzy-Based Unified Decision-Making Technique to Evaluate Security Risks: A Healthcare Perspective;Mathematics;2023-06-02