Cyber-Attacks Risk Analysis Method for Different Levels of Automation of Mining Processes in Mines Based on Fuzzy Theory Use

Abstract

The rising automation level and development of the Industry 4.0 concept in the mining sector increase the risk of cyber-attacks. As a result, this article focuses on developing a risk analysis method that integrates Kaplan’s and Garrick’s approach and fuzzy theory. The proposed approach takes into account the level of automation of the operating mining processes. Moreover, it follows five main steps, including identifying the automation level in a selected mine, definition of cyber-attack targets, identification of cyber-attack techniques, definition of cyber-attack consequences, and risk ratio assessment. The proposed risk assessment procedure was performed according to three cyber-attack targets (databases, internal networks, machinery) and seven selected types of cyber-attack techniques. The fuzzy theory is implemented in risk parameter estimation for cyber-attack scenario occurrence in the mining industry. To illustrate the given method’s applicability, seven scenarios for three levels of mine automation are analyzed. The proposed method may be used to reveal the current cybersecurity status of the mine. Moreover, it will be a valuable guide for mines in which automation is planned in the near future.