A Continuous Risk Management Approach for Cyber-Security in Industrial Control Systems

Boye, Carolina Adaros (2021) A Continuous Risk Management Approach for Cyber-Security in Industrial Control Systems. Doctoral thesis, Birmingham City University.

Carolina Adaros Boye_PhD Thesis_Final Version_Submitted Oct 2021_Final Award Nov 2021.pdf - Submitted Version

Download (5MB)


In industrial networks, a cyber-incident can have, as a consequence, the interference with physical processes, which can potentially cause damages to property, to humans’ health and safety, and to the environment. Currently most safeguards built into Industrial Control Systems provide mitigations against accidents and faults but are not necessarily effective against malicious acts. Moreover, even if cyber-threats can be contained, significant costs will be incurred whenever operations have to shut down in response to a cyber-attack. As there are important gaps in Industrial Control Systems, they have increasingly been targeted over the past decade, creating concern among the cyber-security and the process control engineering communities. Operators may be reluctant or unable to implement standard cyber-security controls in this type of systems because they might interfere with time-sensitive control loops, interrupt continuous operation or potentially compromise safety. This situation calls for a more proactive approach to monitor cyber-risks since many of them cannot be totally eliminated or properly controlled by preventative measures. Traditional risk management approaches do not address this, since they are not conceived to work at the same speed that changes can occur in cyber-security operations. This thesis aims to facilitate the adoption of Continuous Risk Management in industrial networks by proposing a risk assessment methodology focused mainly on the aspect of risk likelihood updates.

The approach proposed is based on a Continuous Risk Assessment Methodology, which is derived from a typical Risk Management process and modified to work in a continuous basis. The methodology consists of workflows and a description of each process involved, including its inputs and outputs. Additionally, a number of resources to support the implementation of the methodology on industrial environments were developed. These resources consist of the introduction and categorisation of the concept of “Indicator of Risk” (IoR), a knowledge base, containing a set of different categories of IoRs, named as the “IoR Library” and the implementation of this knowledge base on a Bayesian Network template. Finally, behavioural anomaly detection using sensors data is demonstrated to illustrate the use of IoRs based on data from physical processes as a resource to detect possible cyber-risks. These resources provided concrete means to address issues in industrial cyber-security risk management such as the availability and quality of information, the complexity of defining rules and identifying normal and abnormal states, the limited scope of academic work, and the lack of integration between risk management and cyber-security operations.

Item Type: Thesis (Doctoral)
13 October 2021Submitted
12 November 2021Accepted
Uncontrolled Keywords: Risk Management, Cyber-security, ICS, Risk Analysis, Cyber-security risks
Subjects: CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science
CAH11 - computing > CAH11-01 - computing > CAH11-01-08 - others in computing
Divisions: Doctoral Research College > Doctoral Theses Collection
Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology
Depositing User: Richard Birley
Date Deposited: 09 Jun 2022 14:00
Last Modified: 09 Jun 2022 14:00
URI: https://www.open-access.bcu.ac.uk/id/eprint/13282

Actions (login required)

View Item View Item


In this section...