C.Ri.S.P. - Cyber Risk Analysis in Industrial Process System Environment

Abstract:The increasing adoption, in critical infrastructures and industrial automation, of physical control systems based on interconnected networks has led to a growing and previously unforeseen threat to information security for supervisory control and data acquisition (SCADA) and control systems distributed (DCS). It is essential that engineers and managers understand these problems and know the consequences of remote hacking. In the contest of Industrial Process are very commonly used risk assessment methods such as HHM, IIM, and RFRM that have been successfully applied to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics and the probability risk analysis (PRA) which includes methods such as FTA, ETA and FEMA and HAZOP. The goal of these methods is, in general, to determine the impact of a problem on the process plant and the risk reduction associated with a particular countermeasure. This document provides a methodology named CRiSP - Cyber Risk Analysis in Industrial Process System Environment. CRiSP tries to define a structured approach needed to analyze the consequence of an undesired remote manipulation. CRiSP allow to analyze the risk related to the manipulation of a single element of the plant and to analyze the consequence restricted to a portion of the plant. CRiSP helps to have a broad overview of cybersecurity and risk and to adopt the necessary countermeasure. Keywords:Cybersecurity, Risk Analysis, Risk management, Industry 4.0.