A review of cyber security risk assessment methods for SCADA systems

Yulia Cherdantseva; Pete Burnap; Andrew Blyth; Peter Eden; Kevin Jones; Hugh Soulsby; Kristan Stoddart

doi:10.1016/j.cose.2015.09.009

A review of cyber security risk assessment methods for SCADA systems

Yulia Cherdantseva^*, Pete Burnap, Andrew Blyth, Peter Eden, Kevin Jones, Hugh Soulsby, Kristan Stoddart

^*Corresponding author for this work

Research output: Contribution to journal › Review article › peer-review

8 Citations (Scopus)

1552 Downloads (Pure)

Abstract

This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluation and tool support. Based on the analysis, we suggest an intuitive scheme for the categorisation of cyber security risk assessment methods for SCADA systems. We also outline five research challenges facing the domain and point out the approaches that might be taken.

Original language	English
Pages (from-to)	1-27
Number of pages	27
Journal	Computers and Security
Volume	56
Early online date	13 Oct 2015
DOIs	https://doi.org/10.1016/j.cose.2015.09.009
Publication status	Published - 1 Feb 2016

Keywords

Cyber security
ICS
Review
Risk analysis
Risk assessment methods
Risk management
SCADA

Access to Document

10.1016/j.cose.2015.09.009Licence: CC BY

Version of Record with a CC BY LicenceFinal published version, 1.59 MBLicence: CC BY

Cite this

@article{c9f57b2585804dc88bdebbd65c2c7e20,

title = "A review of cyber security risk assessment methods for SCADA systems",

abstract = "This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluation and tool support. Based on the analysis, we suggest an intuitive scheme for the categorisation of cyber security risk assessment methods for SCADA systems. We also outline five research challenges facing the domain and point out the approaches that might be taken.",

keywords = "Cyber security, ICS, Review, Risk analysis, Risk assessment methods, Risk management, SCADA",

author = "Yulia Cherdantseva and Pete Burnap and Andrew Blyth and Peter Eden and Kevin Jones and Hugh Soulsby and Kristan Stoddart",

year = "2016",

month = feb,

day = "1",

doi = "10.1016/j.cose.2015.09.009",

language = "English",

volume = "56",

pages = "1--27",

journal = "Computers and Security",

issn = "0167-4048",

publisher = "Elsevier",

}

TY - JOUR

T1 - A review of cyber security risk assessment methods for SCADA systems

AU - Cherdantseva, Yulia

AU - Burnap, Pete

AU - Blyth, Andrew

AU - Eden, Peter

AU - Jones, Kevin

AU - Soulsby, Hugh

AU - Stoddart, Kristan

PY - 2016/2/1

Y1 - 2016/2/1

N2 - This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluation and tool support. Based on the analysis, we suggest an intuitive scheme for the categorisation of cyber security risk assessment methods for SCADA systems. We also outline five research challenges facing the domain and point out the approaches that might be taken.

AB - This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluation and tool support. Based on the analysis, we suggest an intuitive scheme for the categorisation of cyber security risk assessment methods for SCADA systems. We also outline five research challenges facing the domain and point out the approaches that might be taken.

KW - Cyber security

KW - ICS

KW - Review

KW - Risk analysis

KW - Risk assessment methods

KW - Risk management

KW - SCADA

U2 - 10.1016/j.cose.2015.09.009

DO - 10.1016/j.cose.2015.09.009

M3 - Review article

AN - SCOPUS:84946126337

SN - 0167-4048

VL - 56

SP - 1

EP - 27

JO - Computers and Security

JF - Computers and Security

ER -

A review of cyber security risk assessment methods for SCADA systems

Abstract

Keywords

Access to Document

Fingerprint

Cite this