1,695 research outputs found
Vulnerability and Security Risk Assessment of a Thermal Power Plant Using SVA Technique
The philosophy behind the creation of every organization is bound up with the objectives for each it has been created. There are always factors threatening the continuation of the organization’s activities or even its existence. Some of these factors involve common threats in the security area which should be identified, assessed and controlled through a systematic risk management pattern. In the present study, Security Vulnerability Assessment (SVA) technique and a local version of SVA-Pro software called Joshan-Pro was used to estimate the vulnerability and security risk of a combined cycle power plant. In this Plant, 17 assets were identified and among them, 13 assets with higher priority were entered into Joshan-Pro software for further detailed analysis. Gas oil storage tanks with the vulnerability of 2.33 out of 5 and security risk of 46.60 out of 125 were identified as the most important asset in terms of security and the 230 kV substation with the vulnerability of 0.96 and security risk of 8.64 were labeled as asset with the lowest security risk in the plant. The results showed that Joshan-Pro software, using expert’s opinion, has acceptable capability to determine the security vulnerability of the infrastructures
A Quantitative Research Study on Probability Risk Assessments in Critical Infrastructure and Homeland Security
This dissertation encompassed quantitative research on probabilistic risk assessment (PRA) elements in homeland security and the impact on critical infrastructure and key resources. There are 16 crucial infrastructure sectors in homeland security that represent assets, system networks, virtual and physical environments, roads and bridges, transportation, and air travel. The design included the Bayes theorem, a process used in PRAs when determining potential or probable events, causes, outcomes, and risks. The goal is to mitigate the effects of domestic terrorism and natural and man-made disasters, respond to events related to critical infrastructure that can impact the United States, and help protect and secure natural gas pipelines and electrical grid systems. This study provides data from current risk assessment trends in PRAs that can be applied and designed in elements of homeland security and the criminal justice system to help protect critical infrastructures. The dissertation will highlight the aspects of the U.S. Department of Homeland Security National Infrastructure Protection Plan (NIPP). In addition, this framework was employed to examine the criminal justice triangle, explore crime problems and emergency preparedness solutions to protect critical infrastructures, and analyze data relevant to risk assessment procedures for each critical infrastructure identified. Finally, the study addressed the drivers and gaps in research related to protecting and securing natural gas pipelines and electrical grid systems
Recommended from our members
Cyber security in the nuclear industry: A closer look at digital control systems, networks and human factors
Data availability:
No data was used for the research described in the article.The development life cycle of conventional nuclear power plants (NPPs) needs to be optimized if the energy produced by advanced reactors and small modular reactors is to be competitive. One of the proposed optimisation initiatives is the digitalization of nuclear facility control and instrumentation. Digitalization of nuclear control and instrumentation will improve plants' performance and cost competitiveness. However, it could also introduce cyber security challenges. To create a strong cyber-defence for critical digital assets in nuclear facilities, an extensive analysis of threats and vulnerabilities in systems, networks, and devices is necessary. This article examines recent research that analyses the digital assets at nuclear power facilities for threats and vulnerabilities. This work synthesizes and categorises potential attack propagation paths in digitalized nuclear facilities based on five different surfaces: direct network path, programmable logic controllers, sensor/actuator signals, and indirect propagation paths such as attacks that exploit human factors and the supply chain. The work's main contribution is it provides a state-of-the-art understanding of the relationship between attack propagation paths, associated vulnerabilities, and current security controls. Based on the literature review, a framework for developing an attack-resilient control system for NPPs is suggested, which would be helpful for a security-informed design of reactor control systems. The discussion on nuclear cyber risks, vulnerabilities, attack routes, and defence methods offers a cutting-edge understanding of the security challenges in digitalized nuclear facilities. The suggested framework is an essential foundation for future research direction, towards a secured and resilient digitisation of nuclear power plant control systems.This work was supported in part by the Royal Society under grant SIF\R1\221035. The work of A. Ayodeji & H. Ahmed is funded through the Sêr Cymru II 80761-BU-103 project by the Welsh European Funding Office (WEFO) under the European Regional Development Fund (ERDF)
Securing industrial control system environments: the missing piece
Cyberattacks on industrial control systems (ICSs) are no longer matters of anticipation. These systems are continually subject to malicious attacks without much resistance. Network breaches, data theft, denial of service, and command and control functions are examples of common attacks on ICSs. Despite available security solutions, safety, security, resilience, and performance require both private public sectors to step-up strategies to address increasing security concerns on ICSs. This paper reviews the ICS security risk landscape, including current security solution strategies in order to determine the gaps and limitations for effective mitigation. Notable issues point to a greater emphasis on technology security while discounting people and processes attributes. This is clearly incongruent with; emerging security risk trends, the biased security strategy of focusing more on supervisory control and data acquisition systems, and the emergence of more sector-specific solutions as against generic security solutions. Better solutions need to include approaches that follow similar patterns as the problem trend. These include security measures that are evolutionary by design in response to security risk dynamics. Solutions that recognize and include; people, process and technology security enhancement into asingle system, and addressing all three-entity vulnerabilities can provide a better solution for ICS environments
Ranking the Risks from Multiple Hazards in a Small Community
Natural hazards, human-induced accidents, and malicious acts have caused great losses and disruptions to society. After September 11, 2001, critical infrastructure protection has become a national focus in the United States and is likely to remain one for the foreseeable future. Damage to our infrastructures and assets could be mitigated through pre-disaster planning and actions. We have developed a systematic methodology to assess and rank the risks from these multiple hazards in a community of 20,000 people. It is an interdisciplinary study that includes probabilistic risk assessment, decision analysis, and expert judgment. Scenarios are constructed to show how the initiating events evolve into undesirable consequences. A value tree, based on multi-attribute utility theory, is used to capture the decision maker’s preferences about the impacts on the infrastructures and other assets. The risks from random failures are ranked according to their Expected Performance Index, which is the product of frequency, probability, and consequence of a scenario. Risks from malicious acts are ranked according to their Performance Index as the frequency of attack is not available. A deliberative process is used to capture the factors that could not be addressed in the analysis and to scrutinize the results. This methodology provides a framework for the development of a risk-informed decision strategy. Although this study uses the Massachusetts Institute of Technology campus as a test-bed, it is a general methodology that could be used by other similar communities and municipalities
Bibliographical review on cyber attacks from a control oriented perspective
This paper presents a bibliographical review of definitions, classifications and applications concerning cyber attacks in networked control systems (NCSs) and cyber-physical systems (CPSs). This review tackles the topic from a control-oriented perspective, which is complementary to information or communication ones. After motivating the importance of developing new methods for attack detection and secure control, this review presents security objectives, attack modeling, and a characterization of considered attacks and threats presenting the detection mechanisms and remedial actions. In order to show the properties of each attack, as well as to provide some deeper insight into possible defense mechanisms, examples available in the literature are discussed. Finally, open research issues and paths are presented.Peer ReviewedPostprint (author's final draft
- …