Quantitatively assessing the cyber-to-physical risk of industrial cyber-physical systems

Abstract

Industrial cyber-physical systems (ICPSs) are widely used in critical infrastructures. However, they threaten by various cyberattacks which can directly damage the physical processes of ICPSs. Therefore, we proposed a method to quantitatively assess the risk of cyberattacks on the physical systems of ICPSs. This method conduces implement-appropriate security strategies to protect the security of ICPSs. We use an extended Bayesian attack graph to quantify the probabilities of cyberattacks. In addition, we model the cyberattacks as the illegal control signals injected into the physical system and the illegal actions that change the structure of the physical system. With the established model, we compute a new metric: Physical-System-Deviation-Risk (PSDR), which is used to assess the impact of cyberattacks on the physical system. The risk of the physical systems caused by cyberattacks can be quantified by the PSDR and the probabilities of cyberattacks. Moreover, we use a specific case to demonstrate the effectiveness of this assessment method.