skip to main content

DOE PAGESDOE PAGES

Title: Risk assessment for Industrial Control Systems quantifying availability using mean failure cost (MFC)

Industrial Control Systems (ICS) are commonly used in industries such as oil and natural gas, transportation, electric, water and wastewater, chemical, pharmaceutical, pulp and paper, food and beverage, as well as discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control. Originally, ICS implementations were susceptible primarily to local threats because most of their components were located in physically secure areas (i.e., ICS components were not connected to IT networks or systems). The trend toward integrating ICS systems with IT networks (e.g., efficiency and the Internet of Things) provides significantly less isolation for ICS from the outside world thus creating greater risk due to external threats. Albeit, the availability of ICS/SCADA systems is critical to assuring safety, security and profitability. Such systems form the backbone of our national cyber-physical infrastructure. We extend the concept of mean failure cost (MFC) to address quantifying availability to harmonize well with ICS security risk assessment. This new measure is based on the classic formulation of Availability combined with Mean Failure Cost (MFC). The metric offers a computational basis to estimate the availability of a system in terms of the lossmore » that each stakeholder stands to sustain as a result of security violations or breakdowns (e.g., deliberate malicious failures).« less
Authors:
 [1] ;  [2] ;  [3]
  1. Savannah State Univ., Savannah GA (United States)
  2. Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
  3. Univ. of Memphis, Memphis, TN (United States)
Publication Date:
OSTI Identifier:
1222557
Grant/Contract Number:
AC05-00OR22725
Type:
Accepted Manuscript
Journal Name:
Journal of Artificial Intelligence and Soft Computing Research
Additional Journal Information:
Journal Volume: 5; Journal Issue: 3; Journal ID: ISSN 2083-2567
Publisher:
Polish Neural Network Society/De Gruyter
Research Org:
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Sponsoring Org:
USDOE
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING availability; security measures; dependability; security requirements for control systems; threats; vulnerabilities and risk