Risk assessment for Industrial Control Systems quantifying availability using mean failure cost (MFC)

Chen, Qian; Abercrombie, Robert K; Sheldon, Frederick T.

doi:10.1515/jaiscr-2015-0029

Title: Risk assessment for Industrial Control Systems quantifying availability using mean failure cost (MFC)

Abstract

Industrial Control Systems (ICS) are commonly used in industries such as oil and natural gas, transportation, electric, water and wastewater, chemical, pharmaceutical, pulp and paper, food and beverage, as well as discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control.Originally, ICS implementations were susceptible primarily to local threats because most of their components were located in physically secure areas (i.e., ICS components were not connected to IT networks or systems). The trend toward integrating ICS systems with IT networks (e.g., efficiency and the Internet of Things) provides significantly less isolation for ICS from the outside world thus creating greater risk due to external threats. Albeit, the availability of ICS/SCADA systems is critical to assuring safety, security and profitability. Such systems form the backbone of our national cyber-physical infrastructure.Herein, we extend the concept of mean failure cost (MFC) to address quantifying availability to harmonize well with ICS security risk assessment. This new measure is based on the classic formulation of Availability combined with Mean Failure Cost (MFC). Finally, the metric offers a computational basis to estimate the availability of a system in terms of the lossmore »« less

Authors:

Chen, Qian ^[1]; Abercrombie, Robert K ^[2]; Sheldon, Frederick T. ^[3]

Savannah State Univ., Savannah GA (United States)
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Univ. of Memphis, Memphis, TN (United States)

Publication Date:: Wed Sep 23 00:00:00 EDT 2015

Research Org.:: Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1222557

Alternate Identifier(s):: OSTI ID: 1265821

Grant/Contract Number:: AC05-00OR22725

Resource Type:: Accepted Manuscript

Journal Name:: Journal of Artificial Intelligence and Soft Computing Research

Additional Journal Information:: Journal Volume: 5; Journal Issue: 3; Journal ID: ISSN 2083-2567

Publisher:: Polish Neural Network Society/De Gruyter

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING; availability; security measures; dependability; security requirements for control systems; threats; vulnerabilities and risk; Vulnterabilites and Risk

Citation Formats


                    Chen, Qian, Abercrombie, Robert K, and Sheldon, Frederick T. Risk assessment for Industrial Control Systems quantifying availability using mean failure cost (MFC).  United States: N. p., 2015. 
Web.  doi:10.1515/jaiscr-2015-0029.

Copy to clipboard


                    Chen, Qian, Abercrombie, Robert K, & Sheldon, Frederick T. Risk assessment for Industrial Control Systems quantifying availability using mean failure cost (MFC).  United States.  https://doi.org/10.1515/jaiscr-2015-0029

Copy to clipboard


                    Chen, Qian, Abercrombie, Robert K, and Sheldon, Frederick T. Wed .  
"Risk assessment for Industrial Control Systems quantifying availability using mean failure cost (MFC)".  United States.  https://doi.org/10.1515/jaiscr-2015-0029.  https://www.osti.gov/servlets/purl/1222557.

Copy to clipboard


                    
@article{osti_1222557,

  title        = {Risk assessment for Industrial Control Systems quantifying availability using mean failure cost (MFC)},

  author       = {Chen, Qian and Abercrombie, Robert K and Sheldon, Frederick T.},

  abstractNote = {Industrial Control Systems (ICS) are commonly used in industries such as oil and natural gas, transportation, electric, water and wastewater, chemical, pharmaceutical, pulp and paper, food and beverage, as well as discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control.Originally, ICS implementations were susceptible primarily to local threats because most of their components were located in physically secure areas (i.e., ICS components were not connected to IT networks or systems). The trend toward integrating ICS systems with IT networks (e.g., efficiency and the Internet of Things) provides significantly less isolation for ICS from the outside world thus creating greater risk due to external threats. Albeit, the availability of ICS/SCADA systems is critical to assuring safety, security and profitability. Such systems form the backbone of our national cyber-physical infrastructure.Herein, we extend the concept of mean failure cost (MFC) to address quantifying availability to harmonize well with ICS security risk assessment. This new measure is based on the classic formulation of Availability combined with Mean Failure Cost (MFC). Finally, the metric offers a computational basis to estimate the availability of a system in terms of the loss that each stakeholder stands to sustain as a result of security violations or breakdowns (e.g., deliberate malicious failures).},

  doi          = {10.1515/jaiscr-2015-0029},

  journal      = {Journal of Artificial Intelligence and Soft Computing Research},

  number       = 3,

  volume       = 5,

  place        = {United States},

  year         = {Wed Sep 23 00:00:00 EDT 2015},

  month        = {Wed Sep 23 00:00:00 EDT 2015}

}

Copy to clipboard

Journal Article:

Free Publicly Available Full Text

Accepted Manuscript (DOE)

Publisher's Version of Record

https://doi.org/10.1515/jaiscr-2015-0029

Other availability

Search WorldCat to find libraries that may hold this journal

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Exogenous polyamines affect mycorrhizal development of Glomus mosseae-colonized citrus (Citrus tangerine) seedlings
journal, January 2010

Wu, Qiang-Sheng; Peng, Yan-Hong; Zou, Ying-Ning
ScienceAsia, Vol. 36, Issue 3, p. 254
DOI: 10.2306/scienceasia1513-1874.2010.36.254

Works referencing / citing this record:

Application of the Givens Rotations in the Neural Network Learning Algorithm
book, January 2016

Bilski, Jarosław; Kowalczyk, Bartosz; Żurada, Jacek M.
Artificial Intelligence and Soft Computing
DOI: 10.1007/978-3-319-39378-0_5

Fuzzy PID Controllers with FIR Filtering and a Method for Their Construction
book, January 2017

Łapa, Krystian; Cpałka, Krzysztof; Przybył, Andrzej
Artificial Intelligence and Soft Computing
DOI: 10.1007/978-3-319-59060-8_27

A Method for Changes Prediction of the Dynamic Signature Global Features over Time
book, January 2017

Zalasiński, Marcin; Łapa, Krystian; Cpałka, Krzysztof
Artificial Intelligence and Soft Computing
DOI: 10.1007/978-3-319-59063-9_68

Similar Records in DOE PAGES and OSTI.GOV collections:

Quantifying Availability in SCADA Environments Using the Cyber Security Metric MFC

Conference Aissa, Anis Ben ; Rabai, Latifa Ben Arfa ; Abercrombie, Robert K ; ...

Supervisory Control and Data Acquisition (SCADA) systems are distributed networks dispersed over large geographic areas that aim to monitor and control industrial processes from remote areas and/or a centralized location. They are used in the management of critical infrastructures such as electric power generation, transmission and distribution, water and sewage, manufacturing/industrial manufacturing as well as oil and gas production. The availability of SCADA systems is tantamount to assuring safety, security and profitability. SCADA systems are the backbone of the national cyber-physical critical infrastructure. Herein, we explore the definition and quantification of an econometric measure of availability, as it applies tomore »« less
Full Text Available
Quantifying the Impact of Unavailability in Cyber-Physical Environments

Conference Aissa, Anis Ben ; Abercrombie, Robert K ; Sheldon, Federick T. ; ...

The Supervisory Control and Data Acquisition (SCADA) system discussed in this work manages a distributed control network for the Tunisian Electric & Gas Utility. The network is dispersed over a large geographic area that monitors and controls the flow of electricity/gas from both remote and centralized locations. The availability of the SCADA system in this context is critical to ensuring the uninterrupted delivery of energy, including safety, security, continuity of operations and revenue. Such SCADA systems are the backbone of national critical cyber-physical infrastructures. Herein, we propose adapting the Mean Failure Cost (MFC) metric for quantifying the cost of unavailability.more »« less
Full Text Available
Cyber Incidents Involving Control Systems

Technical Report Turk, Robert J

The Analysis Function of the US-CERT Control Systems Security Center (CSSC) at the Idaho National Laboratory (INL) has prepared this report to document cyber security incidents for use by the CSSC. The description and analysis of incidents reported herein support three CSSC tasks: establishing a business case; increasing security awareness and private and corporate participation related to enhanced cyber security of control systems; and providing informational material to support model development and prioritize activities for CSSC. The stated mission of CSSC is to reduce vulnerability of critical infrastructure to cyber attack on control systems. As stated in the Incident Managementmore »« less
https://doi.org/10.2172/911775

Full Text Available
Architecture and Methods for Substation SCADA Cybersecurity: Best Practices

Conference Albunashee, Hamdi ; Al Sarray, Muthanna ; McCann, Roy

There are over 3000 electricity providers in the United States, encompassing investor and publicly owned utilities as well as electric cooperatives. There has been ongoing trends to increasingly automate and provide remote control and monitoring of electric energy delivery systems. The deployment of computer network technologies has increased the efficiency and reliability of electric power infrastructure. However, the increased use of digital communications has also increased the vulnerability to malicious cyber attacks [1]. In 2004 the National Research Councils (National Academies) formed a committee of specialists to address these vulnerabilities and propose possible solutions with an objective to prioritize themore »« less
An Evaluation of Machine Learning Methods to Detect Malicious SCADA Communications

Conference Beaver, Justin M ; Borges, Raymond Charles ; Buckner, Mark A

Critical infrastructure Supervisory Control and Data Acquisition (SCADA) systems were designed to operate on closed, proprietary networks where a malicious insider posed the greatest threat potential. The centralization of control and the movement towards open systems and standards has improved the efficiency of industrial control, but has also exposed legacy SCADA systems to security threats that they were not designed to mitigate. This work explores the viability of machine learning methods in detecting the new threat scenarios of command and data injection. Similar to network intrusion detection systems in the cyber security domain, the command and control communications in amore »« less

Similar Records

Title: Risk assessment for Industrial Control Systems quantifying availability using mean failure cost (MFC)

Abstract

Citation Formats

Exogenous polyamines affect mycorrhizal development of Glomus mosseae-colonized citrus (Citrus tangerine) seedlings journal, January 2010

Application of the Givens Rotations in the Neural Network Learning Algorithm book, January 2016

Fuzzy PID Controllers with FIR Filtering and a Method for Their Construction book, January 2017

A Method for Changes Prediction of the Dynamic Signature Global Features over Time book, January 2017

Exogenous polyamines affect mycorrhizal development of Glomus mosseae-colonized citrus (Citrus tangerine) seedlings
journal, January 2010

Application of the Givens Rotations in the Neural Network Learning Algorithm
book, January 2016

Fuzzy PID Controllers with FIR Filtering and a Method for Their Construction
book, January 2017

A Method for Changes Prediction of the Dynamic Signature Global Features over Time
book, January 2017