Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems

Jarmo Alanen (Corresponding Author), Joonas Linnosmaa, Timo Malm, Nikolaos Papakonstantinou, Toni Ahonen, Eetu Heikkilä, Risto Tiusanen (Corresponding Author)

Research output: Contribution to journalArticleScientificpeer-review

Abstract

This paper introduces a model-based methodology for hybrid reliability, availability, maintainability, safety, and security (RAMSS) risk assessment management, which extends our previous work of model-based, data-driven, support for engineering mission-critical systems. It represents a hybrid risk assessment ontology, which harmonises basic concepts between dependability, safety and security based on well-known industrial standards. Based on the proposed ontology, we create a cybersecurity risk analysis method, called Security Threat Analysis (STA), for industrial control systems and successfully demonstrate the method. For the demonstration, we introduce a data model for creating a tool-supported data repository for STA, then implement this repository with a commercial-off-the-shelf tool. We use the repository to carry out an exemplary STA of a nuclear fuel pool cooling control system, assessing a cybersecurity-related hazard. The demonstration suggests that the hybrid RAMSS risk assessment ontology and the related STA data model are ready to be tested in industrial use, offering a structured data repository to support assessment and traceability between the created artefacts.
Original languageEnglish
Article number108270
Number of pages20
JournalReliability Engineering and System Safety
Volume220
DOIs
Publication statusPublished - Apr 2022
MoE publication typeA1 Journal article-refereed

Keywords

  • Cybersecurity analysis method
  • Hybrid risk assessment
  • Industrial control systems
  • Model-based system engineering
  • Ontology

Fingerprint

Dive into the research topics of 'Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems'. Together they form a unique fingerprint.

Cite this