Review of cybersecurity risk analysis methods and tools for safety critical industrial control systems

In this report, we have reviewed cybersecurity risk analysis methods and tools. A specific focus is given to methods suitable for industrial control systems in the nuclear domain. For the review purpose, we developed a template for reviewing, but not for systematically comparing, the methods. Using the template, we reviewed twelve methods suitable for conducting cybersecurity or combined safety and security risk analysis. The methods to review were selected based on expert judgement after a literature review focusing on finding methods that are straightforward to implement in the context of nuclear power plant instrumentation and control systems. In addition to reviewing the analysis methods, the paper also includes a short review of a selected set of cybersecurity analysis tools. The main finding of the review was that the array of security analysis methods is vast, both separate methods and methods that also concern safety, but that the practices are not that well-established than with safety risk analyses, and more work is needed to determine the optimal security analysis methods in general or for each domain separately, such as nuclear power plant instrumentation and control systems. It is anticipated that several methods and tools are needed to comply with the stringent requirements and expectations set for a safety and security critical control system.