A Comprehensive Framework for the Security Risk Management of Cyber-Physical Systems

Mokalled, Hassan; Pragliola, Concetta; Debertol, Daniele; Meda, Ermete; Zunino, Rodolfo

doi:10.1007/978-3-319-95597-1_3

Hassan Mokalled^6,7,8,
Concetta Pragliola⁶,
Daniele Debertol⁶,
Ermete Meda⁶ &
…
Rodolfo Zunino⁷

Part of the book series: Advanced Sciences and Technologies for Security Applications ((ASTSA))

1595 Accesses
7 Citations

Abstract

Cyber Physical Systems are facing huge and diverse set of security risks, especially cyber-attacks that can cause disruption to physical services or create a national disaster. Information and communication technology (ICT) has made a remarkable impact on the society. As a Cyber Physical System (CPS) relies basically on information and communication technology, this puts the system’s assets under certain risks especially cyber ones, and hence they must be kept under control by means of security countermeasures that generate confidence in the use of these assets. And so there is a critical need to give a great attention on the cybersecurity of these systems, which consequently leads to the safety of the physical world. This goal is achieved by adopting a solution that applies processes, plans and actions to prevent or reduce the effects of threats. Traditional IT risk assessment methods can do the job, however, and because of the characteristics of a CPS, it is more efficient to adopt a solution that is wider than a method, and addresses the type, functionalities and complexity of a CPS. This chapter proposes a framework that breaks the restriction to a traditional risk assessment method and encompasses wider set of procedures to achieve a high level strategy that could be adopted in the risk management process, in particular the cybersecurity of cyber-physical systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 119.00; Price excludes VAT (USA)

Hardcover Book: USD 159.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Peng Y, Lu T, Liu J, Gao Y, Guo X, Xie F (2013) Cyber-physical system risk assessment. Paper presented at ninth International conference on intelligent information hiding and multimedia signal processing
Google Scholar
Ansaldo STS CBTC communication based train control. http://www.ansaldo-sts.com/sites/ansaldosts.message-asp.com/files/imce/cbtc.pdf. Accessed 4 May 2018
Chen B et al (2015) Security analysis of urban railway systems: the need for a cyber-physical perspective
Google Scholar
Andrew F, Emmanouil P, Pasquale M, Chris H, Fabrizio S (2016) Decision support approaches for cyber security investment
Google Scholar
Ansaldo Signalling and Transportation Systems (Ansaldo STS). http://www.ansaldo-sts.com/en/about-us/. Accessed 4 May 2018
Balvir S, Amarjeet S (2015) A roadmap to data security of automated university examination system
Google Scholar
Annual Emerging Cyber Threats Report. Georgia Tech Information Security Center. http://www.gtisc.gatech.edu/. Accessed 4 May 2018
Internet Security Threats Report. Symantec. http://www.symantec.com/threatreport/. Accessed 4 May 2018
The CERT guide to insider threats: how to prevent, detect, and respond to theft of critical information, sabotage, and fraud. www.cert.org/archive/pdf/insidercross051105.pdf. Accessed 4 May 2018
Hunker J, Probst CW (2011) Insiders and insider threats—an overview of definitions and mitigation techniques. J Wirel Mob Netw Ubiquitous Comput Depend Appl 2(1):4–27
Google Scholar
Mokalled H et al (2017) The importance to manage data protection in the right way: problems and solutions. In: Optimization and decision science: methodologies and applications: ODS. Sorrento, Italy, September 4–7, pp 69–82
Google Scholar
ENISA Threat Landscape Report 2017. 15 top cyber-threats and trends. https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2017. Accessed 4 May 2018
MAGERIT – version 3.0. Methodology for information systems risk analysis and management. Book I – The Method, Madrid, July 2014
Google Scholar
PILAR. Risk analysis and management- help files, version 6.2, August 17, 2016
Google Scholar

Download references

Author information

Authors and Affiliations

Ansaldo STS, Cyber Security Assurance & Control Department, Genoa, Italy
Hassan Mokalled, Concetta Pragliola, Daniele Debertol & Ermete Meda
University of Genoa, DITEN, Genoa, Italy
Hassan Mokalled & Rodolfo Zunino
Lebanese University, EDST-MECRL Lab, Beirut, Lebanon
Hassan Mokalled

Authors

Hassan Mokalled
View author publications
You can also search for this author in PubMed Google Scholar
Concetta Pragliola
View author publications
You can also search for this author in PubMed Google Scholar
Daniele Debertol
View author publications
You can also search for this author in PubMed Google Scholar
Ermete Meda
View author publications
You can also search for this author in PubMed Google Scholar
Rodolfo Zunino
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Chair, IEEE SMC Technical Committee on Homeland Security, Rome, Italy
Francesco Flammini

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Mokalled, H., Pragliola, C., Debertol, D., Meda, E., Zunino, R. (2019). A Comprehensive Framework for the Security Risk Management of Cyber-Physical Systems. In: Flammini, F. (eds) Resilience of Cyber-Physical Systems. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-95597-1_3

Download citation

DOI: https://doi.org/10.1007/978-3-319-95597-1_3
Published: 26 January 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-95596-4
Online ISBN: 978-3-319-95597-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics