Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Comprehensive cyber risk identification in industrial control systems

Rotibi, Ayodeji 2023. Comprehensive cyber risk identification in industrial control systems. PhD Thesis, Cardiff University.
Item availability restricted.

[thumbnail of Ayodeji Rotibi, PhD, Thesis] PDF (Ayodeji Rotibi, PhD, Thesis) - Accepted Post-Print Version
Restricted to Repository staff only until 27 June 2025 due to copyright restrictions.
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (9MB)
[thumbnail of Cardiff University Electronic Thesis and Dissertation Form] PDF (Cardiff University Electronic Thesis and Dissertation Form) - Supplemental Material
Restricted to Repository staff only

Download (161kB)

Abstract

Industrial Control Systems (ICS) exhibit properties that can fail due to diverse stochastic events and often unpredictable technological, human, and organisational interactions. These interactions give rise to emergent behaviours and play a role in escalating the impact of recent cyber incidents in the ICS environment. As such, academic and commercial research has been directed towards exploring more efficient ways to identify cyber risk, understand the dependencies and complexity among the various factors required to enhance system robustness, isolate potential disruptions, and maintain ICS operations’ security, stability, and reliability. Expanding upon prior efforts utilising Dependency Modelling (DM) methodology to tackle recognised challenges in ICS, this thesis introduces techniques aimed at addressing DM’s current inability to analyse the risk stemming from alterations in multiple independent elements within the ICS, which might happen either sequentially or simultaneously. The Bayes Posterior computational principle was proposed to systematically treat the initial data input with prior knowledge and the likelihood of evidence to ensure a pragmatic outcome. Second, an improved technique that simulates failure scenarios events using existing system properties as a baseline to predict future risk was proposed. Finally, RiskED was developed as an approach that learns the system’s dynamic behaviour and uses the cascading effects of a “what-if” disturbance to identify previously unknown risks and discern subtle changes in the system’s state. This approach helps to answer the risk question: How bad can things get when they go wrong? The results from RiskED were validated using data collected from an ongoing enterprise. The performance evaluation of RiskED revealed promising results, showcasing its efficacy in addressing the identified limitations and improving the overall risk identification process. Keywords: Cyber security, Cyber risk, Industrial Control System, Risk identification, Interactive complexity, Tight coupling, Bayesian Network, Variable Elimination, Causal reasoning, Systems thinking.

Item Type: Thesis (PhD)
Date Type: Completion
Status: Unpublished
Schools: Computer Science & Informatics
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Funders: Knowledge Economy Skills Scholarships (KESS) 2
Date of First Compliant Deposit: 27 June 2024
Date of Acceptance: 6 June 2024
Last Modified: 27 Jun 2024 13:18
URI: https://orca.cardiff.ac.uk/id/eprint/170144

Actions (repository staff only)

Edit Item Edit Item

Downloads

Downloads per month over past year

View more statistics