A review of cyber security risk assessment methods for SCADA systems

Cherdantseva, Yulia ORCID: https://orcid.org/0000-0002-3527-1121, Burnap, Peter ORCID: https://orcid.org/0000-0003-0396-633X, Blyth, Andrew, Eden, Peter, Jones, Kevin, Soulsby, Hugh and Stoddart, Kristan 2016. A review of cyber security risk assessment methods for SCADA systems. Computers and Security 56 , pp. 1-27. 10.1016/j.cose.2015.09.009

Preview

PDF - Published Version Available under License Creative Commons Attribution. Download (1MB) | Preview

Abstract

This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluation and tool support. Based on the analysis, we suggest an intuitive scheme for the categorisation of cyber security risk assessment methods for SCADA systems. We also outline five research challenges facing the domain and point out the approaches that might be taken.

Item Type:	Article
Date Type:	Publication
Status:	Published
Schools:	Computer Science & Informatics
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software
Uncontrolled Keywords:	SCADA; ICS; Cyber security; Risk assessment methods; Risk analysis; Risk management; Review
Publisher:	Elsevier
ISSN:	0167-4048
Funders:	Airbus Group Endeavour Wales
Date of First Compliant Deposit:	30 March 2016
Date of Acceptance:	29 September 2015
Last Modified:	03 May 2023 02:13
URI:	https://orca.cardiff.ac.uk/id/eprint/80622

Citation Data

Cited 354 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item