Asset-Based Dynamic Impact Assessment of Cyberattacks for Risk Analysis in Industrial Control Systems

With the evolution of information, communications, and technologies, modern industrial control systems (ICSs) face more and more cybersecurity issues. This leads to increasingly severe risks in critical infrastructure and assets. Therefore, risk analysis becomes a significant yet not well investigated topic for prevention of cyberattack risks in ICSs. To tackle this problem, a dynamic impact assessment approach is presented in this paper for risk analysis in ICSs. The approach predicts the trend of impact of cybersecurity dynamically from full recognition of asset knowledge. More specifically, an asset is abstracted with properties of construction, function, performance, location, and business. From the function and performance properties of the asset, object-oriented asset models incorporating with the mechanism of common cyberattacks are established at both component and system levels. Characterizing the evolution of behaviors for single asset and system, the models are used to analyze the impact propagation of cyberattacks. Then, from various possible impact consequences, the overall impact is quantified based on the location and business properties of the asset. A special application of the approach is to rank critical system parameters and prioritize key assets according to impact assessment. The effectiveness of the presented approach is demonstrated through simulation studies for a chemical control system.