This paper introduces a model-based methodology for hybrid reliability, availability, maintainability, safety, and security (RAMSS) risk assessment management, which extends our previous work of model-based, data-driven, support for engineering mission-critical systems. It represents a hybrid risk assessment ontology, which harmonises basic concepts between dependability, safety and security based on well-known industrial standards. Based on the proposed ontology, we create a cybersecurity risk analysis method, called Security Threat Analysis (STA), for industrial control systems and successfully demonstrate the method. For the demonstration, we introduce a data model for creating a tool-supported data repository for STA, then implement this repository with a commercial-off-the-shelf tool. We use the repository to carry out an exemplary STA of a nuclear fuel pool cooling control system, assessing a cybersecurity-related hazard. The demonstration suggests that the hybrid RAMSS risk assessment ontology and the related STA data model are ready to be tested in industrial use, offering a structured data repository to support assessment and traceability between the created artefacts.
%0 Journal Article
%1 alanen2022hybrid
%A Alanen, Jarmo
%A Linnosmaa, Joonas
%A Malm, Timo
%A Papakonstantinou, Nikolaos
%A Ahonen, Toni
%A Heikkilä, Eetu
%A Tiusanen, Risto
%D 2022
%J Reliability Engineering & System Safety
%K 62n05-reliability-and-life-testing ontology
%P 108270
%R 10.1016/j.ress.2021.108270
%T Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems
%U https://www.sciencedirect.com/science/article/pii/S0951832021007444
%V 220
%X This paper introduces a model-based methodology for hybrid reliability, availability, maintainability, safety, and security (RAMSS) risk assessment management, which extends our previous work of model-based, data-driven, support for engineering mission-critical systems. It represents a hybrid risk assessment ontology, which harmonises basic concepts between dependability, safety and security based on well-known industrial standards. Based on the proposed ontology, we create a cybersecurity risk analysis method, called Security Threat Analysis (STA), for industrial control systems and successfully demonstrate the method. For the demonstration, we introduce a data model for creating a tool-supported data repository for STA, then implement this repository with a commercial-off-the-shelf tool. We use the repository to carry out an exemplary STA of a nuclear fuel pool cooling control system, assessing a cybersecurity-related hazard. The demonstration suggests that the hybrid RAMSS risk assessment ontology and the related STA data model are ready to be tested in industrial use, offering a structured data repository to support assessment and traceability between the created artefacts.
@article{alanen2022hybrid,
abstract = {This paper introduces a model-based methodology for hybrid reliability, availability, maintainability, safety, and security (RAMSS) risk assessment management, which extends our previous work of model-based, data-driven, support for engineering mission-critical systems. It represents a hybrid risk assessment ontology, which harmonises basic concepts between dependability, safety and security based on well-known industrial standards. Based on the proposed ontology, we create a cybersecurity risk analysis method, called Security Threat Analysis (STA), for industrial control systems and successfully demonstrate the method. For the demonstration, we introduce a data model for creating a tool-supported data repository for STA, then implement this repository with a commercial-off-the-shelf tool. We use the repository to carry out an exemplary STA of a nuclear fuel pool cooling control system, assessing a cybersecurity-related hazard. The demonstration suggests that the hybrid RAMSS risk assessment ontology and the related STA data model are ready to be tested in industrial use, offering a structured data repository to support assessment and traceability between the created artefacts.},
added-at = {2024-05-06T05:30:11.000+0200},
author = {Alanen, Jarmo and Linnosmaa, Joonas and Malm, Timo and Papakonstantinou, Nikolaos and Ahonen, Toni and Heikkilä, Eetu and Tiusanen, Risto},
biburl = {https://www.bibsonomy.org/bibtex/2a9e476a2a0811b164f6ba56c2a7bf9fa/gdmcbain},
doi = {10.1016/j.ress.2021.108270},
interhash = {6a119442789434b786db8fe4d6ba9456},
intrahash = {a9e476a2a0811b164f6ba56c2a7bf9fa},
issn = {0951-8320},
journal = {Reliability Engineering & System Safety},
keywords = {62n05-reliability-and-life-testing ontology},
pages = 108270,
timestamp = {2024-05-06T05:30:11.000+0200},
title = {Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems},
url = {https://www.sciencedirect.com/science/article/pii/S0951832021007444},
volume = 220,
year = 2022
}