Risk Analysis as a Security Metric for Industrial Control Systems

Examensarbete för masterexamen

Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.12380/245785
Download file(s):
File Description SizeFormat 
245785.pdfFulltext1.69 MBAdobe PDFView/Open
Type: Examensarbete för masterexamen
Master Thesis
Title: Risk Analysis as a Security Metric for Industrial Control Systems
Authors: Mukama, Joseph
Abstract: As time and technology advances, the people become more reliant on the services provided by Industrial Control Systems (ICSs). Mainly used in the critical infrastructure industries, the ICSs have realised and enabled a myriad of services essential to individuals, the public and organizations on a daily basis. Developments in networking technologies, open standards and the use of legacy devices in the ICSs have brought about a paradigm shift in the way ICSs interconnect with each other and operate over long geographical distances. The legacy devices come with inherent vulnerabilities which may be costly to patch and/or may not be possible to patch and these in turn are a source of threats to the entire ICS. In order to mitigate the risks that may arise due to the vulnerabilities introduced into the system, we gained a deeper understanding of the different ICSs and reviewed a number of existing risk analysis approaches and categorized them in terms of their overall goal, whether they are qualitative or quantitative approaches, the stages of risk management addressed, and the scope in terms of issues they addressed. Based on this analysis, we use the NIST and CORAS frameworks as the underlying approaches to develop a Modified Risk Analysis Framework for ICS systems (MRAF-ICS). This framework assigns weights to all the system assets to emphasise the importance/criticality of the asset in the overall system. It uses the a threat modelling approach, FMEA and HAZOP to exhaustively identify the threats, hazards and vulnerabilities in the system.
Keywords: Informations- och kommunikationsteknik;Data- och informationsvetenskap;Information & Communication Technology;Computer and Information Science
Issue Date: 2016
Publisher: Chalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)
Chalmers University of Technology / Department of Computer Science and Engineering (Chalmers)
URI: https://hdl.handle.net/20.500.12380/245785
Collection:Examensarbeten för masterexamen // Master Theses

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.