IDEAS home Printed from https://ideas.repec.org/a/eee/reensy/v250y2024ics0951832024003922.html
   My bibliography  Save this article

Integrated management of safety and security barriers in chemical plants to cope with emerging cyber-physical attack risks under uncertainties

Author

Listed:
  • Yuan, Shuaiqi
  • Reniers, Genserik
  • Yang, Ming

Abstract

Chemical facilities face threats from accidental and intentional events, including the rising concern of cyber-physical (C2P) attacks in the digitized industrial control system era. Addressing major accident risks from safety hazards and C2P attacks requires an immediate unified framework for safety and security barrier management. This study presents a systematic risk-based approach to integrate conventional safety risks with emerging C2P attack risks. Adverse scenarios are identified, integrated into an attack-tree-bow-tie diagram, and modelled using a Bayesian network (BN). A vulnerability assessment model is developed to quantify industrial control system vulnerability to C2P attacks, considering uncertainties in attackers' knowledge levels. Monte Carlo simulations are used to handle uncertainty propagation in risk assessment, allowing the use of probability distributions for BN root nodes. Sensitivity analysis identifies critical factors/events, guiding the proposal of candidate strategies for barrier improvements. Combining cost-effectiveness analysis with a risk matrix yields the optimal strategy for safety and security barrier enhancements based on risk estimations. A hypothetical case study demonstrates the proposed approach's effectiveness in integrated safety and security barrier management, considering security vulnerability patching and safety barrier maintenance scheduling from a cost-effective perspective.

Suggested Citation

  • Yuan, Shuaiqi & Reniers, Genserik & Yang, Ming, 2024. "Integrated management of safety and security barriers in chemical plants to cope with emerging cyber-physical attack risks under uncertainties," Reliability Engineering and System Safety, Elsevier, vol. 250(C).
    • Handle: RePEc:eee:reensy:v:250:y:2024:i:c:s0951832024003922
    DOI: 10.1016/j.ress.2024.110320
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0951832024003922
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ress.2024.110320?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Khakzad, Nima & Khan, Faisal & Amyotte, Paul, 2011. "Safety analysis in process facilities: Comparison of fault tree and Bayesian network approaches," Reliability Engineering and System Safety, Elsevier, vol. 96(8), pages 925-932.
    2. Bier, Vicki & Gutfraind, Alexander, 2019. "Risk analysis beyond vulnerability and resilience – characterizing the defensibility of critical systems," European Journal of Operational Research, Elsevier, vol. 276(2), pages 626-636.
    3. Huang, Yu-Lun & Cárdenas, Alvaro A. & Amin, Saurabh & Lin, Zong-Syun & Tsai, Hsin-Yi & Sastry, Shankar, 2009. "Understanding the physical and economic consequences of attacks on control systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(3), pages 73-83.
    4. Vicki M. Bier & Shi‐Woei Lin, 2013. "On the Treatment of Uncertainty and Variability in Making Decisions About Risk," Risk Analysis, John Wiley & Sons, vol. 33(10), pages 1899-1907, October.
    5. Zhang, Aibo & Zhang, Tieling & Barros, Anne & Liu, Yiliu, 2020. "Optimization of maintenances following proof tests for the final element of a safety-instrumented system," Reliability Engineering and System Safety, Elsevier, vol. 196(C).
    6. Lalropuia, K.C. & Gupta, Vandana, 2019. "Modeling cyber-physical attacks based on stochastic game and Markov processes," Reliability Engineering and System Safety, Elsevier, vol. 181(C), pages 28-37.
    7. Casson Moreno, Valeria & Marroni, Giulia & Landucci, Gabriele, 2022. "Probabilistic assessment aimed at the evaluation of escalating scenarios in process facilities combining safety and security barriers," Reliability Engineering and System Safety, Elsevier, vol. 228(C).
    8. Monzer, Mohamad-Houssein & Beydoun, Kamal & Ghaith, Alaa & Flaus, Jean-Marie, 2022. "Model-based IDS design for ICSs," Reliability Engineering and System Safety, Elsevier, vol. 225(C).
    9. Yuan, Shuaiqi & Cai, Jitao & Reniers, Genserik & Yang, Ming & Chen, Chao & Wu, Jiansong, 2022. "Safety barrier performance assessment by integrating computational fluid dynamics and evacuation modeling for toxic gas leakage scenarios," Reliability Engineering and System Safety, Elsevier, vol. 226(C).
    10. Patriarca, Riccardo & Simone, Francesco & Di Gravio, Giulio, 2022. "Modelling cyber resilience in a water treatment and distribution system," Reliability Engineering and System Safety, Elsevier, vol. 226(C).
    11. Wu, Shimeng & Jiang, Yuchen & Luo, Hao & Zhang, Jiusi & Yin, Shen & Kaynak, Okyay, 2022. "An integrated data-driven scheme for the defense of typical cyber–physical attacks," Reliability Engineering and System Safety, Elsevier, vol. 220(C).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Hausken, Kjell, 2024. "Fifty Years of Operations Research in Defense," European Journal of Operational Research, Elsevier, vol. 318(2), pages 355-368.
    2. Wu, Xingguang & Huang, Huirong & Xie, Jianyu & Lu, Meixing & Wang, Shaobo & Li, Wang & Huang, Yixuan & Yu, Weichao & Sun, Xiaobo, 2023. "A novel dynamic risk assessment method for the petrochemical industry using bow-tie analysis and Bayesian network analysis method based on the methodological framework of ARAMIS project," Reliability Engineering and System Safety, Elsevier, vol. 237(C).
    3. Yin, Zhenqin & Zhuo, Yue & Ge, Zhiqiang, 2023. "Transfer adversarial attacks across industrial intelligent systems," Reliability Engineering and System Safety, Elsevier, vol. 237(C).
    4. Zhang, Haoyuan & Marsh, D. William R, 2021. "Managing infrastructure asset: Bayesian networks for inspection and maintenance decisions reasoning and planning," Reliability Engineering and System Safety, Elsevier, vol. 207(C).
    5. Chai, Naijie & Zhou, Wenliang & Hu, Xinlei, 2022. "Safety evaluation of urban rail transit operation considering uncertainty and risk preference: A case study in China," Transport Policy, Elsevier, vol. 125(C), pages 267-288.
    6. Tang, Daogui & Fang, Yi-Ping & Zio, Enrico, 2023. "Vulnerability analysis of demand-response with renewable energy integration in smart grids to cyber attacks and online detection methods," Reliability Engineering and System Safety, Elsevier, vol. 235(C).
    7. Suyuan Luo & Tsan‐Ming Choi, 2022. "E‐commerce supply chains with considerations of cyber‐security: Should governments play a role?," Production and Operations Management, Production and Operations Management Society, vol. 31(5), pages 2107-2126, May.
    8. Pengxia Zhao & Tie Li & Biao Wang & Ming Li & Yu Wang & Xiahui Guo & Yue Yu, 2022. "The Scenario Construction and Evolution Method of Casualties in Liquid Ammonia Leakage Based on Bayesian Network," IJERPH, MDPI, vol. 19(24), pages 1-22, December.
    9. Hassan, Shamsu & Wang, Jin & Kontovas, Christos & Bashir, Musa, 2022. "An assessment of causes and failure likelihood of cross-country pipelines under uncertainty using bayesian networks," Reliability Engineering and System Safety, Elsevier, vol. 218(PA).
    10. Leonardo Leoni & Farshad BahooToroody & Saeed Khalaj & Filippo De Carlo & Ahmad BahooToroody & Mohammad Mahdi Abaei, 2021. "Bayesian Estimation for Reliability Engineering: Addressing the Influence of Prior Choice," IJERPH, MDPI, vol. 18(7), pages 1-16, March.
    11. Zhao, Yunfei & Huang, Linan & Smidts, Carol & Zhu, Quanyan, 2020. "Finite-horizon semi-Markov game for time-sensitive attack response and probabilistic risk assessment in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 201(C).
    12. Kartick Bhushan & Somnath Chattopadhyaya & Shubham Sharma & Kamal Sharma & Changhe Li & Yanbin Zhang & Elsayed Mohamed Tag Eldin, 2022. "Analyzing Reliability and Maintainability of Crawler Dozer BD155 Transmission Failure Using Markov Method and Total Productive Maintenance: A Novel Case Study for Improvement Productivity," Sustainability, MDPI, vol. 14(21), pages 1-17, November.
    13. Scholz, Roland W. & Czichos, Reiner & Parycek, Peter & Lampoltshammer, Thomas J., 2020. "Organizational vulnerability of digital threats: A first validation of an assessment method," European Journal of Operational Research, Elsevier, vol. 282(2), pages 627-643.
    14. Weiliang Qiao & Yu Liu & Xiaoxue Ma & Yang Liu, 2020. "Human Factors Analysis for Maritime Accidents Based on a Dynamic Fuzzy Bayesian Network," Risk Analysis, John Wiley & Sons, vol. 40(5), pages 957-980, May.
    15. Roshanak Nateghi & Seth D. Guikema & Yue (Grace) Wu & C. Bayan Bruss, 2016. "Critical Assessment of the Foundations of Power Transmission and Distribution Reliability Metrics and Standards," Risk Analysis, John Wiley & Sons, vol. 36(1), pages 4-15, January.
    16. Chunchang Zhang & Hu Sun & Yuanyuan Zhang & Gen Li & Shibo Li & Junyu Chang & Gongqian Shi, 2023. "Fire Accident Risk Analysis of Lithium Battery Energy Storage Systems during Maritime Transportation," Sustainability, MDPI, vol. 15(19), pages 1-12, September.
    17. Lian, Zheng & Zhou, Zhi-Jie & Hu, Chang-Hua & Wang, Jie & Zhang, Chun-Chao & Zhang, Chao-Li, 2024. "A health assessment method with attribute importance modeling for complex systems using belief rule base," Reliability Engineering and System Safety, Elsevier, vol. 251(C).
    18. Zhi Yuan & Nima Khakzad & Faisal Khan & Paul Amyotte, 2015. "Risk Analysis of Dust Explosion Scenarios Using Bayesian Networks," Risk Analysis, John Wiley & Sons, vol. 35(2), pages 278-291, February.
    19. Iaiani, Matteo & Tugnoli, Alessandro & Macini, Paolo & Cozzani, Valerio, 2021. "Outage and asset damage triggered by malicious manipulation of the control system in process plants," Reliability Engineering and System Safety, Elsevier, vol. 213(C).
    20. Kraidi, Layth & Shah, Raj & Matipa, Wilfred & Borthwick, Fiona, 2019. "Analyzing the critical risk factors associated with oil and gas pipeline projects in Iraq," International Journal of Critical Infrastructure Protection, Elsevier, vol. 24(C), pages 14-22.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:reensy:v:250:y:2024:i:c:s0951832024003922. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/reliability-engineering-and-system-safety .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.