IDEAS home Printed from https://ideas.repec.org/a/eee/reensy/v250y2024ics0951832024003922.html
   My bibliography  Save this article

Integrated management of safety and security barriers in chemical plants to cope with emerging cyber-physical attack risks under uncertainties

Author

Listed:
  • Yuan, Shuaiqi
  • Reniers, Genserik
  • Yang, Ming

Abstract

Chemical facilities face threats from accidental and intentional events, including the rising concern of cyber-physical (C2P) attacks in the digitized industrial control system era. Addressing major accident risks from safety hazards and C2P attacks requires an immediate unified framework for safety and security barrier management. This study presents a systematic risk-based approach to integrate conventional safety risks with emerging C2P attack risks. Adverse scenarios are identified, integrated into an attack-tree-bow-tie diagram, and modelled using a Bayesian network (BN). A vulnerability assessment model is developed to quantify industrial control system vulnerability to C2P attacks, considering uncertainties in attackers' knowledge levels. Monte Carlo simulations are used to handle uncertainty propagation in risk assessment, allowing the use of probability distributions for BN root nodes. Sensitivity analysis identifies critical factors/events, guiding the proposal of candidate strategies for barrier improvements. Combining cost-effectiveness analysis with a risk matrix yields the optimal strategy for safety and security barrier enhancements based on risk estimations. A hypothetical case study demonstrates the proposed approach's effectiveness in integrated safety and security barrier management, considering security vulnerability patching and safety barrier maintenance scheduling from a cost-effective perspective.

Suggested Citation

  • Yuan, Shuaiqi & Reniers, Genserik & Yang, Ming, 2024. "Integrated management of safety and security barriers in chemical plants to cope with emerging cyber-physical attack risks under uncertainties," Reliability Engineering and System Safety, Elsevier, vol. 250(C).
    • Handle: RePEc:eee:reensy:v:250:y:2024:i:c:s0951832024003922
    DOI: 10.1016/j.ress.2024.110320
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0951832024003922
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ress.2024.110320?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Khakzad, Nima & Khan, Faisal & Amyotte, Paul, 2011. "Safety analysis in process facilities: Comparison of fault tree and Bayesian network approaches," Reliability Engineering and System Safety, Elsevier, vol. 96(8), pages 925-932.
    2. Bier, Vicki & Gutfraind, Alexander, 2019. "Risk analysis beyond vulnerability and resilience – characterizing the defensibility of critical systems," European Journal of Operational Research, Elsevier, vol. 276(2), pages 626-636.
    3. Zhang, Aibo & Zhang, Tieling & Barros, Anne & Liu, Yiliu, 2020. "Optimization of maintenances following proof tests for the final element of a safety-instrumented system," Reliability Engineering and System Safety, Elsevier, vol. 196(C).
    4. Lalropuia, K.C. & Gupta, Vandana, 2019. "Modeling cyber-physical attacks based on stochastic game and Markov processes," Reliability Engineering and System Safety, Elsevier, vol. 181(C), pages 28-37.
    5. Casson Moreno, Valeria & Marroni, Giulia & Landucci, Gabriele, 2022. "Probabilistic assessment aimed at the evaluation of escalating scenarios in process facilities combining safety and security barriers," Reliability Engineering and System Safety, Elsevier, vol. 228(C).
    6. Huang, Yu-Lun & Cárdenas, Alvaro A. & Amin, Saurabh & Lin, Zong-Syun & Tsai, Hsin-Yi & Sastry, Shankar, 2009. "Understanding the physical and economic consequences of attacks on control systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(3), pages 73-83.
    7. Monzer, Mohamad-Houssein & Beydoun, Kamal & Ghaith, Alaa & Flaus, Jean-Marie, 2022. "Model-based IDS design for ICSs," Reliability Engineering and System Safety, Elsevier, vol. 225(C).
    8. Yuan, Shuaiqi & Cai, Jitao & Reniers, Genserik & Yang, Ming & Chen, Chao & Wu, Jiansong, 2022. "Safety barrier performance assessment by integrating computational fluid dynamics and evacuation modeling for toxic gas leakage scenarios," Reliability Engineering and System Safety, Elsevier, vol. 226(C).
    9. Patriarca, Riccardo & Simone, Francesco & Di Gravio, Giulio, 2022. "Modelling cyber resilience in a water treatment and distribution system," Reliability Engineering and System Safety, Elsevier, vol. 226(C).
    10. Vicki M. Bier & Shi‐Woei Lin, 2013. "On the Treatment of Uncertainty and Variability in Making Decisions About Risk," Risk Analysis, John Wiley & Sons, vol. 33(10), pages 1899-1907, October.
    11. Wu, Shimeng & Jiang, Yuchen & Luo, Hao & Zhang, Jiusi & Yin, Shen & Kaynak, Okyay, 2022. "An integrated data-driven scheme for the defense of typical cyber–physical attacks," Reliability Engineering and System Safety, Elsevier, vol. 220(C).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Hausken, Kjell, 2024. "Fifty Years of Operations Research in Defense," European Journal of Operational Research, Elsevier, vol. 318(2), pages 355-368.
    2. Wu, Xingguang & Huang, Huirong & Xie, Jianyu & Lu, Meixing & Wang, Shaobo & Li, Wang & Huang, Yixuan & Yu, Weichao & Sun, Xiaobo, 2023. "A novel dynamic risk assessment method for the petrochemical industry using bow-tie analysis and Bayesian network analysis method based on the methodological framework of ARAMIS project," Reliability Engineering and System Safety, Elsevier, vol. 237(C).
    3. Yin, Zhenqin & Zhuo, Yue & Ge, Zhiqiang, 2023. "Transfer adversarial attacks across industrial intelligent systems," Reliability Engineering and System Safety, Elsevier, vol. 237(C).
    4. Zhang, Haoyuan & Marsh, D. William R, 2021. "Managing infrastructure asset: Bayesian networks for inspection and maintenance decisions reasoning and planning," Reliability Engineering and System Safety, Elsevier, vol. 207(C).
    5. Chai, Naijie & Zhou, Wenliang & Hu, Xinlei, 2022. "Safety evaluation of urban rail transit operation considering uncertainty and risk preference: A case study in China," Transport Policy, Elsevier, vol. 125(C), pages 267-288.
    6. Tang, Daogui & Fang, Yi-Ping & Zio, Enrico, 2023. "Vulnerability analysis of demand-response with renewable energy integration in smart grids to cyber attacks and online detection methods," Reliability Engineering and System Safety, Elsevier, vol. 235(C).
    7. Bose, Gautam & Konrad, Kai A., 2020. "Devil take the hindmost: Deflecting attacks to other defenders," Reliability Engineering and System Safety, Elsevier, vol. 204(C).
    8. Park, Jae-Hyun, 2017. "Time-dependent reliability of wireless networks with dependent failures," Reliability Engineering and System Safety, Elsevier, vol. 165(C), pages 47-61.
    9. Suyuan Luo & Tsan‐Ming Choi, 2022. "E‐commerce supply chains with considerations of cyber‐security: Should governments play a role?," Production and Operations Management, Production and Operations Management Society, vol. 31(5), pages 2107-2126, May.
    10. Badrsimaei, Hamed & Hooshmand, Rahmat-Allah & Nobakhtian, Soghra, 2023. "Observable placement of phasor measurement units for defense against data integrity attacks in real time power markets," Reliability Engineering and System Safety, Elsevier, vol. 230(C).
    11. Pengxia Zhao & Tie Li & Biao Wang & Ming Li & Yu Wang & Xiahui Guo & Yue Yu, 2022. "The Scenario Construction and Evolution Method of Casualties in Liquid Ammonia Leakage Based on Bayesian Network," IJERPH, MDPI, vol. 19(24), pages 1-22, December.
    12. Wang, Wei & Cammi, Antonio & Di Maio, Francesco & Lorenzi, Stefano & Zio, Enrico, 2018. "A Monte Carlo-based exploration framework for identifying components vulnerable to cyber threats in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 175(C), pages 24-37.
    13. Li, Mei & Liu, Zixian & Li, Xiaopeng & Liu, Yiliu, 2019. "Dynamic risk assessment in healthcare based on Bayesian approach," Reliability Engineering and System Safety, Elsevier, vol. 189(C), pages 327-334.
    14. Hassan, Shamsu & Wang, Jin & Kontovas, Christos & Bashir, Musa, 2022. "An assessment of causes and failure likelihood of cross-country pipelines under uncertainty using bayesian networks," Reliability Engineering and System Safety, Elsevier, vol. 218(PA).
    15. Singh, Abhishek Narain & Gupta, M.P. & Ojha, Amitabh, 2014. "Identifying critical infrastructure sectors and their dependencies: An Indian scenario," International Journal of Critical Infrastructure Protection, Elsevier, vol. 7(2), pages 71-85.
    16. Leonardo Leoni & Farshad BahooToroody & Saeed Khalaj & Filippo De Carlo & Ahmad BahooToroody & Mohammad Mahdi Abaei, 2021. "Bayesian Estimation for Reliability Engineering: Addressing the Influence of Prior Choice," IJERPH, MDPI, vol. 18(7), pages 1-16, March.
    17. Rana Alabdan, 2020. "Phishing Attacks Survey: Types, Vectors, and Technical Approaches," Future Internet, MDPI, vol. 12(10), pages 1-37, September.
    18. Zhang, Xi & Liu, Dong & Tu, Haicheng & Tse, Chi Kong, 2022. "An integrated modeling framework for cascading failure study and robustness assessment of cyber-coupled power grids," Reliability Engineering and System Safety, Elsevier, vol. 226(C).
    19. Zhao, Yunfei & Huang, Linan & Smidts, Carol & Zhu, Quanyan, 2020. "Finite-horizon semi-Markov game for time-sensitive attack response and probabilistic risk assessment in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 201(C).
    20. Kartick Bhushan & Somnath Chattopadhyaya & Shubham Sharma & Kamal Sharma & Changhe Li & Yanbin Zhang & Elsayed Mohamed Tag Eldin, 2022. "Analyzing Reliability and Maintainability of Crawler Dozer BD155 Transmission Failure Using Markov Method and Total Productive Maintenance: A Novel Case Study for Improvement Productivity," Sustainability, MDPI, vol. 14(21), pages 1-17, November.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:reensy:v:250:y:2024:i:c:s0951832024003922. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/reliability-engineering-and-system-safety .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.