Floragasse 7 – 5th floor, 1040 Vienna

News

Report of Dagstuhl Seminar 21451 „Managing Industrial Control Systems Security Risks for Cyber Insurance“ now online.

From November 7 – 12, 2021, Simon Dejung, Mingyan Liu, Arndt Lüder and Edgar Weippl organized the Dagstuhl Seminar 21451 „Managing Industrial Control Systems Security Risks for Cyber Insurance“. The full report, edited by the organizers, is now available online.

Title

„Managing Industrial Control Systems Security Risks for Cyber Insurance“

Authors

Simon Dejung, Mingyan Liu, Arndt Lüder and Edgar Weippl

Report

Dagstuhl Seminar 21451

Abstract

Industrial control systems (ICSs), such as production systems or critical infrastructures, are an attractive target for cybercriminals, since attacks against these systems may cause severe physical damages/material damages (PD/MD), resulting in business interruption (BI) and loss of profit (LOP). Besides financial loss, cyber-attacks against ICSs can also harm human health or the environment or even be used as a kind of weapon. Thus, it is of utmost importance to manage cyber risks throughout the ICS’s lifecycle (i.e., engineering, operation, decommissioning), especially in light of the ever-increasing threat level that is accompanied by the progressive digitization of industrial processes. However, asset owners may not be able to address security risks sufficiently, nor adequately quantify them in terms of their potential impact (physical and non-physical) and likelihood. A self-deceptive solution might be using insurance to transfer these risks and offload them from their balance sheet since the underlying problem remains unsolved. The reason for this is that the exposure for asset owners remains and mitigation measures may still not be implemented adequately while the insurance industry is onboarding unassessed risks and covering it often without premium and without managing the potential exposure of accumulated events. The Dagstuhl Seminar 21451 “Managing Industrial Control Systems Security Risks for Cyber Insurance” aimed to provide an interdisciplinary forum to analyze and discuss open questions and current topics of research in this area in order to gain in-depth insights into the security risks of ICSs and the quantification thereof.

Links

Report in Dagstuhl Research Online Publication Server (DROPS): DROPS – Managing Industrial Control Systems Security Risks for Cyber Insurance (Dagstuhl Seminar 21451)

Dagstuhl Seminar Announcement: Edgar Weippl co-organizes Dagstuhl seminar 21451 – SBA Research (sba-research.org)