Applied Quantitative Assessment of Security Risks for Industrial Control Systems
SecRA4ICS develops methods to support quantitative security risk assessment, and thereby strives to enable cost-effective risk treatment.
Project Outline and Expected Results
The novelty of the proposed project lies in the automated identification of security risks based on engineering knowledge, dynamic risk assessment methods that utilize real-time data from threat intelligence activities, and attack simulation platforms in order to generate data that can be incorporated into risk models. In this way, this research project will provide valuable insights into the cyber risk exposure of industrial control systems (ICSs) and significantly advance the state of the art in quantitative security risk assessment.
Due to the gradual implementation of the Industry 4.0 vision, information technology is becoming increasingly important in industrial control systems (ICSs). Although the digital transformation of ICSs represents the foundation for resource-efficient industrial plants, this change increases the attack surface. Moreover, ICSs constitute an attractive target for attackers due to the fact that cyber-attacks may disrupt plant operation, causing severe physical/material damages. In further consequence, asset owners (i.e., plant operators) may suffer from business interruption and loss of profit. Thus, security risks must be managed in all phases of the ICS’s lifecycle, starting from engineering to decommissioning.
- This FFG programme is sponsored by Nationalstiftung für Forschung, Technologie und Entwicklung and Österreich-Fonds. The focus lies on funding industrial PhD projects to improve qualifications of research and innovation staff in companies and non-university research institutions. An Industrial PhD project is performed by an employee of an Austrian company/non-university research institution, who is enrolled as a PhD student at a university during the whole project.
The project is funded by Nationalstiftung für Forschung, Technologie und Entwicklung and Österreich-Fonds.