%0 Journal Article %1 alanen2022hybrid %A Alanen, Jarmo %A Linnosmaa, Joonas %A Malm, Timo %A Papakonstantinou, Nikolaos %A Ahonen, Toni %A Heikkilä, Eetu %A Tiusanen, Risto %D 2022 %J Reliability Engineering & System Safety %K 62n05-reliability-and-life-testing ontology %P 108270 %R 10.1016/j.ress.2021.108270 %T Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems %U https://www.sciencedirect.com/science/article/pii/S0951832021007444 %V 220 %X This paper introduces a model-based methodology for hybrid reliability, availability, maintainability, safety, and security (RAMSS) risk assessment management, which extends our previous work of model-based, data-driven, support for engineering mission-critical systems. It represents a hybrid risk assessment ontology, which harmonises basic concepts between dependability, safety and security based on well-known industrial standards. Based on the proposed ontology, we create a cybersecurity risk analysis method, called Security Threat Analysis (STA), for industrial control systems and successfully demonstrate the method. For the demonstration, we introduce a data model for creating a tool-supported data repository for STA, then implement this repository with a commercial-off-the-shelf tool. We use the repository to carry out an exemplary STA of a nuclear fuel pool cooling control system, assessing a cybersecurity-related hazard. The demonstration suggests that the hybrid RAMSS risk assessment ontology and the related STA data model are ready to be tested in industrial use, offering a structured data repository to support assessment and traceability between the created artefacts.

@article{alanen2022hybrid, abstract = {This paper introduces a model-based methodology for hybrid reliability, availability, maintainability, safety, and security (RAMSS) risk assessment management, which extends our previous work of model-based, data-driven, support for engineering mission-critical systems. It represents a hybrid risk assessment ontology, which harmonises basic concepts between dependability, safety and security based on well-known industrial standards. Based on the proposed ontology, we create a cybersecurity risk analysis method, called Security Threat Analysis (STA), for industrial control systems and successfully demonstrate the method. For the demonstration, we introduce a data model for creating a tool-supported data repository for STA, then implement this repository with a commercial-off-the-shelf tool. We use the repository to carry out an exemplary STA of a nuclear fuel pool cooling control system, assessing a cybersecurity-related hazard. The demonstration suggests that the hybrid RAMSS risk assessment ontology and the related STA data model are ready to be tested in industrial use, offering a structured data repository to support assessment and traceability between the created artefacts.}, added-at = {2024-05-06T05:30:11.000+0200}, author = {Alanen, Jarmo and Linnosmaa, Joonas and Malm, Timo and Papakonstantinou, Nikolaos and Ahonen, Toni and Heikkilä, Eetu and Tiusanen, Risto}, biburl = {https://www.bibsonomy.org/bibtex/2a9e476a2a0811b164f6ba56c2a7bf9fa/gdmcbain}, doi = {10.1016/j.ress.2021.108270}, interhash = {6a119442789434b786db8fe4d6ba9456}, intrahash = {a9e476a2a0811b164f6ba56c2a7bf9fa}, issn = {0951-8320}, journal = {Reliability Engineering & System Safety}, keywords = {62n05-reliability-and-life-testing ontology}, pages = 108270, timestamp = {2024-05-06T05:30:11.000+0200}, title = {Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems}, url = {https://www.sciencedirect.com/science/article/pii/S0951832021007444}, volume = 220, year = 2022 }