Cyberattack-Related Cascading Effects Mitigation
A Risk-based Approach for ICS Network Segmentation Design in Chemical Plants
Raditya Raditya Arief (TU Delft - Technology, Policy and Management)
Genserik L.L.M.E. Reniers – Coach
N. Khakzad – Mentor
Mark Reuver – Mentor
W Pieters – Mentor
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Cascading effects are high-impact, low-probability phenomena that have caused catastrophic impacts in various chemical and process plants around the world. With the increasing trend of cyberattacks targeting critical infrastructures, there is a concern that accidents caused by cyberattacks may trigger cascading effects in these facilities. In this study, we have demonstrated that the implementation of network segmentation to ICS networks to improve its robustness against the risk of cyberattack-related cascading effects. A risk-based methodology is developed to investigate and evaluate the robustness of design alternatives. The risk-based methodology also incorporates a risk assessment method based on Bayesian networks for cascading effects modeling. Further, this thesis also presents some design guidelines for developing robust networks segmentation designs, which includes the application of a graph-theoretic approach that enables early identification of the severity of cascading effects in network design alternatives. The risk-based methodology and the design guidelines are applied to a case study in which the efficacy of the approaches are demonstrated. The outcome of the risk-based methodology offers an alternative risk mitigation technique that can be considered in the risk management process.