Risk analysis and risk management in critical infrastructures
Cyber Physical Systems (CPS) are evolutionary development of embedded systems, into interconnected systems, taking advantage of network technologies to enhance systems’ functionality and efficiency. They are considered as Systems of systems. They are used in different industrial sectors and Critical Infrastructures (CI), energy sector, extensively applied in Smart Grids, water supply systems and hazardous environments. They provide effective system management and enhanced accuracy. However, they inherit both vulnerabilities of IP technology and physical systems and they are characterized by increased risk due to complexity, nature and their critical importance. During design phase, but also periodically during CPS lifetime, Risk Analysis (RA) is conducted in order to achieve and maintain a high security level. Such a security level is achieved by utilizing effective countermeasures or through adaptation in accordance to specific conditions, system changes and new threat discovery. RA aims at identifying what can go wrong, its causes, relevant probabilities, assets affected, consequences, estimate risks and set priorities for the protection of valuable assets, while setting guidelines for proper policies and countermeasures’ selection. Risk assessment involves the integration of threat, vulnerability, and consequence information. Risk management (RM) involves deciding which protective measures to take, based on an agreed risk reduction strategy. Many models/methodologies have been developed by which threats, vulnerabilities, and risks are integrated and then used to inform the allocation of resources to reduce those risks. The current thesis presents a survey of RA and RM methods and methodologies applied in CPS domain. Some have already been widely applied, trusted and accepted, while some theoretical propositions are presented too. Most of existing techniques have not been developed with CPS characteristics in mind, though they are considered suitable or suggested for such usage. A set of criteria is developed for RA and RM methodologies comparison and evaluation. Advantages and disadvantages of each one are presented. Furthermore, an overall comparative presentation is attempted and general conclusions are made. Moreover, some frameworks and standards are presented in order to provide an overview of some of the most common conceptualizations of Risk. More specifically, RA and RM methodologies will be evaluated in order to decide which one is more suitable for Critical Infrastructures. Current thesis presents methods advantages and disadvantages and evaluates them against a detailed set of comparison and evaluation criteria. In conclusion estimation about appropriateness for appliance in CPS environment is made, while in parallel specifications for relevant methodologies development, fulfilling special requirements is set. Criteria used not only apply to traditional RA methodologies stages like asset, threat and vulnerability identification but are oriented to requirements arising from CPS character and consider special CPS characteristics like dependencies, robustness, resilience and criticality. Finally, in the conclusion of the thesis a comparison between two methodologies of risk management take place. More specifically, these methodologies will be examined in a general hospital use case. The point in this comparison is to decide which one is the most appropriate for Critical Infrastructures, such as a hospital.