Development of a cyber security risk model using Bayesian networks
Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I&C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based o...
Gespeichert in:
| Veröffentlicht in: | Reliability engineering & system safety 2015-02, Vol.134, p.208-217 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 217 |
|---|---|
| container_issue | |
| container_start_page | 208 |
| container_title | Reliability engineering & system safety |
| container_volume | 134 |
| creator | Shin, Jinsoo Son, Hanseong Khalil ur, Rahman Heo, Gyunyoung |
| description | Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I&C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility.
•We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network.•One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide.•Other is the architecture model represents the probability of cyber-attack on RPS architecture.•The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor. |
| doi_str_mv | 10.1016/j.ress.2014.10.006 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1677931116</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0951832014002464</els_id><sourcerecordid>1677931116</sourcerecordid><originalsourceid>FETCH-LOGICAL-c366t-d9bfc840b363fbdd18bef45c7dd2756e52ff0454e7d90b30b34465c6bb52302b3</originalsourceid><addsrcrecordid>eNqNkE1LxDAQhoMouK7-AU85emlNmjRpwYu7fsKCFz2HJplKdttmTdqV_ntb1rMIAwMvzzswD0LXlKSUUHG7TQPEmGaE8ilICREnaEELWSakYOIULUiZ06RgGTlHFzFuCSG8zOUCrR7gAI3ft9D12Ne4wmbUEHAEMwTXjzi4uMOtt9DgIbruE6-qEaKrOtxB_-3DLl6is7pqIlz97iX6eHp8X78km7fn1_X9JjFMiD6xpa5NwYlmgtXaWlpoqHlupLWZzAXkWV0TnnOQtpygaTgXuRFa5xkjmWZLdHO8uw_-a4DYq9ZFA01TdeCHqKiQsmSUUvEflLFSSE4nNDuiJvgYA9RqH1xbhVFRoma3aqtmt2p2O2eT26l0dyzB9O_BQVDROOgMWBfA9Mp691f9B1qdgnE</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1673396741</pqid></control><display><type>article</type><title>Development of a cyber security risk model using Bayesian networks</title><source>Elsevier ScienceDirect Journals</source><creator>Shin, Jinsoo ; Son, Hanseong ; Khalil ur, Rahman ; Heo, Gyunyoung</creator><creatorcontrib>Shin, Jinsoo ; Son, Hanseong ; Khalil ur, Rahman ; Heo, Gyunyoung</creatorcontrib><description>Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I&C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility.
•We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network.•One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide.•Other is the architecture model represents the probability of cyber-attack on RPS architecture.•The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor.</description><identifier>ISSN: 0951-8320</identifier><identifier>EISSN: 1879-0836</identifier><identifier>DOI: 10.1016/j.ress.2014.10.006</identifier><language>eng</language><publisher>Elsevier Ltd</publisher><subject>Activity-quality ; Architecture analysis ; Bayesian analysis ; Bayesian network ; Computer information security ; Cyber security ; Nuclear engineering ; Nuclear reactor components ; Nuclear safety ; Protection systems ; Reactor protection system ; Research reactor ; Risk ; Security</subject><ispartof>Reliability engineering & system safety, 2015-02, Vol.134, p.208-217</ispartof><rights>2014 Elsevier Ltd</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c366t-d9bfc840b363fbdd18bef45c7dd2756e52ff0454e7d90b30b34465c6bb52302b3</citedby><cites>FETCH-LOGICAL-c366t-d9bfc840b363fbdd18bef45c7dd2756e52ff0454e7d90b30b34465c6bb52302b3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.ress.2014.10.006$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,776,780,3536,27903,27904,45974</link.rule.ids></links><search><creatorcontrib>Shin, Jinsoo</creatorcontrib><creatorcontrib>Son, Hanseong</creatorcontrib><creatorcontrib>Khalil ur, Rahman</creatorcontrib><creatorcontrib>Heo, Gyunyoung</creatorcontrib><title>Development of a cyber security risk model using Bayesian networks</title><title>Reliability engineering & system safety</title><description>Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I&C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility.
•We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network.•One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide.•Other is the architecture model represents the probability of cyber-attack on RPS architecture.•The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor.</description><subject>Activity-quality</subject><subject>Architecture analysis</subject><subject>Bayesian analysis</subject><subject>Bayesian network</subject><subject>Computer information security</subject><subject>Cyber security</subject><subject>Nuclear engineering</subject><subject>Nuclear reactor components</subject><subject>Nuclear safety</subject><subject>Protection systems</subject><subject>Reactor protection system</subject><subject>Research reactor</subject><subject>Risk</subject><subject>Security</subject><issn>0951-8320</issn><issn>1879-0836</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><recordid>eNqNkE1LxDAQhoMouK7-AU85emlNmjRpwYu7fsKCFz2HJplKdttmTdqV_ntb1rMIAwMvzzswD0LXlKSUUHG7TQPEmGaE8ilICREnaEELWSakYOIULUiZ06RgGTlHFzFuCSG8zOUCrR7gAI3ft9D12Ne4wmbUEHAEMwTXjzi4uMOtt9DgIbruE6-qEaKrOtxB_-3DLl6is7pqIlz97iX6eHp8X78km7fn1_X9JjFMiD6xpa5NwYlmgtXaWlpoqHlupLWZzAXkWV0TnnOQtpygaTgXuRFa5xkjmWZLdHO8uw_-a4DYq9ZFA01TdeCHqKiQsmSUUvEflLFSSE4nNDuiJvgYA9RqH1xbhVFRoma3aqtmt2p2O2eT26l0dyzB9O_BQVDROOgMWBfA9Mp691f9B1qdgnE</recordid><startdate>20150201</startdate><enddate>20150201</enddate><creator>Shin, Jinsoo</creator><creator>Son, Hanseong</creator><creator>Khalil ur, Rahman</creator><creator>Heo, Gyunyoung</creator><general>Elsevier Ltd</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7T2</scope><scope>7U1</scope><scope>7U2</scope><scope>C1K</scope><scope>7SC</scope><scope>7TB</scope><scope>8FD</scope><scope>FR3</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20150201</creationdate><title>Development of a cyber security risk model using Bayesian networks</title><author>Shin, Jinsoo ; Son, Hanseong ; Khalil ur, Rahman ; Heo, Gyunyoung</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c366t-d9bfc840b363fbdd18bef45c7dd2756e52ff0454e7d90b30b34465c6bb52302b3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Activity-quality</topic><topic>Architecture analysis</topic><topic>Bayesian analysis</topic><topic>Bayesian network</topic><topic>Computer information security</topic><topic>Cyber security</topic><topic>Nuclear engineering</topic><topic>Nuclear reactor components</topic><topic>Nuclear safety</topic><topic>Protection systems</topic><topic>Reactor protection system</topic><topic>Research reactor</topic><topic>Risk</topic><topic>Security</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Shin, Jinsoo</creatorcontrib><creatorcontrib>Son, Hanseong</creatorcontrib><creatorcontrib>Khalil ur, Rahman</creatorcontrib><creatorcontrib>Heo, Gyunyoung</creatorcontrib><collection>CrossRef</collection><collection>Health and Safety Science Abstracts (Full archive)</collection><collection>Risk Abstracts</collection><collection>Safety Science and Risk</collection><collection>Environmental Sciences and Pollution Management</collection><collection>Computer and Information Systems Abstracts</collection><collection>Mechanical & Transportation Engineering Abstracts</collection><collection>Technology Research Database</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Reliability engineering & system safety</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Shin, Jinsoo</au><au>Son, Hanseong</au><au>Khalil ur, Rahman</au><au>Heo, Gyunyoung</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Development of a cyber security risk model using Bayesian networks</atitle><jtitle>Reliability engineering & system safety</jtitle><date>2015-02-01</date><risdate>2015</risdate><volume>134</volume><spage>208</spage><epage>217</epage><pages>208-217</pages><issn>0951-8320</issn><eissn>1879-0836</eissn><abstract>Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I&C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility.
•We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network.•One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide.•Other is the architecture model represents the probability of cyber-attack on RPS architecture.•The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor.</abstract><pub>Elsevier Ltd</pub><doi>10.1016/j.ress.2014.10.006</doi><tpages>10</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0951-8320 |
| ispartof | Reliability engineering & system safety, 2015-02, Vol.134, p.208-217 |
| issn | 0951-8320 1879-0836 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1677931116 |
| source | Elsevier ScienceDirect Journals |
| subjects | Activity-quality Architecture analysis Bayesian analysis Bayesian network Computer information security Cyber security Nuclear engineering Nuclear reactor components Nuclear safety Protection systems Reactor protection system Research reactor Risk Security |
| title | Development of a cyber security risk model using Bayesian networks |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-23T05%3A02%3A11IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Development%20of%20a%20cyber%20security%20risk%20model%20using%20Bayesian%20networks&rft.jtitle=Reliability%20engineering%20&%20system%20safety&rft.au=Shin,%20Jinsoo&rft.date=2015-02-01&rft.volume=134&rft.spage=208&rft.epage=217&rft.pages=208-217&rft.issn=0951-8320&rft.eissn=1879-0836&rft_id=info:doi/10.1016/j.ress.2014.10.006&rft_dat=%3Cproquest_cross%3E1677931116%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1673396741&rft_id=info:pmid/&rft_els_id=S0951832014002464&rfr_iscdi=true |