DRIVERS: A platform for dynamic risk assessment of emergent cyber threats for industrial control systems

A good cyber risk assessment is nowadays a matter of paramount importance for industrial systems and critical infrastructures. In a radical change and continuous development scenario such as that represented by Industry 4.0 plants, it is no longer sufficient to consider only static risks relating to the analysis of past data, but there is a need for a risk assessment that takes into account risks arising from emergent threats. In this paper, we propose a novel methodology for dynamic risk assessment that takes into account both the known values related to the static components of the system and the risks related to the emergence of new threats that have not yet been verified but are plausible according to experts. To achieve this, as part of the national "DRIVERS" project, an analysis of the most significant cyber-security factors was conducted to classify them in terms of relevance, considering both risk acceleration and risk mitigation aspects. This assessment is carried out by means of the multi-criteria decision support technique Analytic Hierarchy Process (AHP), performed by dividing the threat into a hierarchical structure.