Multimodel-Based Incident Prediction and Risk Assessment in Dynamic Cybersecurity Protection for Industrial Control Systems

Currently, an increasing number of information/communication technologies are adopted into the industrial control systems (ICSs). While these IT technologies offer high flexibility, interoperability, and convenient administration of ICSs, they also introduce cybersecurity risks. Dynamic cybersecurity risk assessment is a key foundational component of security protection. However, due to the characteristics of ICSs, the risk assessment for IT systems is not completely applicable for ICSs. In this paper, through the consideration of the characteristics of ICSs, a targeted multilevel Bayesian network containing attack, function, and incident models is proposed. Following this proposal, a novel multimodel-based hazardous incident prediction approach is designed. On this basis, a dynamic cybersecurity risk assessment approach, which has the ability to assess the risk caused by unknown attacks, is also devised. Furthermore, to improve the accuracy of the risk assessment, which may be reduced by the redundant accumulation of overlaps amongst different consequences, a unified consequence quantification method is presented. Finally, to verify the effectiveness of the proposed approach, a simulation of a simplified chemical reactor control system is conducted in MATLAB. The simulation results can clearly demonstrate that the proposed approach has the ability to dynamically calculate the cybersecurity risk of ICSs in a timely manner. Additionally, the result of a different comparative simulation shows that our approach has the ability to assess the risk caused by unknown attacks.