A cybersecurity risk assessment methodology for industrial automation control systems

Industrial automation control systems (IACS) are employed in current critical infrastructures and industrial plants spanning very different domains, and the transformation process towards Industry 4.0 is further increasing the dependencies on such systems. Since IACS can be exposed to malicious threats that could lead to catastrophic consequences, it is extremely important to assess the cybersecurity risk of these systems, to identify the possible threats, their impact, likelihood, and possible countermeasures. The ISA/IEC 62443 series of standards is suited for the design and security risk analysis of IACS, and has been submitted to the International Standards on Auditing and International Electrotechnical Commission for global adoption as international standards. In this paper, we focus on the zone and conduit requirement 5 (ZCR 5) of the 62443-3-2 part of the standard, which provides the steps for detailed cybersecurity risk assessment of IACS. These steps are fundamental to identify threats related to the system, determine the risk associated with them, and derive appropriate countermeasures. We provide a methodology for conducting a detailed risk assessment of IACS that is compliant with all the steps of the ZCR 5 and integrates the following features: (i) capability to manage the complexity of the assessment process, (ii) capability to select tailored countermeasures for critical assets through the identification of attack paths, (iii) explicit involvement of the asset owner in the key steps of the assessment process, and (iv) tool-supported. We illustrate the methodology by applying it to a case study of a power plant using gas turbines.