Cybersecurity threats on the industrial automated control systems (IACSs) are becoming a growing concern for the industrial facilities, and in particular for those where large quantities of hazardous substances are stored or handled (i.e. Seveso sites in Europe). Cyber-attacks on the control (BPCS) and safety instrumented (SIS) systems of Seveso plants may have consequences comparable to those of conventional major accidents due to internal causes. While consolidated approaches exist to manage and control the cybersecurity of IT and OT systems of a facility, there is an evident lack of procedures for assessing the actual link between malicious manipulations of the OT system (BPCS plus SIS) and the major accidents that can be triggered. In the present study a specific methodology (PHAROS) was developed to address the identification of major accident scenarios achievable by remote manipulation of the plant physical components. The methodology exploits a reverse-HazOp concept and it also supports the definition of the specifications for the design and management of barriers aimed at the prevention and mitigation of such scenarios. The application of PHAROS to a demonstrative case study evidenced first that both the BPCS and the SIS typically need to be attacked in order to induce major accidents, and second, that passive/inherent safeguards have a key role with respect to the success of the considered malicious attack in case they are properly designed.

A systematic procedure for the identification of major accident hazards induced by malicious manipulations of the control and safety instrumented systems / Iaiani M.; Tugnoli A.; Salzano E.; Cozzani V.; Landucci G.. - STAMPA. - (2020), pp. 179-186. (Intervento presentato al convegno 30th European Safety and Reliability Conference, ESREL 2020 and 15th Probabilistic Safety Assessment and Management Conference, PSAM15 2020 tenutosi a Venice, Italy nel 2020) [10.3850/978-981-14-8593-0_5338-cd].

A systematic procedure for the identification of major accident hazards induced by malicious manipulations of the control and safety instrumented systems

Iaiani M.;Tugnoli A.;Salzano E.;Cozzani V.;
2020

Abstract

Cybersecurity threats on the industrial automated control systems (IACSs) are becoming a growing concern for the industrial facilities, and in particular for those where large quantities of hazardous substances are stored or handled (i.e. Seveso sites in Europe). Cyber-attacks on the control (BPCS) and safety instrumented (SIS) systems of Seveso plants may have consequences comparable to those of conventional major accidents due to internal causes. While consolidated approaches exist to manage and control the cybersecurity of IT and OT systems of a facility, there is an evident lack of procedures for assessing the actual link between malicious manipulations of the OT system (BPCS plus SIS) and the major accidents that can be triggered. In the present study a specific methodology (PHAROS) was developed to address the identification of major accident scenarios achievable by remote manipulation of the plant physical components. The methodology exploits a reverse-HazOp concept and it also supports the definition of the specifications for the design and management of barriers aimed at the prevention and mitigation of such scenarios. The application of PHAROS to a demonstrative case study evidenced first that both the BPCS and the SIS typically need to be attacked in order to induce major accidents, and second, that passive/inherent safeguards have a key role with respect to the success of the considered malicious attack in case they are properly designed.
2020
Proceedings of the 30th European Safety and Reliability Conference and the 15th Probabilistic Safety Assessment and Management Conference
179
186
A systematic procedure for the identification of major accident hazards induced by malicious manipulations of the control and safety instrumented systems / Iaiani M.; Tugnoli A.; Salzano E.; Cozzani V.; Landucci G.. - STAMPA. - (2020), pp. 179-186. (Intervento presentato al convegno 30th European Safety and Reliability Conference, ESREL 2020 and 15th Probabilistic Safety Assessment and Management Conference, PSAM15 2020 tenutosi a Venice, Italy nel 2020) [10.3850/978-981-14-8593-0_5338-cd].
Iaiani M.; Tugnoli A.; Salzano E.; Cozzani V.; Landucci G.
File in questo prodotto:
Eventuali allegati, non sono esposti

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/838297
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact