Paper Info
Title
Analysis Of Cybersecurity-Related Incidents In The Process Industry
Abstract
The digital transition in the process industry is characterized by a high level of automation and an increasing connection with external networks, which makes facilities vulnerable to cybers-threats. A cyber-attack, beside economic and reputational damages, can potentially trigger major events (e.g. releases of hazardous materials, fires, explosions) with severe consequences on workers, population, and the environment. In the present study, the cybersecurity-related incidents that occurred in the process industry and in similar industrial sectors (chemical, petrochemical, energy production, water/wastewater treatment) were investigated. The aim of the study is to frame a clear picture of the cyber-attacks on the automated control systems of process facilities and to issue lessons learnt from past incidents. The study is based on the development and analysis of a database of 82 cybersecurity-related incidents gathered from various sources. Time trend, geographical distribution, distribution among the industrial sectors, impacts of the incidents, and nature of the cyber-attacks (attacker, intentional/accidental type, system infected) were investigated. The analysis of a sub-set of more detailed incidents allowed the identification of the general steps of a cyber-attack on automated control systems of a process facility, the main hacking techniques used by the attackers and the more common cybersecurity countermeasures applicable to the prevention of a cyber-attack.
Year
DOI
Venue
2021
10.1016/j.ress.2021.107485
RELIABILITY ENGINEERING & SYSTEM SAFETY
Keywords
DocType
Volume
Past incident analysis, process industry, major event, Seveso site, security vulnerability assessment, cybersecurity-related incident, cyber-attack
Journal
209
ISSN
Citations 
PageRank 
0951-8320
0
0.34
References 
Authors
0
4
Name
Order
Citations
PageRank
Matteo Iaiani101.01
Alessandro Tugnoli2113.25
Sarah Bonvicini3122.55
Valerio Cozzani400.34