A method for quantitative evaluation of security risk in cyber-physical systems

Cyber-physical systems were introduced with the introduction of the cyber sector into physical systems and the emergence of Industry 4.0. Although the main purpose of this combination has been to increase the efficiency, stability and manageability of physical systems, but this combination and integration has created very serious threats to physical systems. Successful attacks on these systems may lead to disruption or physical damage such as damage to equipment, products or even damage to humans. Therefore, the security of cyber-physical systems has become one of the important research topics. In this article, a method for quantitative assessment of security risk in cyber-physical systems is presented. This method divides the important and vital components affecting the security risks of cyber-physical systems into two categories: attacker profile and system profile, and quantitatively estimates the risk based on the index components of these two profile categories. These components include attack possibility, attack detection, attacker's knowledge of the target system, time to failure, system cost, system recovery and repair cost, and vulnerability rate. Finally, in order to demonstrate the applicability, the proposed method has been applied to a cyber-physical system and the security risk has been evaluated.