Impact Assessment of IT Security Breaches in Cyber-Physical Systems - Short Paper.

The increased cyber-attack surface in cyber-physical systems, the close coupling to vulnerable physical processes, and the potential for human casualties necessitate a careful extension of traditional safety methodologies, e.g., error propagation analysis (EPA), with cybersecurity capabilities. We propose a model-driven Information Technology/Operational Technology impact analysis method that supports identifying vulnerabilities, most critical attack strategies, and most dangerous threat actors by analyzing attack scenarios on an abstract functional model of the system. Our solution extends EPA, initially developed for dependability and safety analysis, with cybersecurity aspects to explore the safety impact of a cyber attack on a cyber-physical system. The paper presents the impact analysis workflow, the threat model, the pilot analysis tool, and a case study.