Quantitative Risk Assessment Of ICS Based On Threat And Vulnerability

In current security problems of industrial control system, the lack of suitable risk assessment is the important factors among security accidents. Therefore, the detailed analysis of risk factor is important, as well as special risk management plan.This paper focus on risk management of industrial control system, introduce risk elements and mutual relation, describes the function of protective measures in more detail. Research of risk analysis includes:identify the main threat and determine impact and probability of occurrence, establish relative threat library; quantitatively calculate modular system vulnerability using the attack tree model and effectiveness of measures, determine the security level of component using D-S evidence theory and effectiveness level using unascertained measure method; quantitatively calculate asset loss through asset value and impact factor. Quantitatively analyze efficiency of security plan according to the mitigated vulnerability and mitigated risk, utilizes return of investment to optimize risk management.