AutomationML Meets Bayesian Networks: A Comprehensive Safety-Security Risk Assessment in Industrial Control Systems

Abstract

Industrial control systems (ICSs) play a crucial role in the smooth operation of critical infrastructures, and their increasing complexity and interconnectedness necessitate integrating safety and security measures. Thus, an integrated risk assessment approach is essential to identify and address potential hazards and vulnerabilities. However, conducting such risk assessments becomes complex and challenging due to the difficulty in data availability. Acquiring data from various sources poses a significant hurdle. To address these challenges, automation markup language (AML) provides a standardized framework that facilitates the seamless exchange of engineering information. This article uses AML libraries and connection setup techniques to generate a valuable model of a single source of data for an integrated safety and security risk assessment. The automated risk assessment employs the AML model as a data source and the Bayesian belief network (BBN) as the risk assessment method. The value of risk associated with the system is calculated using the BBN models as the product of the probability of occurrence and severity. An evaluation of the proposed risk assessment method is also provided based on ISO 31000. AML's effectiveness as a valuable information model in meeting the growing need for comprehensive safety and security risk assessment in ICSs is demonstrated.