Modeling Human Error Factors with Security Incidents in Industrial Control Systems: A Bayesian Belief Network Approach

Abstract

Industrial Control Systems (ICSs) are critical in automating and controlling industrial processes. Human errors within ICSs can significantly impact the system's underlying processes and users' safety. Thus, it is essential to understand the factors contributing to human errors and implement targeted interventions. Various factors that influence and mitigate human errors must be explored, including organizational, supervisory, personal, and technical factors. In parallel, the impact of a security incident also needs consideration. The paper presents a Bayesian Belief Network (BBN) model developed to model these factors comprehensively and demonstrate their impact, especially in the context of security incidents. Probability distributions are employed with practical assumptions to overcome data limitations, emphasizing the model's utility in risk assessment. The model's complexity is addressed using multiple interconnected sub-models, enhancing accuracy and avoiding unnecessary intricacies. Despite challenges in identifying all relevant factors, a sincere effort is made to incorporate diverse research findings. This paper highlights the essential role of BBN models in understanding and mitigating human errors, contributing to the resilience of ICS processes. The use of BBN and probabilistic distributions enables quantitative and probabilistic analysis of the impact of human errors, aiding in developing more robust risk management strategies to improve system resilience in ICSs.