Vulnerability Assessment of Industrial Control System with an Improved CVSS
This addresses cybersecurity risks for industrial practitioners, but it is incremental as it builds on the existing CVSS framework.
The study tackled the problem of cyberattack vulnerability in industrial control systems by proposing an improved CVSS method and applying it to a continuous stirred tank reactor model, finding that physical system levels have the highest severity and identifying controllers, workstations, and human-machine interfaces as crucial components.
Cyberattacks on industrial control systems (ICS) have been drawing attention in academia. However, this has not raised adequate concerns among some industrial practitioners. Therefore, it is necessary to identify the vulnerable locations and components in the ICS and investigate the attack scenarios and techniques. This study proposes a method to assess the risk of cyberattacks on ICS with an improved Common Vulnerability Scoring System (CVSS) and applies it to a continuous stirred tank reactor (CSTR) model. The results show the physical system levels of ICS have the highest severity once cyberattacked, and controllers, workstations, and human-machine interface are the crucial components in the cyberattack and defense.