Mitigating cyberattack related domino effects in process plants via ICS segmentation

Agena Ltd. (2009). Retrieved fromwww.AgenaRisk.co.uk. Aghassi, 2006, Robust game theory, Math Program, 107, 231, 10.1007/s10107-005-0686-0 ALOHA (2016). Retrieved from https://www.epa.gov/cameo/aloha-software. Arturson, 1987, The tragedy of San Juanico—the most severe LPG disaster in history, Burns, 13, 87, 10.1016/0305-4179(87)90096-9 2012, Network segmentation and segregation Boyes, H. (2013). Trustworthy cyber-physical systems-a review. Brice, A. (2009). Puerto Rico fire linked to faulty gas tank monitoring system. Retrieved from http://edition.cnn.com/2009/US/11/17/puerto.rico.fire.investigation/index.html. Byres, 2004, The myths and facts behind cyber security risks for industrial control systems Cardenas, 2009, Challenges for securing cyber physical systems Cox, 2009, Game theory and risk analysis, Risk Anal, 29, 1062, 10.1111/j.1539-6924.2009.01247.x Cozzani, 2005, The assessment of risk caused by domino effect in quantitative area risk analysis, J Hazard Mater, 127, 14, 10.1016/j.jhazmat.2005.07.003 Cozzani, 2006, Escalation thresholds in the assessment of domino accidental events, J Hazard Mater, 129, 1, 10.1016/j.jhazmat.2005.08.012 Crucitti, 2004, Error and attack tolerance of complex networks, Physica A, 340, 388, 10.1016/j.physa.2004.04.031 Csardi, 2006, The igraph software package for complex network research, InterJ Complex Syst, 1695, 1 Freeman, 1978, Centrality in social networks conceptual clarification, Soc Netw, 1, 215, 10.1016/0378-8733(78)90021-7 Hayden, 2014, An abbreviated history of automation & industrial controls systems and cybersecurity ICS-CERT, & NCCIC (2016). Recommended practice: improving industrial control system cybersecurity with defense-in-depth strategies. Retrieved from https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf. Khakzad, 2013, Domino effect analysis using Bayesian networks, Risk Anal, 33, 292, 10.1111/j.1539-6924.2012.01854.x Khakzad, 2015, Using graph theory to analyze the vulnerability of process plants in the context of cascading effects, Reliab Eng Syst Saf, 143, 63, 10.1016/j.ress.2015.04.015 Khakzad, 2016, Vulnerability analysis of process plants subject to domino effects, Reliab Eng Syst Saf, 154, 127, 10.1016/j.ress.2016.06.004 Khakzad, 2019, Low-capacity utilization of process plants: a cost-robust approach to tackle man-made domino effects, Reliab Eng Syst Saf, 191, 10.1016/j.ress.2018.03.030 Khan, 1998, Models for domino effect analysis in chemical process industries, Process Saf Prog, 17, 107, 10.1002/prs.680170207 Knapp, 2014 Lee, 2014, German steel mill cyber attack, Ind Control Syst, 30 Lewis, P., & Macalister, T. (2010). Buncefield fire: Oil storage firm found guilty of safety breaches. Retrieved fromhttps://www.theguardian.com/uk/2010/jun/18/buncefield-fire-oil-company-guilty. Matches (2014). Retrieved from http://matche.com/equipcost/Tank.html. McMillan, 2018, New type of cyberattack targets factory safety systems, Wall Street J Nicholas, P. (2017). Mind the air gap: network separation's cost, productivity and security drawbacks. Retrieved from https://www.microsoft.com/en-us/cybersecurity/blog-hub/mind-the-air-gap-network-separation. Pearl, 2014 Reniers, 2008, Knock-on accident prevention in a chemical cluster, Expert Syst Appl, 34, 42, 10.1016/j.eswa.2006.08.033 Rew, 2004, Development of a method for the determination of on-site ignition probabilities Sanger, 2012 Schmidt, M. S., & Perlroth, N. (2013). Obama order gives firms cyberthreat information. Retrieved from http://www.nytimes.com/2013/02/13/us/executive-order-on-cybersecurity-is-issued.html. Security Roundtable (2018). ‘Tried and true’ network segmentation can come to the rescue. Retrieved fromhttps://www.securityroundtable.org/tried-true-network-segmentation-can-come-rescue/. Siemens (2008). Security concept PCS 7 and WinCC - basic document (Whitepaper). Retrieved fromhttps://cache.industry.siemens.com/dl/files/131/26462131/att_80283/v1/wp_sec_b.pdf. Srivastava, 2010, New methodologies for security risk assessment of oil and gas industry, Process Saf Environ Prot, 88, 407, 10.1016/j.psep.2010.06.004 Stouffer, 2011, Guide to industrial control systems (ICS) security, NIST Spec Publ, 800 Wagner, 2017, A nature-inspired decision system for secure cyber network architecture Wang, 2014, Robustness of Internet under targeted attack: a cascading failure perspective, J Netw Comput Appl, 40, 97, 10.1016/j.jnca.2013.08.007 Zhao, 2004, Attack vulnerability of scale-free networks due to cascading breakdown, Phys Rev E, 70, 10.1103/PhysRevE.70.035101