A Novel Quantitative Risk Assessment Model for Industrial Control Systems Integrating the Cyber-Physical Domain

Download PDF
Open Webpage

Ying Zhou, Zhiyong Zhang, Kefeng Fan, Mingyan Wang, Ke Cheng, Zhongya Zhang, Hang Zhang

Published: 2025, Last Modified: 07 Jan 2026IEEE Trans. Ind. Informatics 2025EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: The tight cyber–physical coupling in industrial control system (ICS) makes it vulnerable to attacks, where attackers can exploit system vulnerabilities to cross domain boundaries, causing significant losses. A novel quantitative risk assessment framework for ICS is proposed, integrating both the cyber domain and the physical domain to address potential risk assessment issues. First, an entropy-weighted technique for order preference by similarity to ideal solution method introducing triangular fuzzy numbers is proposed to solve the vulnerability index for multiattribute decision making to obtain the a prior probability. Second, the risk propagation mechanism of complex network topology and device interaction under ICS was studied, and the posterior probability model based on susceptible-exposed-infectious-recovered was designed to dynamically capture the propagation characteristics of risks in the network. Finally, the safety loss level is defined based on standard criteria to achieve quantitative risk assessment of ICS. The proposed risk assessment model was experimentally validated on the SWaT testbed, with results confirming its feasibility and effectiveness.