keyboard_arrow_up
Cyber Risk Assessment for Cyber-physical Systems: A Review of Methodologies and Recommendations for Improved Assessment Effectiveness

Authors

Asila AlHarmali1, Saqib Ali1, Waqas Aman1 and Omar Hussain2, 1Sultan Qaboos University, Oman, 2University of New South Wales, Australia

Abstract

Cyber-Physical Systems (CPS) integrate physical and embedded systems with information and communication technology systems, monitoring and controlling physical processes with minimal human intervention. The connection to information and communication technology exposes CPS to cyber risks. It is crucial to assess these risks to manage them effectively. This paper reviews scholarly contributions to cyber risk assessment for CPS, analyzing how the assessment approaches were evaluated and investigating to what extent they meet the requirements of effective risk assessment. We identify gaps limiting the effectiveness of the assessment and recommend real-time learning from cybersecurity incidents. Our review covers twenty-eight papers published between 2014 and 2023, selected based on a three-step search. Our findings show that the reviewed cyber risk assessment methodologies revealed limited effectiveness due to multiple factors. These findings provide a foundation for further research to explore and address other factors impacting the quality of cyber risk assessment in CPS.

Keywords

Cyber risk assessment, Cyber-Physical Systems (CPS), real-time learning, cybersecurity incidents, effectiveness of risk assessment

Full Text  Volume 14, Number 16