A Comprehensive Framework for the Security Risk Management of Cyber-Physical Systems

  • Hassan Mokalled
  • Concetta Pragliola
  • Daniele Debertol
  • Ermete Meda
  • Rodolfo Zunino
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


Cyber Physical Systems are facing huge and diverse set of security risks, especially cyber-attacks that can cause disruption to physical services or create a national disaster. Information and communication technology (ICT) has made a remarkable impact on the society. As a Cyber Physical System (CPS) relies basically on information and communication technology, this puts the system’s assets under certain risks especially cyber ones, and hence they must be kept under control by means of security countermeasures that generate confidence in the use of these assets. And so there is a critical need to give a great attention on the cybersecurity of these systems, which consequently leads to the safety of the physical world. This goal is achieved by adopting a solution that applies processes, plans and actions to prevent or reduce the effects of threats. Traditional IT risk assessment methods can do the job, however, and because of the characteristics of a CPS, it is more efficient to adopt a solution that is wider than a method, and addresses the type, functionalities and complexity of a CPS. This chapter proposes a framework that breaks the restriction to a traditional risk assessment method and encompasses wider set of procedures to achieve a high level strategy that could be adopted in the risk management process, in particular the cybersecurity of cyber-physical systems.


Cyber-physical system Risk management Cybersecurity Ansaldo STS 


  1. 1.
    Peng Y, Lu T, Liu J, Gao Y, Guo X, Xie F (2013) Cyber-physical system risk assessment. Paper presented at ninth International conference on intelligent information hiding and multimedia signal processingGoogle Scholar
  2. 2.
    Ansaldo STS CBTC communication based train control. Accessed 4 May 2018
  3. 3.
    Chen B et al (2015) Security analysis of urban railway systems: the need for a cyber-physical perspectiveGoogle Scholar
  4. 4.
    Andrew F, Emmanouil P, Pasquale M, Chris H, Fabrizio S (2016) Decision support approaches for cyber security investmentGoogle Scholar
  5. 5.
    Ansaldo Signalling and Transportation Systems (Ansaldo STS). Accessed 4 May 2018
  6. 6.
    Balvir S, Amarjeet S (2015) A roadmap to data security of automated university examination systemGoogle Scholar
  7. 7.
    Annual Emerging Cyber Threats Report. Georgia Tech Information Security Center. Accessed 4 May 2018
  8. 8.
    Internet Security Threats Report. Symantec. Accessed 4 May 2018
  9. 9.
    The CERT guide to insider threats: how to prevent, detect, and respond to theft of critical information, sabotage, and fraud. Accessed 4 May 2018
  10. 10.
    Hunker J, Probst CW (2011) Insiders and insider threats—an overview of definitions and mitigation techniques. J Wirel Mob Netw Ubiquitous Comput Depend Appl 2(1):4–27Google Scholar
  11. 11.
    Mokalled H et al (2017) The importance to manage data protection in the right way: problems and solutions. In: Optimization and decision science: methodologies and applications: ODS. Sorrento, Italy, September 4–7, pp 69–82Google Scholar
  12. 12.
    ENISA Threat Landscape Report 2017. 15 top cyber-threats and trends. Accessed 4 May 2018
  13. 13.
    MAGERIT – version 3.0. Methodology for information systems risk analysis and management. Book I – The Method, Madrid, July 2014Google Scholar
  14. 14.
    PILAR. Risk analysis and management- help files, version 6.2, August 17, 2016Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  • Hassan Mokalled
    • 1
    • 2
    • 3
  • Concetta Pragliola
    • 1
  • Daniele Debertol
    • 1
  • Ermete Meda
    • 1
  • Rodolfo Zunino
    • 2
  1. 1.Ansaldo STSCyber Security Assurance & Control DepartmentGenoaItaly
  2. 2.University of Genoa, DITENGenoaItaly
  3. 3.Lebanese University, EDST-MECRL LabBeirutLebanon

Personalised recommendations