**4. Automation of risk analysis and management on the base of cognitive modeling technology**

To improve an efficiency of risk analysis and management with use of FGCM, the special software tool "Cognitive Map Constructor" was developed. This software allows us to build and edit FGCM, use them to carry out the security risk analysis, and justify the choice of the necessary countermeasures from the given user-specified set. As a result, a diagram of risk assessment is built under various scenarios of countermeasures' implementation and threats' realization.

Besides supporting the FGCM with the installation of connections weights in the form of the upper and lower boundaries, the software allows us the use of linguistic terms of fuzzy logic, as well as setting the weights in the form of "white" crisp numbers. The software has the interface implemented in HTML using CSS, which allows displaying the FGCM and all the necessary accompanying information by the concepts and connections, and also is able to work on any graphical operating system that has a current Web browser.

There are five kinds of concepts which are used in FGCM: threats, information assets, intermediate concepts, targets, and countermeasures, which can be marked by different colors for convenience and clarity.

As a result, the steady-state value of the grey state vector ⊗ *X* for FGCM

⊗ *X* ¼ f g ½ � 0, 8;1 , 0, 43;0, 58 ½ �, 0, 28;0, 55 ½ �, 0, 20;0, 40 ½ �, 0, 06;0, 16 ½ �, 0, 24;0, 53 ½ � ,

and the final value for the target concept state is determined by the grey number

Consider the state of the target concept *CR* (**Figure 2**)—the damage caused by the potential violation of TMI integrity in the AIS—after clarifying all weights by the level of decomposition of the original FGCM. Let us assume that the active

**Connection weight The value of the connection weight Greyness (scatter of assessment)**

*WT*<sup>1</sup> <sup>1</sup> [0.6; 0.75] 0.075 *W*<sup>12</sup> [0.5; 0.7] 0.1 *W*<sup>13</sup> [0.5; 0.7] 0.1 *W*<sup>14</sup> [0.15; 0.3] 0.075 *W*<sup>25</sup> [0.55; 0.65] 0.05 *W*<sup>32</sup> [0.35; 0.55] 0.1 *W*<sup>35</sup> [0.55; 0.65] 0.05 *W*<sup>42</sup> [0.3; 0.5] 0.1 *W*<sup>43</sup> [0.15; 0.3] 0.075 *W*<sup>45</sup> [0.2; 0.45] 0.125

*k* **1 2 3 45678**

*X*<sup>1</sup> 0.36 0.50 0.55 0.57 0.58 0.58 0.58 0.58 *X*<sup>2</sup> 0 0.125 0.28 0.40 0.48 0.52 0.54 0.55 *X*<sup>3</sup> 0 0.125 0.24 0.32 0.36 0.38 0.39 0.40 *X*<sup>4</sup> 0 0.054 0.10 0.13 0.15 0.16 0.16 0.16 *X*<sup>5</sup> 0 0 0.093 0.23 0.36 0.45 0.50 0.53

*k* **1 2 3 4 5 6 78**

*X*<sup>1</sup> 0.24 0.34 0.39 0.41 0.43 0.43 0.43 0.43 *X*<sup>2</sup> 0 0.059 0.13 0.18 0.22 0.25 0.27 0.28 *X*<sup>3</sup> 0 0.059 0.115 0.16 0.18 0.19 0.20 0.20 *X*<sup>4</sup> 0 0.018 0.034 0.046 0.052 0.058 0.06 0.06 *X*<sup>5</sup> 0 0 0.034 0.087 0.14 0.18 0.21 0.24

<sup>1</sup> decomposition is found as

presented in **Figure 6**, i.e., for the concept *<sup>C</sup>*1, <sup>1</sup>

⊗ *X*<sup>5</sup> ∈ ½ � 0, 24;0, 53 .

*Digital Forensic Science*

*Xi*

**Table 8.**

**Table 9.**

*Xi*

**Table 10.**

**32**

*Upper boundaries of concept state estimates*

*The values of communications FGCM weights.*

*Lower boundaries of concept state estimates.*

The set of the options depends on the type of the concept, but in most cases its name is specified with description, as well as its current state. In the case when the weights of all connections, pointing to the concept, are assumed to be equal, one can mark the option "Imposed weight" and set the desired value. For countermeasures, it is permissible to indicate which of existing countermeasure it is, that allows realizing situations when one countermeasure acts on several connections at once.

**5. Conclusions**

the aid of Fuzzy Grey Cognitive Maps.

*DOI: http://dx.doi.org/10.5772/intechopen.89215*

data and expert opinions.

**Acknowledgements**

**Author details**

**35**

A promising way to solve the problem of assessing the cybersecurity risks of industrial automated systems is to model the threats realization scenarios using the tools of topological analysis of the system security and cognitive modeling with

*Cybersecurity Risk Analysis of Industrial Automation Systems on the Basis of Cognitive…*

At the basis of this approach, the construction of original FGCM is proposed to assess the risk of automated control system with the following decomposition of FGCM into the number of cognitive maps of the next level of detail (the same as it is done in IDEF0 Functional Modeling technology). The features of construction of this procedure are discussed in this chapter in relation to the task of ensuring the telemetry information integrity in the industrial automated system for collecting, storing, and processing information on the conditions of on-board aviation systems. It is shown that the use of FGCM allows us to obtain more reliable estimates of security risk factors with account of the possible variations of the available actual

To automate the proposed risk assessment procedure in the considered system for collecting, storing, and processing telemetry information with use of FGCM, the software tool "Cognitive Map Constructor" was developed, which can be used for identifying the most dangerous vulnerabilities in the system and evaluating the effectiveness of various measures (countermeasures) realization for telemetric information protection from the impact of external and internal threats.

The reported study was funded by RFBR according to the research Project No.

18-00-00238 "Decision support methods and models for innovative project

Vladimir I. Vasilyev\*, Alexey M. Vulfin and Liliya R. Chernyakhovskaya Ufa State Aviation Technical University, Ufa, Russian Federation

© 2019 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/ by/3.0), which permits unrestricted use, distribution, and reproduction in any medium,

\*Address all correspondence to: vasilyev@ugatu.ac.ru

provided the original work is properly cited.

management based on knowledge engineering."

To establish the relationships between the concepts, it is necessary to click on the button "Placement" of the action group "Connections" in the tool window. After that, the connections are located by pressing consecutively on the initial and final element. The located countermeasures and initial states of the concepts can be adjusted and combined, creating the different scenarios that allow us to compare the effectiveness of countermeasures.

**Figures 10** and **11** show the FGCM risk estimates built in the "Cognitive Map Constructor."

Thus, the developed software "Cognitive Map Constructor" allows evaluating the effectiveness of the use of the TMI integrity monitoring system in the protection of telemetric information from the effects of external and internal threats.

### **Figure 10.**

*FGCM for risk assessment of data collection and storage subsystem at the service stations (Zone 1) (software window form).*

**Figure 11.** *FGCM for risk assessment in the core of the CIN (Zone 2) and TMI (software window form).*

*Cybersecurity Risk Analysis of Industrial Automation Systems on the Basis of Cognitive… DOI: http://dx.doi.org/10.5772/intechopen.89215*
