**1. Introduction**

Digital economy, cyber-physical objects, cyberspace, and Internet of Things are concepts that have firmly entered our lives in recent years. As a part of industrial revolution "Industry 4.0," the face of modern industrial enterprises, which actively use the transition to unmanned production technologies, the integration of information technologies into the most complex production processes, has dramatically changed. In this case, a distinctive feature of production is the close

connection of technological networks with the corporate network, as it is necessary both for production management and for administration of industrial networks and systems. Modern technological networks, as a rule, have direct access to the Internet, for example, for maintenance and technical support of industrial automation systems by employees of organizations—contractors. Also, computers of contractors, developers, integrators, and system/network administrators connected to the technological network of the service company from the outside often have free access to the Internet.

• high-level (preliminary) risk assessment of cyber-attacks effects;

*Cybersecurity Risk Analysis of Industrial Automation Systems on the Basis of Cognitive…*

IACS, their interaction with networks, key divisions, etc.;

telecommunication equipment, communication lines, etc.;

• detailed risk analysis for each selected zone; and

appropriate protection measures.

systems, and other assets;

*DOI: http://dx.doi.org/10.5772/intechopen.89215*

security zones;

level of IACS as a whole.

on the basis of modeling results.

and the list of references is given.

**21**

• building a reference model of IACS as the protection object, describing the classification of main activities types, technological process, automatic control

• building an asset model, describing the hierarchy of main objects and assets of

• building a reference architecture model, reflecting all basic elements of IACS,

• building a zone and conduct model, dividing the protected object into separate

• determination of the current security level for each zone and requirements to ensure the target security level of the zone, implemented by the choice of

At the same time, the "bottleneck" of the above normative documents regulating the issues of ensuring IACS cybersecurity is the absence of formalized methods for detailed risk assessment. As the volume of statistical data, development of mathematical models of risk, threats, and security incidents increase, it becomes topical to develop methods and algorithms for quantitative risk assessment, ensuring the possibility of a reasonable choice of IACS devices and the necessary countermeasures both within individual security zones and ensuring the required cybersecurity

A promising way to solve this problem is the use of technology of cognitive modeling, based on construction and analysis of fuzzy grey cognitive maps

(FGCM), which has been widely used in recent years [5–10]. Fuzzy grey (interval) cognitive maps are considered to be a good extension of fuzzy cognitive maps (FCM) family, since they are better suited to experts representations, have a greater interpretability and provide more degrees of freedom to the decision making person

Brief information concerning the "grey" system, the "grey" number, and the "grey" variable is presented below, and the mathematical apparatus of FGCM is considered. Then, on the example of solving the problem of ensuring the integrity of telemetric information in IACS, the technique of assessing the cybersecurity risks with use of FGCM is discussed. In the end of the chapter, the conclusions are drawn

Let us note one important circumstance. When considering below a specific example of AIS risk assessment using FGCM (Section 2), an approach based on decomposition of the original (integrated) FGCM by disclosing (detailing) the content of its concepts is used, resulting in the set of interconnected local FGCM that characterize certain aspects of AIS risks assessment procedure associated with the features of its subsystems. In ideological plan, this approach is based on the FCM decomposition theory and the algebra of FCM causal transformations proposed in [11, 12]. However, the main difference between the approach described in [12] and our approach is that in [12] the detailed FCM system of a large size comes out as the original FCM, which reduces to a simpler (quotient) FCM by using the operations proposed by the authors. Each concept of this quotient FCM accumulates

Under such conditions, the problem of ensuring the security (cybersecurity) of industrial automation and control systems (IACS) sharply increases. In corporate networks, the object of protection is information and the problem of ensuring the confidentiality of information is primarily addressed. However, in the case of industrial automated control systems, the object of protection is already technological processes (TP), and not ensuring the confidentiality of information comes to the fore, but first of all ensuring the continuity and integrity of the TP itself. Speaking of IACS cybersecurity, the so-called digital attacks (cyber-attacks) are primarily considered associated with exposure to IACS through the control and monitoring devices—controllers, data acquisition and transmission devices, SCADA servers, workstations, telecom equipment, communication lines, etc.

The severity and relevance of IACS cybersecurity problem are confirmed by statistics of recent years, showing a sharp increase in the number of the targeted attacks on industrial networks and systems, as well as an increase in the scale of consequences of these attacks. A vivid example of a large-scale cyber-attack that hit a lot of companies around the world from May 12 to May 15, 2017 is the attack of a network worm—the coder WannaCry [1]. Among the victims of this wellcoordinated attack were companies engaged in various types of production, oil refineries, urban infrastructure facilities, and distribution power grids.

In May 2018, VPNFilter malware, which infected at least 500,000 routers and data storage devices in 54 countries around the world, was detected. The purpose of this software is to steal credentials, detect industrial SCADA equipment, and carry out various attacks using infected devices in the botnets. June 2018 was marked by a large-scale cyber-attack on telecommunications companies, communication satellite operators, and defense contractors in the United States and Southeast Asia. During the attack, the attackers infected computers used for managing the communication satellites and collecting geoposition data. According to experts' opinions, the purpose of the cyber-attack was espionage and data interception from civilian and military communication channels. In total, according to Kaspersky Lab, the share of attacked IACS computers in the world in 2018 increased by 3.2% compared with 2017 and amounted to 47.2% [2].

Considering the seriousness of the current situation and the need to take urgent measures, the international community and information security experts are concerned about finding effective ways to solve the problem of ensuring the security of industrial automated systems. For instance, the European Commission has developed the European Program for Critical Infrastructure Protection. Several international standards for ensuring the cybersecurity of automated process control systems have been proposed and effectively used in world practice, such as NERC Critical Infrastructure Protection, NIST SP 800-82 Guide to Industrial Control Systems Security, ISA/IEC 62443 Industrial Automation and Control Systems Security [3, 4].

The basis of the requirements presented by the ISA/IEC 62443 standards series for ensuring the IACS security is a risk-oriented approach. In accordance with this approach, designing of a management system for a protected IACS involves the following stages:

*Cybersecurity Risk Analysis of Industrial Automation Systems on the Basis of Cognitive… DOI: http://dx.doi.org/10.5772/intechopen.89215*


At the same time, the "bottleneck" of the above normative documents regulating the issues of ensuring IACS cybersecurity is the absence of formalized methods for detailed risk assessment. As the volume of statistical data, development of mathematical models of risk, threats, and security incidents increase, it becomes topical to develop methods and algorithms for quantitative risk assessment, ensuring the possibility of a reasonable choice of IACS devices and the necessary countermeasures both within individual security zones and ensuring the required cybersecurity level of IACS as a whole.

A promising way to solve this problem is the use of technology of cognitive modeling, based on construction and analysis of fuzzy grey cognitive maps (FGCM), which has been widely used in recent years [5–10]. Fuzzy grey (interval) cognitive maps are considered to be a good extension of fuzzy cognitive maps (FCM) family, since they are better suited to experts representations, have a greater interpretability and provide more degrees of freedom to the decision making person on the basis of modeling results.

Brief information concerning the "grey" system, the "grey" number, and the "grey" variable is presented below, and the mathematical apparatus of FGCM is considered. Then, on the example of solving the problem of ensuring the integrity of telemetric information in IACS, the technique of assessing the cybersecurity risks with use of FGCM is discussed. In the end of the chapter, the conclusions are drawn and the list of references is given.

Let us note one important circumstance. When considering below a specific example of AIS risk assessment using FGCM (Section 2), an approach based on decomposition of the original (integrated) FGCM by disclosing (detailing) the content of its concepts is used, resulting in the set of interconnected local FGCM that characterize certain aspects of AIS risks assessment procedure associated with the features of its subsystems. In ideological plan, this approach is based on the FCM decomposition theory and the algebra of FCM causal transformations proposed in [11, 12]. However, the main difference between the approach described in [12] and our approach is that in [12] the detailed FCM system of a large size comes out as the original FCM, which reduces to a simpler (quotient) FCM by using the operations proposed by the authors. Each concept of this quotient FCM accumulates

connection of technological networks with the corporate network, as it is necessary both for production management and for administration of industrial networks and systems. Modern technological networks, as a rule, have direct access to the Internet, for example, for maintenance and technical support of industrial automation systems by employees of organizations—contractors. Also, computers of contractors, developers, integrators, and system/network administrators connected to the technological network of the service company from the outside often have free

Under such conditions, the problem of ensuring the security (cybersecurity) of industrial automation and control systems (IACS) sharply increases. In corporate networks, the object of protection is information and the problem of ensuring the confidentiality of information is primarily addressed. However, in the case of industrial automated control systems, the object of protection is already technological processes (TP), and not ensuring the confidentiality of information comes to the fore, but first of all ensuring the continuity and integrity of the TP itself. Speaking of IACS cybersecurity, the so-called digital attacks (cyber-attacks) are primarily considered associated with exposure to IACS through the control and monitoring devices—controllers, data acquisition and transmission devices, SCADA

servers, workstations, telecom equipment, communication lines, etc.

network worm—the coder WannaCry [1]. Among the victims of this wellcoordinated attack were companies engaged in various types of production, oil

refineries, urban infrastructure facilities, and distribution power grids.

compared with 2017 and amounted to 47.2% [2].

Security [3, 4].

following stages:

**20**

The severity and relevance of IACS cybersecurity problem are confirmed by statistics of recent years, showing a sharp increase in the number of the targeted attacks on industrial networks and systems, as well as an increase in the scale of consequences of these attacks. A vivid example of a large-scale cyber-attack that hit a lot of companies around the world from May 12 to May 15, 2017 is the attack of a

In May 2018, VPNFilter malware, which infected at least 500,000 routers and data storage devices in 54 countries around the world, was detected. The purpose of this software is to steal credentials, detect industrial SCADA equipment, and carry out various attacks using infected devices in the botnets. June 2018 was marked by a large-scale cyber-attack on telecommunications companies, communication satellite operators, and defense contractors in the United States and Southeast Asia. During the attack, the attackers infected computers used for managing the communication satellites and collecting geoposition data. According to experts' opinions, the purpose of the cyber-attack was espionage and data interception from civilian and military communication channels. In total, according to Kaspersky Lab, the share of attacked IACS computers in the world in 2018 increased by 3.2%

Considering the seriousness of the current situation and the need to take urgent

The basis of the requirements presented by the ISA/IEC 62443 standards series for ensuring the IACS security is a risk-oriented approach. In accordance with this approach, designing of a management system for a protected IACS involves the

measures, the international community and information security experts are concerned about finding effective ways to solve the problem of ensuring the security of industrial automated systems. For instance, the European Commission has developed the European Program for Critical Infrastructure Protection. Several international standards for ensuring the cybersecurity of automated process control systems have been proposed and effectively used in world practice, such as NERC Critical Infrastructure Protection, NIST SP 800-82 Guide to Industrial Control Systems Security, ISA/IEC 62443 Industrial Automation and Control Systems

access to the Internet.

*Digital Forensic Science*

information on the state of several similar concepts of the original FCM, thus aggregating the corresponding concepts. In our case, on the contrary, the original FGCM has a small dimension, the number of forming its basic concepts corresponds to the number of basic subsystems of the system under study, and the decomposition of FGCM implies a representation of each concept of the original FGCM in the form of independent (local) FGCM, describing the behavior of this concept.
