Cyber Risk Assessment for Cyber-Physical Systems: A Review of Methodologies and Recommendations for Improved Assessment Effectiveness

TL;DR

This paper reviews existing cyber risk assessment methods for cyber-physical systems, identifying gaps and recommending real-time learning to enhance assessment effectiveness.

Contribution

It provides a comprehensive review of 28 methodologies, analyzes their limitations, and offers recommendations for improving cyber risk assessment in CPS.

Findings

Limited effectiveness of current methodologies

Identified gaps in assessment approaches

Recommendation for real-time learning from incidents

Abstract

Cyber-Physical Systems (CPS) integrate physical and embedded systems with information and communication technology systems, monitoring and controlling physical processes with minimal human intervention. The connection to information and communication technology exposes CPS to cyber risks. It is crucial to assess these risks to manage them effectively. This paper reviews scholarly contributions to cyber risk assessment for CPS, analyzing how the assessment approaches were evaluated and investigating to what extent they meet the requirements of effective risk assessment. We identify gaps limiting the effectiveness of the assessment and recommend real-time learning from cybersecurity incidents. Our review covers twenty-eight papers published between 2014 and 2023, selected based on a three-step search. Our findings show that the reviewed cyber risk assessment methodologies revealed limited effectiveness due to multiple factors. These findings provide a foundation for further research to explore and address other factors impacting the quality of cyber risk assessment in CPS.