Cyber- and Physical- Security of Industrial Sites
Identification and quantitative assessment of risks caused by cyber- and physical- attacks (security attacks) to chemical, process and Oil&Gas facilities
Security attacks to chemical, process and Oil&Gas facilities may generate events with consequences on people, property, and the surrounding environment that are comparable to those of major accidents caused by safety-related causes. Both cyber-attacks (i.e., interferences involving the IT-OT network system) and physical attacks (i.e., interferences involving the Physical Protection System) show an increasing trend in the last decades. Most of currently available methodologies addressing security issues are semi-quantitative and non-systematic approaches that strongly rely on expert judgment, leading to security assessments that are typically not reproducible. The complexity of the cyber- and physical- attack mechanisms requires dedicated rigorous methods and tools for the identification and quantitative assessment of the security risks and the integration with management of safety risks.
The activities carried out in this research area are aimed at:
- The development of methods and models for security risk management for cyber- and physical- attacks to chemical and process industry and critical infrastructures handling and storing hazardous materials
- Development of systematic methods for identification and modelling of the cyber-attack paths through the Basic Process Control System (BPCS) and Safety Instrumented System (SIS)
- The development of quantitative models and tools for the evaluation of the cyber-security risk posed by attacks to the BPCS and SIS, accounting for the interaction with the physical process plant and the safety measures in place
- The development of quantitative models and tools for the evaluation of the security risk posed by physical- attacks to process plants (shooting, improvised explosive devices, arson, etc.)
- The development of integrated safety/security quantitative methods for the assessment of resilience of complex industrial systems
Research and Industrial projects on this topic address:
- Integrated Management of Safety and Security Synergies in the Seveso Plants (Era-net Saf€ra - 4STER; 2019-2021)
- Security of offshore installations (Italian Ministry of Ecologial Transition, MITE - 2020-2021)
- SERICS: Security and RIghts in the CyberSpace - SERICS (PNRR PE07 2023-2025)