Critical infrastructure cyber-security risk management

Spyridopoulos, T., Maraslis, K., Tryfonas, T. and Oikonomou, G. (2017) Critical infrastructure cyber-security risk management. In: Conway, M., Jarvis, L., Lehane, O., Macdonald, S. and Nouri, L., eds. (2017) Terrorists' Use of the Internet. (136) IOS Press, pp. 59-76. ISBN 9781614997641 Available from:

[img] Microsoft Word 2007 - Accepted Version
Available under License All Rights Reserved.

PDF - Accepted Version
Available under License All Rights Reserved.


Publisher's URL:


Traditional IT cyber-security risk management methods are based on the evaluation of risks calculated as the likelihood of cyber-security incidents occurring. However, these probabilities are usually estimations or guesses based on past experience and incomplete data. Incorrect estimations can lead to errors in the evaluation of risks that can ultimately affect the protection of the system. This issue is also transferred to methods used in Industrial Control Systems (ICSs), as they are mainly adaptations of such traditional approaches. Additionally, conventional methods fail to adequately address the increasing threat environment and the highly interdependent critical nature of ICSs, while proposed methods by the research community are as yet far from providing a solution. The importance of securely managing ICS infrastructures is growing, as they are systems embedded in critical national infrastructure (e.g. city traffic lights controls) and thus a potentially attractive target for organized cyber-criminals and terrorists. In this Chapter we present a novel approach that combines Stafford Beer’s Viable System Model (VSM) with Game Theory in order to develop a risk management process that addresses the above issues. The model we develop provides a holistic, cost-efficient cyber-security solution that takes into account interdependencies of critical components as well as the potential impact of different attack strategies.

Item Type:Book Section
Uncontrolled Keywords:critical infrastructure, cyber-security risk management, industrial control systems, cyber-security, game theory, viable system model
Faculty/Department:Faculty of Environment and Technology > Department of Computer Science and Creative Technologies
ID Code:32032
Deposited By: Dr T. Spyridopoulos
Deposited On:20 Oct 2017 13:45
Last Modified:21 Oct 2017 02:22

Request a change to this item

Total Document Downloads in Past 12 Months

Document Downloads

Total Document Downloads

More statistics for this item...