2024-03-29T20:52:25Zhttps://ipsj.ixsq.nii.ac.jp/ej/?action=repository_oaipmhoai:ipsj.ixsq.nii.ac.jp:001935992023-11-14T00:51:14Z06164:06165:06640:09657
An Approach to Quantify Cybersecurity Risk in Terms of Functional Safety Requirement in Connected Systemengサイバーセキュリティhttp://id.nii.ac.jp/1001/00193510/Conference Paperhttps://ipsj.ixsq.nii.ac.jp/ej/?action=repository_action_common_download&item_id=193599&item_no=1&attribute_id=1&file_no=1Copyright (c) 2018 by the Information Processing Society of JapanHitachi, Ltd. Research & Development GroupHitachi, Ltd. Research & Development GroupHitachi, Ltd. Research & Development GroupHitachi, Ltd. Research & Development GroupHitachi, Ltd. Research & Development GroupYiwen, ChenTakashi, KawauchiChinatsu, YamauchiSatoshi, KaiEriko, AndoA connected control system brings about real-time information change with external world but it also brings about cyber threats giving damage on functional safety or even jeopardizing human’s life. Under consideration of cybersecurity risk damaging on functional safety, we establish a risk classification scheme called Cybersecurity Level (CSL) to interpret how secure a connected system is. CSL is classified into multiple levels according to attack success period which is regarded as a criteria of quantified cybersecurity risk in terms of functional safety requirement. We propose an approach to evaluate attack success period and validate feasibility of the approach by utilizing a connected system as first trial. Through our approach, we are able to quantitatively validate necessity and sufficiency of security controls throughout entire system DevOps phase, and further clarify efficient means to reduce cybersecurity risk and enhance secure level of a connected system.A connected control system brings about real-time information change with external world but it also brings about cyber threats giving damage on functional safety or even jeopardizing human’s life. Under consideration of cybersecurity risk damaging on functional safety, we establish a risk classification scheme called Cybersecurity Level (CSL) to interpret how secure a connected system is. CSL is classified into multiple levels according to attack success period which is regarded as a criteria of quantified cybersecurity risk in terms of functional safety requirement. We propose an approach to evaluate attack success period and validate feasibility of the approach by utilizing a connected system as first trial. Through our approach, we are able to quantitatively validate necessity and sufficiency of security controls throughout entire system DevOps phase, and further clarify efficient means to reduce cybersecurity risk and enhance secure level of a connected system.マルチメディア,分散協調とモバイルシンポジウム2018論文集2018114911542018-06-272018-12-26