Research Article
Comprehensive Risk Identification Model for SCADA Systems
Table 1
Risk parameters stated in each work.
| | Paper | Risk
Agent (WHO?) | Risk
Motivations (WHY?) | Risk
(WHAT?) | Penetration Technique (HOW?) | System
Components (WHERE?) | Component Vulnerabilities (WHEN?) | Risk
Interdependency |
| | SCADA & ICS Risk Databases |
| | ICS-CERT [19] | | | | | √ | √ | | | Byres and Fabro [18] | √ | | √ | | √ | | |
| | SCADA & ICS Reports and guides |
| | Schwab and Poujol [31] | | | √ | | | √ | | | ENISA [32] | √ | √ | √ | √ | | | √ | | Brown and Wylie [33] | √ | | √ | | √ | | | | Stouffer et al. [23] | √ | | | | √ | √ | | | TISN [34] | | | | | √ | √ | | | DHS [35] | | | | | √ | √ | |
| | SCADA & ICS scientific research |
| | Nasser et al. [36] | | | √ | √ | | | | | Finogeev and Finogeev [37] | | | √ | | √ | | | | Eden et al. [38] | | | √ | | √ | √ | | | Woo and Kim [39] | | | √ | | √ | √ | | | Hewett et al. [22] | | | √ | √ | √ | | | | Miller et al. [24] | √ | | √ | √ | | | | | Bompard et al. [20] | √ | | √ | | √ | √ | | | Gabriel et al. [25] | √ | | √ | | √ | √ | √ | | Nan et al. [11] | | | √ | | | √ | √ | | Guillermo et al. [40] | √ | | √ | | √ | √ | | | Zhu et al. [21] | √ | | | | √ | √ | | | Tsang [41] | √ | | √ | √ | √ | √ | | | Kang et al. [42] | | | √ | √ | √ | | |
|
|
