A Study on Industrial Control System Risk Assessment

Abstract

Currently the information security issues for industrial control system (ICS) are almost determined with incomplete information. With standards available, problems resulting from incomplete information can be decreased; because using standards, we can reduce the number of choices and simplify the process for reliable supply and demand decision-making. Because ICS is related to public safety and national defense, this paper aimed at analyzing relevant researches, meeting the requirements of the National Information & Communication Security Taskforce (NICST) of Executive Yuan in Taiwan, and promoting Failure Mode and Effects Analysis (FMEA) along with the ICS information security risk assessment framework of Common Methodology for Information Technology Security Evaluation (CEM) in order to offer further research of ICS risk management implementation.