Towards integrating security in industrial engineering design practicesTowards integrating security in industrial engineering design practices Δημοσίευση σε Συνέδριο Conference Publication 2023-07-112021enThis work has been partially supported by a grant (“Research in the Cybersecurity Domain: National Cybersecurity Strategy 2020-25”) awarded to the Research Centre of the Athens University of Economics & Business (RC/AUEB). Authors express their sincere appreciation to the Ministry of Digital Governance of Greece.During the past decades, and especially since the Stuxnet event, there has being a growing concern around the protection of critical infrastructures. Even though the protection of such systems and services has been an international security priority, still, even after all those years, relevant research either focuses on individual ICS systems security (PLC, RTU and SCADA network protection and attacks), or uses high-level models to perform risk assessments, mostly from a system-of-systems scope that studies interdependencies. From an engineering perspective, current approaches address system resilience from an efficiency perspective (i.e. focusing on the availability of physical processes) while neglecting the security dimension of their components. Still, the availability and reliability requirements of such systems are directly affected by security incidents. To our knowledge, there is currently no process to integrate security-by-design in industrial critical infrastructure engineering. To this end, we present a method to integrate security risk assessment analysis into engineering design practices. We do this by modeling internal dependencies between physical components in critical industrial production processes to identify possible hotspots of system failures that are challenging to handle later in the development lifecycle, especially during operation. To validate our approach, we model and assess the present situation in a portion of an actual oil refining plant, thereby establishing a baseline model. Then we introduce risk mitigation measures by altering the design of the baseline model, resulting in a reduction of the overall cascade risk.http://creativecommons.org/licenses/by-nc-nd/4.0/161-17218th International Conference on Security and CryptographyProceedings of the 18th International Conference on Security and CryptographyDedousis_et_al_SECRYPT_2021.pdfChania [Greece]Library of TUC2023-07-11application/pdf768.9 kBfree Dedousis Panagiotis Stergiopoulos George Arampatzis Georgios Αραμπατζης Γεωργιος Gritzalis, Dimitris SciTePress – Science and Technology Publications, Lda Component cascading failures Critical infrastructure protection Dependency risk graphs Resilience