<p>The increasing integration of Operational Technology (OT) and Information Technology (IT) systems within industrial environments has introduced significant cybersecurity challenges. Traditional risk assessment approaches often lack the adaptability and scalability needed to address evolving threat landscapes and complex asset interdependencies. This paper presents a semi-automated risk analysis tool designed to evaluate OT cybersecurity risks through a multi-layered approach that integrates asset inventories, governance-based questionnaires, and external threat intelligence databases such as MITRE ATT&amp;CK and CVE. The tool applies fuzzy logic to map potential threats and vulnerabilities, and generates graphical outputs including risk level visualizations, threat distribution charts, and lifecycle-based exposure matrices. Through experimentation on an industrial platform and validation via intrusion testing, the tool demonstrated its capacity to identify high-risk assets and operational stages that require mitigation. The framework provides a practical foundation for structured, scalable, and governance-aligned OT risk assessments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A novel dynamic risk assessment tool for evaluating cybersecurity risks in the digital industry

  • Nourhan Halawi Ghoson,
  • Khaled Benfriha

摘要

The increasing integration of Operational Technology (OT) and Information Technology (IT) systems within industrial environments has introduced significant cybersecurity challenges. Traditional risk assessment approaches often lack the adaptability and scalability needed to address evolving threat landscapes and complex asset interdependencies. This paper presents a semi-automated risk analysis tool designed to evaluate OT cybersecurity risks through a multi-layered approach that integrates asset inventories, governance-based questionnaires, and external threat intelligence databases such as MITRE ATT&CK and CVE. The tool applies fuzzy logic to map potential threats and vulnerabilities, and generates graphical outputs including risk level visualizations, threat distribution charts, and lifecycle-based exposure matrices. Through experimentation on an industrial platform and validation via intrusion testing, the tool demonstrated its capacity to identify high-risk assets and operational stages that require mitigation. The framework provides a practical foundation for structured, scalable, and governance-aligned OT risk assessments.