Managing Cybersecurity Risks of Human-Machine Interfaces (HMIS): an Adaptive Dynamical Systems Analysis
摘要
As industrial control systems become increasingly digitized, zero-day vulnerabilities in Human-Machine Interfaces (HMIs) pose critical threats to critical infrastructure, potentially enabling nation-state actors to cause physical damage while evading detection. This research analyses a significant gap in cyber risk management by developing a comprehensive modelling framework to understand how sophisticated cyber-physical attacks progress from initial compromise to catastrophic system failure. Using the Stuxnet worm as a foundational case study, this paper investigates how zero-day vulnerabilities in HMIs can be exploited to carry out advanced cyber-physical attacks. An adaptive network model is employed to simulate the progression of such an attack, from initial HMI compromise to physical system sabotage, while remaining undetected by operators. Crucial causal dependencies were identified, with their influence strengths and adaptive activation thresholds among the components modeled. A What-If analysis assesses how changes in system parameters affect the timing and likelihood of critical damage, incorporating probabilistic risk evaluation based on ISO 27005 standards. The findings provide actionable insights for cyber risk management professionals, enabling more effective threat assessment, improved network segmentation strategies, and enhanced detection capabilities for organizations operating critical infrastructure vulnerable to state-sponsored cyberattacks.