CCE and other risk assessment methods for Industrial Systems

In the design of cyber physical systems in Operational Technology (OT), safety is paramount.
A system should be designed to that the chance of an incident is minimized. Should something occur then during an incident the impact of disruption or failure is minimized. OT describes systems or devices that manage or interact with physical processes. These systems involve a tight coupling between the physical and computational elements, allowing them to interact in real-time and adapt to changing conditions. Industrial Control Systems (ICS) are used to manage the physical processes. ICT systems have increasingly integrated with ICT systems in recent years. This integration has heightened the risk of cyberattacks that could jeopardize critical industrial operations. Additionally, many ICS components are aging, leading a lower quality of support and maintenance, increasing its ulnerability, an these components are more and more connected to the internet, thereby increasing the attack surface. Consequence-driven Cyber-Informed Engineering is a methodology focused on securing the nation's critical infrastructure systems such as ICS. This document investigates to what extent CCE methodology and other risk assessment methods of critical infrastructure can contribute to reducing cybersecurity risks in Dutch operational technology (OT) environments. Specific attention is given to the integration of CCE with methodologies within the context of machine safety and reducing risks in OT environments, with a focus on the design process. The report scoped to OT organizations, their suppliers, and the applicability of CCE. The NLSC is a stakeholder, interested in what ways they can support this upcoming domain. TO investigate this, this report explored security engineering methods such as the CCE, NIST, I&C systems in nuclear power plants and BSC ICS.