Cybercrime and Risks for Cyber Physical Systems

Cyber Physical Systems (CPS) is the integration of computation and physical systems that make a complete system such as the network, software, embedded systems, and physical components. Major industries such as industrial plants, transport, national grid, and communication systems depend heavily on CPS for financial and economic growth. However, these components may have inherent threats and vulnerabilities on them that may run the risk of being attacked, manipulated or exploited by cyber attackers and commit cybercrimes. Cybercriminals in their quest to bring down these systems may cause disruption of services either for fame, data theft, revenge, political motive, economic war, cyber terrorism, and cyberwar. Therefore, identifying the risks has become imperative in mitigating the cybercrimes. This paper seeks to identify cybercrimes and risks that are associated with a smart grid business application system to determine the motives and intents of the cybercriminal. The paper identified four goals to mitigate the risks: as business value, organizational requirements, threat agent and impact vectors. We used the Analytical Hierarchy Process (AHP) to determine the importance of the goals that contribute to identifying cybercrime and risks in CPS. For the results, a case study is used to identify the threat and vulnerable spots and the prioritized goals are then used to assess the risks using a semi-quantitative approach to determine the net threat level. The results indicate that using the AHP approach to identify cybercrime and risk on CPS provides specific risk mitigation goals.