{"id":"https://openalex.org/W4407590115","doi":"https://doi.org/10.1007/s10207-025-00990-9","title":"A cybersecurity risk assessment methodology for industrial automation control systems","display_name":"A cybersecurity risk assessment methodology for industrial automation control systems","publication_year":2025,"publication_date":"2025-02-14","ids":{"openalex":"https://openalex.org/W4407590115","doi":"https://doi.org/10.1007/s10207-025-00990-9"},"language":"en","primary_location":{"id":"doi:10.1007/s10207-025-00990-9","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-00990-9","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-00990-9.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-00990-9.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037394247","display_name":"Francesco Brancati","orcid":"https://orcid.org/0000-0003-3624-2354"},"institutions":[{"id":"https://openalex.org/I1300504238","display_name":"Piaggio (Italy)","ror":"https://ror.org/00r254y42","country_code":"IT","type":"company","lineage":["https://openalex.org/I1300504238"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Francesco Brancati","raw_affiliation_strings":["ResilTech s.r.l., Piazza Nilde Iotti 25, Pontedera (Pisa), Italy"],"affiliations":[{"raw_affiliation_string":"ResilTech s.r.l., Piazza Nilde Iotti 25, Pontedera (Pisa), Italy","institution_ids":["https://openalex.org/I1300504238"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003620464","display_name":"Diamantea Mongelli","orcid":null},"institutions":[{"id":"https://openalex.org/I1300504238","display_name":"Piaggio (Italy)","ror":"https://ror.org/00r254y42","country_code":"IT","type":"company","lineage":["https://openalex.org/I1300504238"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Diamantea Mongelli","raw_affiliation_strings":["ResilTech s.r.l., Piazza Nilde Iotti 25, Pontedera (Pisa), Italy"],"affiliations":[{"raw_affiliation_string":"ResilTech s.r.l., Piazza Nilde Iotti 25, Pontedera (Pisa), Italy","institution_ids":["https://openalex.org/I1300504238"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046390525","display_name":"Francesco Mariotti","orcid":"https://orcid.org/0000-0002-1776-9591"},"institutions":[{"id":"https://openalex.org/I4210152452","display_name":"Consorzio Interuniversitario Nazionale per l'Informatica","ror":"https://ror.org/03v8v5y65","country_code":"IT","type":"facility","lineage":["https://openalex.org/I4210152452"]},{"id":"https://openalex.org/I45084792","display_name":"University of Florence","ror":"https://ror.org/04jr1s763","country_code":"IT","type":"education","lineage":["https://openalex.org/I45084792"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Francesco Mariotti","raw_affiliation_strings":["Consorzio Interuniversitario Nazionale per l\u2019Informatica (CINI), Via Ariosto 25, Roma, Italy","Dipartimento di Matematica e Informatica \u2018U. Dini\u2019, University of Florence, Viale Morgagni 65, Firenze, Italy"],"affiliations":[{"raw_affiliation_string":"Consorzio Interuniversitario Nazionale per l\u2019Informatica (CINI), Via Ariosto 25, Roma, Italy","institution_ids":["https://openalex.org/I4210152452"]},{"raw_affiliation_string":"Dipartimento di Matematica e Informatica \u2018U. Dini\u2019, University of Florence, Viale Morgagni 65, Firenze, Italy","institution_ids":["https://openalex.org/I45084792"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5089287870","display_name":"Paolo Lollini","orcid":"https://orcid.org/0000-0002-2364-2538"},"institutions":[{"id":"https://openalex.org/I4210152452","display_name":"Consorzio Interuniversitario Nazionale per l'Informatica","ror":"https://ror.org/03v8v5y65","country_code":"IT","type":"facility","lineage":["https://openalex.org/I4210152452"]},{"id":"https://openalex.org/I45084792","display_name":"University of Florence","ror":"https://ror.org/04jr1s763","country_code":"IT","type":"education","lineage":["https://openalex.org/I45084792"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Paolo Lollini","raw_affiliation_strings":["Consorzio Interuniversitario Nazionale per l\u2019Informatica (CINI), Via Ariosto 25, Roma, Italy","Dipartimento di Matematica e Informatica \u2018U. Dini\u2019, University of Florence, Viale Morgagni 65, Firenze, Italy"],"affiliations":[{"raw_affiliation_string":"Consorzio Interuniversitario Nazionale per l\u2019Informatica (CINI), Via Ariosto 25, Roma, Italy","institution_ids":["https://openalex.org/I4210152452"]},{"raw_affiliation_string":"Dipartimento di Matematica e Informatica \u2018U. Dini\u2019, University of Florence, Viale Morgagni 65, Firenze, Italy","institution_ids":["https://openalex.org/I45084792"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5037394247"],"corresponding_institution_ids":["https://openalex.org/I1300504238"],"apc_list":{"value":2590,"currency":"EUR","value_usd":3190},"apc_paid":{"value":2590,"currency":"EUR","value_usd":3190},"fwci":7.8683,"has_fulltext":true,"cited_by_count":7,"citation_normalized_percentile":{"value":0.97274261,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"24","issue":"2","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13295","display_name":"Safety Systems Engineering in Autonomy","score":0.9954000115394592,"subfield":{"id":"https://openalex.org/subfields/2213","display_name":"Safety, Risk, Reliability and Quality"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9855999946594238,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.686781108379364},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.6430894136428833},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6321810483932495},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.5897490978240967},{"id":"https://openalex.org/keywords/control-system-security","display_name":"Control system security","score":0.5348920226097107},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.4322117567062378},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.3871731758117676},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.26876354217529297},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.21560049057006836},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.08249816298484802},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.07606208324432373},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.06908771395683289}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.686781108379364},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.6430894136428833},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6321810483932495},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.5897490978240967},{"id":"https://openalex.org/C172862783","wikidata":"https://www.wikidata.org/wiki/Q5165888","display_name":"Control system security","level":5,"score":0.5348920226097107},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.4322117567062378},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.3871731758117676},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.26876354217529297},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.21560049057006836},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.08249816298484802},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.07606208324432373},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.06908771395683289},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s10207-025-00990-9","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-00990-9","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-00990-9.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},{"id":"pmh:oai:flore.unifi.it:2158/1423476","is_oa":true,"landing_page_url":"https://rdcu.be/ebnxZ","pdf_url":null,"source":{"id":"https://openalex.org/S4306402033","display_name":"Florence Research (University of Florence)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I45084792","host_organization_name":"University of Florence","host_organization_lineage":["https://openalex.org/I45084792"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"doi:10.1007/s10207-025-00990-9","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-00990-9","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-00990-9.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1145458839","display_name":null,"funder_award_id":"PRIN 2022","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G1586229582","display_name":null,"funder_award_id":"2014/20","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G3342569318","display_name":null,"funder_award_id":"2014/2020","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"},{"id":"https://openalex.org/G507880695","display_name":null,"funder_award_id":"PE00000014","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G5357976780","display_name":null,"funder_award_id":"PE00000014","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"},{"id":"https://openalex.org/G5453592365","display_name":null,"funder_award_id":"2014/2020","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G7374840810","display_name":null,"funder_award_id":"00000","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"},{"id":"https://openalex.org/G8893660128","display_name":null,"funder_award_id":"PE0000001","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320322648","display_name":"Universit\u00e0 degli Studi di Firenze","ror":"https://ror.org/04jr1s763"},{"id":"https://openalex.org/F4320335322","display_name":"European Regional Development Fund","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4407590115.pdf","grobid_xml":"https://content.openalex.org/works/W4407590115.grobid-xml"},"referenced_works_count":23,"referenced_works":["https://openalex.org/W2009429512","https://openalex.org/W2126762719","https://openalex.org/W2139872812","https://openalex.org/W3094320230","https://openalex.org/W3110913086","https://openalex.org/W3111945605","https://openalex.org/W3135108645","https://openalex.org/W3196025510","https://openalex.org/W3196618093","https://openalex.org/W4210594258","https://openalex.org/W4293637507","https://openalex.org/W4297032375","https://openalex.org/W4297337357","https://openalex.org/W4312724246","https://openalex.org/W4318827127","https://openalex.org/W4318960361","https://openalex.org/W4323352991","https://openalex.org/W4379521429","https://openalex.org/W4383503243","https://openalex.org/W4385626989","https://openalex.org/W4386067042","https://openalex.org/W6885121220","https://openalex.org/W6889905099"],"related_works":["https://openalex.org/W2545311377","https://openalex.org/W2614996178","https://openalex.org/W3141555268","https://openalex.org/W1577831524","https://openalex.org/W2045071758","https://openalex.org/W3161627164","https://openalex.org/W1661835657","https://openalex.org/W2783141896","https://openalex.org/W2002212813","https://openalex.org/W2971541747"],"abstract_inverted_index":{"Abstract":[0],"Industrial":[1],"automation":[2],"control":[3],"systems":[4],"(IACS)":[5],"are":[6,142],"employed":[7],"in":[8,221],"current":[9],"critical":[10,206],"infrastructures":[11],"and":[12,19,68,82,88,98,116,157,184,229],"industrial":[13],"plants":[14],"spanning":[15],"very":[16],"different":[17],"domains,":[18],"the":[20,29,54,62,80,93,114,123,127,131,149,152,178,181,186,193,196,209,218,222,226,234],"transformation":[21],"process":[22],"towards":[23],"Industry":[24],"4.0":[25],"is":[26,49,77,174],"further":[27],"increasing":[28],"dependencies":[30],"on":[31,96,113],"such":[32],"systems.":[33],"Since":[34],"IACS":[35,172],"can":[36],"be":[37],"exposed":[38],"to":[39,45,52,60,92,144,148,191,201,239],"malicious":[40],"threats":[41,146],"that":[42,173],"could":[43],"lead":[44],"catastrophic":[46],"consequences,":[47],"it":[48,238],"extremely":[50],"important":[51],"assess":[53],"cybersecurity":[55,135],"risk":[56,84,136,153,169],"of":[57,75,86,122,126,138,171,180,195,211,217,225,243],"these":[58],"systems,":[59],"identify":[61,145],"possible":[63,69],"threats,":[64],"their":[65],"impact,":[66],"likelihood,":[67],"countermeasures.":[70,160],"The":[71],"ISA/IEC":[72],"62443":[73],"series":[74],"standards":[76],"suited":[78],"for":[79,102,133,165,205],"design":[81],"security":[83],"analysis":[85],"IACS,":[87],"has":[89],"been":[90],"submitted":[91],"International":[94,99],"Standards":[95],"Auditing":[97],"Electrotechnical":[100],"Commission":[101],"global":[103],"adoption":[104],"as":[105],"international":[106],"standards.":[107],"In":[108],"this":[109],"paper,":[110],"we":[111],"focus":[112],"zone":[115],"conduit":[117],"requirement":[118],"5":[119,183],"(ZCR":[120],"5)":[121],"62443-3-2":[124],"part":[125],"standard,":[128],"which":[129],"provides":[130],"steps":[132,141,179,224],"detailed":[134,168],"assessment":[137,170,197,227],"IACS.":[139],"These":[140],"fundamental":[143],"related":[147],"system,":[150],"determine":[151],"associated":[154],"with":[155,176],"them,":[156],"derive":[158],"appropriate":[159],"We":[161,232],"provide":[162],"a":[163,167,240,244],"methodology":[164,235],"conducting":[166],"compliant":[175],"all":[177],"ZCR":[182],"integrates":[185],"following":[187],"features:":[188],"(i)":[189],"capability":[190,200],"manage":[192],"complexity":[194],"process,":[198,228],"(ii)":[199],"select":[202],"tailored":[203],"countermeasures":[204],"assets":[207],"through":[208],"identification":[210],"attack":[212],"paths,":[213],"(iii)":[214],"explicit":[215],"involvement":[216],"asset":[219],"owner":[220],"key":[223],"(iv)":[230],"tool-supported.":[231],"illustrate":[233],"by":[236],"applying":[237],"case":[241],"study":[242],"power":[245],"plant":[246],"using":[247],"gas":[248],"turbines.":[249]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":3}],"updated_date":"2026-04-18T07:56:08.524223","created_date":"2025-10-10T00:00:00"}