{"id":"https://openalex.org/W7125373276","doi":"https://doi.org/10.1007/s10207-025-01198-7","title":"Cybersecurity risk assessment in OT systems using attack graphs","display_name":"Cybersecurity risk assessment in OT systems using attack graphs","publication_year":2026,"publication_date":"2026-01-22","ids":{"openalex":"https://openalex.org/W7125373276","doi":"https://doi.org/10.1007/s10207-025-01198-7"},"language":"en","primary_location":{"id":"doi:10.1007/s10207-025-01198-7","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01198-7","pdf_url":null,"source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1007/s10207-025-01198-7","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123606077","display_name":"Simon Unger","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Simon Unger","raw_affiliation_strings":[],"raw_orcid":"https://orcid.org/0000-0003-2379-4723","affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082997192","display_name":"Ektor Arzoglou","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ektor Arzoglou","raw_affiliation_strings":[],"raw_orcid":"https://orcid.org/0000-0001-8664-1885","affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088288311","display_name":"Markus Heinrich","orcid":"https://orcid.org/0000-0001-8151-2734"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Markus Heinrich","raw_affiliation_strings":[],"raw_orcid":"https://orcid.org/0000-0001-8151-2734","affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017040274","display_name":"Dirk Scheuermann","orcid":"https://orcid.org/0000-0003-2883-0519"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Dirk Scheuermann","raw_affiliation_strings":[],"raw_orcid":"https://orcid.org/0000-0003-2883-0519","affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5123606947","display_name":"Stefan Katzenbeisser","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Stefan Katzenbeisser","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":2590,"currency":"EUR","value_usd":3190},"apc_paid":{"value":2590,"currency":"EUR","value_usd":3190},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.06384371,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"25","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.4438000023365021,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.4438000023365021,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.0714000016450882,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11807","display_name":"Infrastructure Resilience and Vulnerability Analysis","score":0.05609999969601631,"subfield":{"id":"https://openalex.org/subfields/2205","display_name":"Civil and Structural Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6875},{"id":"https://openalex.org/keywords/resilience","display_name":"Resilience (materials science)","score":0.6769999861717224},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.6043999791145325},{"id":"https://openalex.org/keywords/bridging","display_name":"Bridging (networking)","score":0.5317999720573425},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.39480000734329224},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.3596999943256378},{"id":"https://openalex.org/keywords/attack-model","display_name":"Attack model","score":0.35409998893737793},{"id":"https://openalex.org/keywords/cyber-attack","display_name":"Cyber-attack","score":0.3440999984741211}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7919999957084656},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7753999829292297},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6875},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.6769999861717224},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.6043999791145325},{"id":"https://openalex.org/C174348530","wikidata":"https://www.wikidata.org/wiki/Q188635","display_name":"Bridging (networking)","level":2,"score":0.5317999720573425},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.39480000734329224},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.3596999943256378},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.35409998893737793},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.3440999984741211},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.33970001339912415},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.3361999988555908},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.3246000111103058},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.3188000023365021},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.3050999939441681},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.2831999957561493},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.2824000120162964},{"id":"https://openalex.org/C2778868856","wikidata":"https://www.wikidata.org/wiki/Q18394273","display_name":"Threat assessment","level":2,"score":0.27959999442100525},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.27900001406669617},{"id":"https://openalex.org/C17520342","wikidata":"https://www.wikidata.org/wiki/Q7797190","display_name":"Threat","level":5,"score":0.2752000093460083},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.2700999975204468},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.2687000036239624},{"id":"https://openalex.org/C2984588014","wikidata":"https://www.wikidata.org/wiki/Q730675","display_name":"Quantitative assessment","level":2,"score":0.26440000534057617}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s10207-025-01198-7","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01198-7","pdf_url":null,"source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},{"id":"pmh:oai:publica.fraunhofer.de:publica/511611","is_oa":true,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/511611","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"journal article"}],"best_oa_location":{"id":"doi:10.1007/s10207-025-01198-7","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01198-7","pdf_url":null,"source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.4705006182193756,"display_name":"Climate action","id":"https://metadata.un.org/sdg/13"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320316370","display_name":"Universit\u00e4t Passau","ror":"https://ror.org/05ydjnb78"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W1495565380","https://openalex.org/W1506446282","https://openalex.org/W1563330328","https://openalex.org/W2030014066","https://openalex.org/W2031571299","https://openalex.org/W2044221435","https://openalex.org/W2053944475","https://openalex.org/W2060379782","https://openalex.org/W2064241518","https://openalex.org/W2099103357","https://openalex.org/W2114884316","https://openalex.org/W2141927586","https://openalex.org/W2146525400","https://openalex.org/W2498195183","https://openalex.org/W2945624265","https://openalex.org/W2996996890","https://openalex.org/W3128686810","https://openalex.org/W3201894803","https://openalex.org/W3208897692","https://openalex.org/W4206266728","https://openalex.org/W4229455679","https://openalex.org/W4293093644","https://openalex.org/W4293637507","https://openalex.org/W4298625430","https://openalex.org/W4327522784","https://openalex.org/W4385562826","https://openalex.org/W4387048284","https://openalex.org/W4389317906","https://openalex.org/W4407938222","https://openalex.org/W4411055205","https://openalex.org/W4412405184","https://openalex.org/W4413329888","https://openalex.org/W6966788571"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"Cybersecurity":[1],"risk":[2,100,136,152],"assessment":[3,25,137,153],"is":[4],"essential":[5],"for":[6,95,170],"ensuring":[7],"the":[8,33,117,147],"security":[9,120,157],"and":[10,32,57,79,91,115,138,155,166],"resilience":[11],"of":[12,70,77],"Operational":[13],"Technology":[14],"(OT)":[15],"systems,":[16],"which":[17],"are":[18],"increasingly":[19],"targeted":[20],"by":[21,88,108],"cyber":[22],"threats.":[23,121],"Traditional":[24],"frameworks":[26],"often":[27],"struggle":[28],"with":[29,141],"complexity,":[30],"inefficiency,":[31],"inability":[34],"to":[35,38,54,162],"adapt":[36],"dynamically":[37],"evolving":[39],"attack":[40,71],"scenarios.":[41],"In":[42],"this":[43],"work,":[44],"we":[45],"propose":[46],"a":[47,67,74,96,127,163],"novel":[48],"approach":[49,125],"that":[50],"utilizes":[51],"Attack":[52,64,86],"Graphs":[53,65,87],"systematically":[55],"model":[56],"assess":[58],"cybersecurity":[59,99,143,151],"risks":[60],"in":[61,133],"OT":[62,135,171],"environments.":[63],"provide":[66],"structured":[68,167],"representation":[69],"paths,":[72],"enabling":[73],"comprehensive":[75],"analysis":[76],"vulnerabilities":[78],"potential":[80],"adversary":[81],"actions.":[82],"We":[83,122],"extend":[84],"conventional":[85],"integrating":[89],"countermeasures":[90],"impact":[92],"assessment,":[93],"allowing":[94],"more":[97,164],"complete":[98],"evaluation":[101],"process.":[102],"Our":[103],"framework":[104],"facilitates":[105],"adaptive":[106],"assessments":[107],"efficiently":[109],"incorporating":[110],"system":[111],"or":[112],"environmental":[113],"changes":[114],"identifying":[116],"most":[118],"critical":[119],"validate":[123],"our":[124,159],"through":[126],"case":[128],"study,":[129],"demonstrating":[130],"its":[131],"effectiveness":[132],"enhancing":[134],"aligning":[139],"it":[140],"established":[142],"standards.":[144],"By":[145],"bridging":[146],"gap":[148],"between":[149],"theoretical":[150],"models":[154],"practical":[156],"challenges,":[158],"work":[160],"contributes":[161],"proactive":[165],"defense":[168],"strategy":[169],"systems.":[172]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-01-23T00:00:00"}