Security evaluation of coal mine industrial control systems based on CVSS v4.0

Security evaluation of coal mine industrial control systems based on CVSS v4.0

This paper proposes a security evaluation model for coal mine industrial control systems (ICS) based on the CVSSv4.0 framework, incorporating four core dimensions: asset value, attack difficulty, attack consequences, and safety protection measures. The asset value dimension of ICS considers factors...

Full description

Saved in:
Bibliographic Details
Main Authors: Jianzhen Zhang, Jing Wen, Yanjun Qi
Format: Article
Language:English
Published: Elsevier 2025-06-01
Series:Results in Engineering
Subjects:
Coal mine industrial control systems
CVSS
Industrial control system security
Risk assessment
Vulnerability model
Online Access:http://www.sciencedirect.com/science/article/pii/S2590123025011934
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper proposes a security evaluation model for coal mine industrial control systems (ICS) based on the CVSSv4.0 framework, incorporating four core dimensions: asset value, attack difficulty, attack consequences, and safety protection measures. The asset value dimension of ICS considers factors such as equipment type, functional importance, and data sensitivity. The attack difficulty dimension considers the technical knowledge, resources required by the attacker, and the complexity of the attack. The attack consequences dimension takes into account factors such as loss of function, data leakage, and impact on reputation. Safety protection measures dimension considers management measures, technical measures, and operational maintenance measures. The evaluation of an ICS in a coal mine located in Changzhi City, Shanxi Province, demonstrates that this model can accurately reflect the risk level of coal mine ICS. It provides a scientific basis for protective strategies within the industry. For instance, the final CVSS score of the evaluated system was 8.67, indicating a high-risk level, with 127 industrial control devices and 16 known vulnerabilities (15 low-risk and 1 medium-risk).This model effectively assesses the security risks of coal mine ICS and provides a quantitative method and a unified standard for coal mining enterprises to formulate reasonable ICS security policies. Additionally, it offers an innovative model and reference case for security assessments in other industrial control environments, with significant practical implications and theoretical value.
ISSN:2590-1230

Similar Items