Continuous Risk Management for Industrial IoT: A Methodological View

Emergent cyber-attacks and exploits targeting Operational Technologies (OT) call for a proactive risk management approach. The convergence between OT and the Internet-of-Things in industries introduces new opportunities for cyber-attacks that have the potential to disrupt time-critical and hazardous processes. This paper proposes a methodology to adapt traditional risk management standards to work in a continuous fashion. Monitoring of risk factors is based on incident and event management tools, and misbehaviour detection to address cyber-physical systems’ security gaps. Another source of information that can enhance this approach is threat intelligence. Risks are calculated using Bayesian Networks.