[1] SOLINGEN R B R V. Goal question metric(GQM) approach[M]// Encyclopedia of Software Engineering. John Wiley & Sons Inc., 2002.
[2] ANDERSON S, FELICI M. Safety, reliability and security of industrial computer systems[J]. Reliability Engineering & System Safety, 2005,89(1):1-5.
[3] KRIAA S, PIETRE-CAMBACEDES L, BOUISSOU M, et al. A survey of approaches combining safety and security for industrial control systems[J]. Reliability Engineering & System Safety, 2015,139(7):156-178.
[4] KNOWLES W, PRINCE D, HUTCHISON D, et al. A survey of cyber security management in industrial control systems[J]. International Journal of Critical Infrastructure Protection, 2015,9(6):52-80.
[5] 郭庆来,辛蜀骏,王剑辉,等. 从乌克兰停电事件看信息能源系统综合安全评估[J]. 电力系统自动化, 2016(5):145-147.
[6] SERPANOS D, KHAN M T, SHROBE H. Designing safe and secure industrial control systems: A tutorial review[J]. IEEE Design & Test, 2018,35(3):73-88.
[7] ZHOU C, LI X, ZHANG Q, et al. Risk-based task scheduling approach for integrated control of system safety and cyber security in industrial control systems[C]// Proceedings of the 10th IET System Safety and Cyber-Security Conference. 2015:1-6.
[8] KHOUSSI S, MATTAS A. A brief introduction to smart grid safety and security[M]// Handbook of System Safety and Security. Boston, Syngress, 2017:225-252.
[9] ZONOUZ S, HAGHANI P. Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators responsive behavior [J]. Computers & Security, 2013,39(Part B):190-200.
[10]JOHANSSON J, HASSEL H, ZIO E. Reliability and vulnerability analyses of critical infrastructures: Comparing two approaches in the context of power systems[J]. Reliability Engineering & System Safety, 2013,120:27-38.
[11]GENGE B, SIATERLIS C, NAI FOVINO I, et al. A cyber-physical experimentation environment for the security analysis of networked industrial control systems[J]. Computers & Electrical Engineering, 2012,38(5):1146-1161.
[12]CHERDANTSEVA Y, BURNAP P, BLYTH A, et al. A review of cyber security risk assessment methods for SCADA systems[J]. Computers & Security, 2016,56(2):1-27.
[13]NI S, ZHUANG Y, GU J, et al. A formal model and risk assessment method for security-critical real-time embedded systems[J]. Computers & Security, 2016,58(5):199-215.
[14]ZHANG Q, ZHOU C, XIONG N, et al. Multimodel-based incident prediction and risk assessment in dynamic cybersecurity protection for industrial control systems[J]. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2015,46(10):1-16.
[15]LUO F, DONG Z, CHEN G, et al. Advanced pattern discovery-based fuzzy classification method for power system dynamic security assessment[J]. IEEE Transactions on Industrial Informatics, 2015,11(2):416-426.
[16]VAN STAALDUINEN M A, KHAN F, GADAG V. SVAPP methodology: A predictive security vulnerability assessment modeling method[J]. Journal of Loss Prevention in the Process Industries, 2016,43(9):397-413.
[17]LIU X, SHAHIDEHPOUR M, LI Z, et al. Power system risk assessment in cyber attacks considering the role of protection systems[J]. IEEE Transactions on Smart Grid, 2017,8(2):572-580.
[18]BODUNGEN C E, SINGER B L, SHBEEB A,等. 黑客大曝光:工业控制系统安全[M]. 戴超,张鹿,译. 北京:机械工业出版社, 2017.
[19]NIST. Guide to Industrial Control Systems(ICS) Security[EB/OL]. [2019-02-13]. https://www.nist.gov/publications/guide-industrial-control-systems-ics-security?pub_id=918368.
[20]Cybersecurity and Infrastructure Security Agency(CISA). Cyber Security Evaluation Tool[EB/OL]. [2019-02-15]. https://ics-cert.us-cert.gov/Assessments.
[21]Common Vulnerabilities and Exposures. CVE List[EB/OL]. [2019-02-15]. http://cve.mitre.org.
[22]FIRST. Common Vulnerability Scoring System Version 3.0 Calculator[EB/OL]. [2019-02-15]. https://www.first.org/cvss/calculator/3.0.
[23]HAYDEN L. 信息安全度量:用来测量安全性和保护数据的一种有效框架[M]. 吕欣,王标,于江霞,等译. 北京:北京大学出版社, 2015.
|