ICS Cybersecurity Risk Calculator

Service purpose

ICSCyberRisk is an online service for quantitative assessment of cybersecurity risks in industrial control systems.

How do cyberattacks change the real risk of industrial incidents given protection layers and potential business losses?

Unlike qualitative maturity models, the service:

• works with probabilities and expected losses;
• models degradation of protection layers under cyberattacks;
• links cybersecurity with industrial safety and business risk.

Scope and key principles

The service is based on the following principles:

• Cybersecurity is considered in the context of production safety.
• Protection layers are independent barriers with measurable reliability (PFD).
• Cyberattacks may degrade specific layers, but not all at once.
• Risk is expressed quantitatively for managerial decisions.
• Probabilities are bounded: 99.5% maximum, 0.5% minimum.

1.1 Layers of protection and hazard scenarios

The methodology is based on Layers of Protection (LOPA), widely used in industrial safety.

• initiating event (for most ICS, compromise of the control system can be considered initiating, as it can drive processes into unsafe modes);
• a set of protection layers preventing escalation;
• an incident or economically significant consequence if all layers fail.

Typical protection layers:

• operator actions;
• control system logic;
• safety instrumented systems (SIS);
• mechanical and physical safeguards.

A “corporate network” layer is included by default. We do not assess corporate network security in the platform, so its PFD is fixed. You may remove this layer or change its PFD depending on your scenario.

1.2 Cyber exposure of protection layers

The methodology distinguishes cyber‑exposed layers (software, networks, digital control) and cyber‑independent layers (mechanical/passive). Exposure is set explicitly by the user and applied only to marked layers.

The corporate network layer is the exception: its PFD depends on attacker type and capability.

1.3 PFD degradation under cyberattacks

For cyber‑exposed layers, the service estimates PFD degradation — an increase in failure probability due to cyberattacks.

• questionnaire results on protections;
• implemented technical and organizational measures;
• relevant attack vectors;
• attacker model and capability level.

The result is refined PFD values reflecting system behavior under cyberattack conditions.

1.4 Attacker model and attack vectors

The methodology uses an explicit attacker model with attacker type (internal/external) and capability (low/medium/high).

• attack vectors capture realistic compromise paths;
• irrelevant threats are excluded to avoid over/under‑estimation.

1.5 Quantitative risk calculation

Based on refined PFD values, the service calculates scenario probability and expected losses.

The model assumes a cyberattack frequency of 1 per year.

Risk = Scenario probability × Expected loss

This enables comparison of:

• current risk vs acceptable level;
• alternative protection options;
• impact of cybersecurity measures.