Cyber Risk Analysis for IoT Infrastructure in Smart City Context

The spread of IoT sensor and actuator networks in the context of Smart Cities requires an ever-increasing attention to IT security and therefore also to adopt methodologies for analyzing cyber risk. IoT networks have an increasingly important function in Smart Cities, becoming active agents whose tampering could compromise the functioning of entire systems. IoT infrastructure could be considered, as a Critical Infrastructure. In the contest of industrial process and automation, and in particular in the so- called Industry 4.0, the now intensive application of control systems in interconnected networks has led to an increase in unexpected threats to information security for supervisory control and data acquisition (SCADA) and control systems distributed (DCS). With due attention, interesting parallels can be found between remote control systems typical of the industrial environment and IoT sensor networks in Smart Cities than classical IT risk assessment methods couldn’t be enough. In this paper we want to try to decline in the context of Smart Cities a methodology named CRiSP (Cyber Risk Analysis in Industrial Process System Environment). created for the assessment of cyber risk in industrial contexts that have strongly connected plants. CRiSP defines an approach to analyze the risk related to the manipulation of a single element of the plant and to analyze the consequence to entire plant and to a restricted portion.