{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T18:54:16Z","timestamp":1772823256069,"version":"3.50.1"},"reference-count":49,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T00:00:00Z","timestamp":1769040000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T00:00:00Z","timestamp":1769040000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100016135","name":"Universit\u00e4t Passau","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100016135","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2026,2]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Cybersecurity risk assessment is essential for ensuring the security and resilience of Operational Technology (OT) systems, which are increasingly targeted by cyber threats. Traditional assessment frameworks often struggle with complexity, inefficiency, and the inability to adapt dynamically to evolving attack scenarios. In this work, we propose a novel approach that utilizes Attack Graphs to systematically model and assess cybersecurity risks in OT environments. Attack Graphs provide a structured representation of attack paths, enabling a comprehensive analysis of vulnerabilities and potential adversary actions. We extend conventional Attack Graphs by integrating countermeasures and impact assessment, allowing for a more complete cybersecurity risk evaluation process. Our framework facilitates adaptive assessments by efficiently incorporating system or environmental changes and identifying the most critical security threats. We validate our approach through a case study, demonstrating its effectiveness in enhancing OT risk assessment and aligning it with established cybersecurity standards. By bridging the gap between theoretical cybersecurity risk assessment models and practical security challenges, our work contributes to a more proactive and structured defense strategy for OT systems.<\/jats:p>","DOI":"10.1007\/s10207-025-01198-7","type":"journal-article","created":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T14:23:19Z","timestamp":1769091799000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Cybersecurity risk assessment in OT systems using attack graphs"],"prefix":"10.1007","volume":"25","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2379-4723","authenticated-orcid":false,"given":"Simon","family":"Unger","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8664-1885","authenticated-orcid":false,"given":"Ektor","family":"Arzoglou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8151-2734","authenticated-orcid":false,"given":"Markus","family":"Heinrich","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2883-0519","authenticated-orcid":false,"given":"Dirk","family":"Scheuermann","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefan","family":"Katzenbeisser","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,1,22]]},"reference":[{"key":"1198_CR1","unstructured":"IEC 62443: Industrial communication networks - Network and system security"},{"key":"1198_CR2","doi-asserted-by":"publisher","unstructured":"National Institute of Standards and Technology. The NIST Cybersecurity Framework (CSF) 2.0. In: (2024). https:\/\/doi.org\/10.6028\/NIST.CSWP.29","DOI":"10.6028\/NIST.CSWP.29"},{"key":"1198_CR3","unstructured":"Information technology \u2013 Security techniques \u2013 Information security management systems \u2013 Requirements. Standard. Geneva, CH: International Organization for Standardization, Oct. 2022"},{"key":"1198_CR4","unstructured":"ISO - International Organization for Standardization, SAE - International. ISO\/SAE 21434 Road Vehicles - Cybersecurity engineering (2021)"},{"key":"1198_CR5","unstructured":"CLC\/TS 50701:2021-01, Railway applications - Cybersecurity (2021)"},{"key":"1198_CR6","first-page":"572","volume":"249","author":"JD Weiss","year":"1991","unstructured":"Weiss, J.D.: A system security engineering process. 14th Annual NCSC\/NIST National Computer Security Conference. 249, 572\u2013581 (1991)","journal-title":"14th Annual NCSC\/NIST National Computer Security Conference."},{"key":"1198_CR7","doi-asserted-by":"publisher","unstructured":"Chris Salter et al. Toward a secure system engineering methodolgy. In: Proceedings of the 1998 workshop on New security paradigms - NSPW \u201998. ACM Press, 1998. https:\/\/doi.org\/10.1145\/310889.310900","DOI":"10.1145\/310889.310900"},{"key":"1198_CR8","volume-title":"Meadows","author":"A Catherine","year":"1996","unstructured":"Catherine, A.: Meadows. Network Threats, A representation of protocol attacks for risk assessment. In (1996)"},{"key":"1198_CR9","doi-asserted-by":"crossref","unstructured":"Yu Liu and Hong Man. Network vulnerability assessment using Bayesian networks. In: SPIE Defense + Commercial Sensing. 2005","DOI":"10.1117\/12.604240"},{"key":"1198_CR10","doi-asserted-by":"crossref","unstructured":"Ahto Buldas et al. Rational Choice of Security Measures Via Multi-parameter Attack Trees. In: Critical Information Infrastructures Security. Ed. by Javier Lopez. Berlin, Heidelberg: Springer Berlin Heidelberg, 2006, pp.235\u2013248","DOI":"10.1007\/11962977_19"},{"key":"1198_CR11","doi-asserted-by":"crossref","unstructured":"Barbara Kordy, Sjouke Mauw, and Patrick Schweitzer. Quantitative Questions on Attack\u2013Defense Trees. In: Information Security and Cryptology \u2013 ICISC 2012. Ed. by Taekyoung Kwon, Mun-Kyu Lee, and Daesung Kwon. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013, pp.49\u201364","DOI":"10.1007\/978-3-642-37682-5_5"},{"key":"1198_CR12","doi-asserted-by":"crossref","unstructured":"Arpan Roy, Dong Seong Kim, and Kishor S. Trivedi. Cyber security analysis using attack countermeasure trees. In: CSIIRW \u201910. 2010","DOI":"10.1145\/1852666.1852698"},{"key":"1198_CR13","doi-asserted-by":"crossref","unstructured":"Teodor Sommestad, Mathias Ekstedt, and Pontus Johnson. Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models. In: 2009 42nd Hawaii International Conference on System Sciences (2009), pp.1\u201310","DOI":"10.1109\/HICSS.2009.141"},{"key":"1198_CR14","doi-asserted-by":"crossref","unstructured":"Ludovic Pi\u00e8tre-Cambac\u00e9d\u00e8s and Marc Bouissou. Beyond Attack Trees: Dynamic Security Modeling with Boolean Logic Driven Markov Processes (BDMP). In: 2010 European Dependable Computing Conference (2010), pp.199\u2013208","DOI":"10.1109\/EDCC.2010.32"},{"issue":"6","key":"1198_CR15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1371\/journal.pone.0325267","volume":"20","author":"A Kutej","year":"2025","unstructured":"Kutej, A., Rass, S., Alexandrowicz, R.W.: A comparative overview of aggregation methods of a graphical risk assessment: an analysis based on a critical infrastructure project. PLoS ONE 20(6), 1\u201327 (2025). https:\/\/doi.org\/10.1371\/journal.pone.0325267","journal-title":"PLoS ONE"},{"key":"1198_CR16","doi-asserted-by":"publisher","unstructured":"Yaofang Zhang et al. Attack Graph-Based Quantitative Assessment for Industrial Control System Security. In: 2020 Chinese Automation Congress (CAC). 2020, pp.1748\u20131753. https:\/\/doi.org\/10.1109\/CAC51589.2020.9327842","DOI":"10.1109\/CAC51589.2020.9327842"},{"key":"1198_CR17","doi-asserted-by":"crossref","unstructured":"Matthias Kern et al. Model-based Attack Tree Generation for Cybersecurity Risk-Assessments in Automotive. In: 2021 IEEE International Symposium on Systems Engineering (ISSE). 2021, pp.1\u20137","DOI":"10.1109\/ISSE51541.2021.9582462"},{"issue":"2","key":"1198_CR18","doi-asserted-by":"publisher","first-page":"731","DOI":"10.1109\/TDSC.2021.3117348","volume":"19","author":"A Nadeem","year":"2022","unstructured":"Nadeem, A., et al.: Alert-Driven Attack Graph Generation Using S-PDFA. IEEE Trans. Dependable Secure Comput. 19(2), 731\u2013746 (2022). https:\/\/doi.org\/10.1109\/TDSC.2021.3117348","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"1198_CR19","unstructured":"Zhenyuan Li et al. AttacKG: Constructing Technique Knowledge Graph from Cyber Threat Intelligence Reports. 2022. arXiv:2111.07093[cs.CR]"},{"issue":"10","key":"1198_CR20","doi-asserted-by":"publisher","first-page":"3488","DOI":"10.1109\/TSMC.2019.2915940","volume":"50","author":"AT Al Ghazo","year":"2020","unstructured":"Al Ghazo, A.T., et al.: A2G2V: automatic attack graph generation and visualization and its applications to computer and scada networks. IEEE Transactions on Systems, Man, and Cybernetics: Systems 50(10), 3488\u20133498 (2020). https:\/\/doi.org\/10.1109\/TSMC.2019.2915940","journal-title":"IEEE Transactions on Systems, Man, and Cybernetics: Systems"},{"key":"1198_CR21","doi-asserted-by":"publisher","unstructured":"Ferda ..zdemir S..nmez, Chris Hankin, and Pasquale Malacaria. \u201cAttack Dynamics: An Automatic Attack Graph Generation Framework Based on System Topology, CAPEC, CWE, and CVE Databases. In: Computers & Security 123 (2022), p.102938. https:\/\/doi.org\/10.1016\/j.cose.2022.102938. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404822003303","DOI":"10.1016\/j.cose.2022.102938"},{"issue":"1","key":"1198_CR22","doi-asserted-by":"publisher","first-page":"740","DOI":"10.1109\/TDSC.2022.3143551","volume":"20","author":"T Li","year":"2023","unstructured":"Li, T., et al.: Deepag: attack graph construction and threats prediction with bi-directional deep learning. IEEE Trans. Dependable Secure Comput. 20(1), 740\u2013757 (2023). https:\/\/doi.org\/10.1109\/TDSC.2022.3143551","journal-title":"IEEE Trans. Dependable Secure Comput."},{"issue":"8","key":"1198_CR23","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/s10586-025-05288-y","volume":"28","author":"A Viticchi\u00e9","year":"2025","unstructured":"Viticchi\u00e9, A., et al.: Advanced attack graph framework for operational technology: scalable modeling, validation, and risk mitigation. Clust. Comput. 28(8), 531 (2025). https:\/\/doi.org\/10.1007\/s10586-025-05288-y","journal-title":"Clust. Comput."},{"key":"1198_CR24","doi-asserted-by":"publisher","unstructured":"Giulio Sunder et al. Enhancing OT Threat Modelling: An Effective Rule-Based Approach for Attack Graph Generation. In: 2024 4th Intelligent Cybersecurity Conference (ICSC). 2024, pp.142\u2013150. https:\/\/doi.org\/10.1109\/ICSC63108.2024.10895716","DOI":"10.1109\/ICSC63108.2024.10895716"},{"key":"1198_CR25","unstructured":"Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel. MulVAL: A Logic-based Network Security Analyzer. In: USENIX Security Symposium. 2005. https:\/\/api.semanticscholar.org\/CorpusID:2679804"},{"key":"1198_CR26","doi-asserted-by":"publisher","unstructured":"Wei Yang et al. A Dynamic Risk Assessment Method for Industrial Control Network Security Based on Bayesian Attack Graph. In: 2025 5th International Conference on Computer, Control and Robotics (ICCCR). 2025, pp.459\u2013463. https:\/\/doi.org\/10.1109\/ICCCR65461.2025.11072640","DOI":"10.1109\/ICCCR65461.2025.11072640"},{"key":"1198_CR27","doi-asserted-by":"publisher","unstructured":"Siegfried Hollerer, Thilo Sauter, and Wolfgang Kastner. Risk Assessments Considering Safety, Security, and Their Interdependencies in OT Environments. In: Proceedings of the 17th International Conference on Availability, Reliability and Security. ARES \u201922. Vienna, Austria: Association for Computing Machinery, 2022. https:\/\/doi.org\/10.1145\/3538969.3543814","DOI":"10.1145\/3538969.3543814"},{"key":"1198_CR28","doi-asserted-by":"publisher","unstructured":"Ioannis Semertzis et al. Quantitative Risk Assessment of Cyber Attacks on Cyber-Physical Systems using Attack Graphs. In: 2022 10th Workshop on Modelling and Simulation of Cyber-Physical Energy Systems (MSCPES). 2022, pp.1\u20136. https:\/\/doi.org\/10.1109\/MSCPES55116.2022.9770140","DOI":"10.1109\/MSCPES55116.2022.9770140"},{"key":"1198_CR29","doi-asserted-by":"crossref","unstructured":"Xueqin Gao et al. Quantitative Risk Assessment of Threats on SCADA Systems Using Attack Countermeasure Tree. In: 2022 19th Annual International Conference on Privacy, Security & Trust (PST). 2022, pp.1\u20135","DOI":"10.1109\/PST55820.2022.9851965"},{"key":"1198_CR30","unstructured":"Xinming Ou. A logic-programming approach to network security analysis. AAI3188673. PhD thesis. USA, 2005"},{"key":"1198_CR31","doi-asserted-by":"publisher","first-page":"27974","DOI":"10.1109\/ACCESS.2023.3257721","volume":"11","author":"D Tayouri","year":"2023","unstructured":"Tayouri, D., et al.: A survey of mulval extensions and their attack scenarios coverage. IEEE Access 11, 27974\u201327991 (2023)","journal-title":"IEEE Access"},{"key":"1198_CR32","doi-asserted-by":"crossref","unstructured":"Sushil Jajodia and Steven Noel. Topological Vulnerability Analysis: A Powerful New Approach For Network Attack Prevention, Detection, and Response. In: Algorithms, Architectures and Information Systems Security (Indian Statistical Institute Platinum Jubilee Series) (Nov. 2008)","DOI":"10.1142\/9789812836243_0013"},{"key":"1198_CR33","doi-asserted-by":"publisher","unstructured":"Wissam Abbass, Amine Baina, and Mostafa Bellafkih. ArchiMate based Security Risk Assessment as a service: preventing and responding to the cloud of things\u2019 risks. In: 2019 International Conference on Wireless Networks and Mobile Communications (WINCOM). 2019, pp.1\u20135. https:\/\/doi.org\/10.1109\/WINCOM47513.2019.8942475","DOI":"10.1109\/WINCOM47513.2019.8942475"},{"key":"1198_CR34","unstructured":"DIN VDE V 0831-104:2015-10, Elektrische Bahn-Signalanlagen - Teil 104: Leitfaden f \u00fc r die IT-Sicherheit auf Grundlage IEC 62443"},{"key":"1198_CR35","unstructured":"Markus Heinrich and Lukas Iffl\u00e4nder. Software-supported threat analysis using attack graphs. In: Signal + Draht (114) 5 (May 2022), pp.28\u201334. https:\/\/www.0x25.net\/publications\/files\/28_34_Heinrich.pdf"},{"key":"1198_CR36","unstructured":"Markus Heinrich et al. Technology and security forecast for the railway system \u2013 the timely identification of threats. In: Signal + Draht (114) 9 (Sept. 2022), pp.96\u2013103. https:\/\/www.0x25.net\/publications\/files\/096_103_Heinrich.pdf"},{"issue":"4","key":"1198_CR37","doi-asserted-by":"publisher","first-page":"1254","DOI":"10.3390\/vehicles5040069","volume":"5","author":"S Unger","year":"2023","unstructured":"Unger, S., et al.: Securing the future railway system: technology forecast, security measures, and research demands. Vehicles 5(4), 1254\u20131274 (2023). https:\/\/doi.org\/10.3390\/vehicles5040069","journal-title":"Vehicles"},{"key":"1198_CR38","unstructured":"ISO - International Organization for Standardization, IEC - International Electrotechnical Commission. ISO\/IEC 18045 Information technology \u2014 Security techniques \u2014 Methodology for IT security evaluation (2014)"},{"key":"1198_CR39","doi-asserted-by":"publisher","unstructured":"Michael Leining et al. Prognose Securitybedarf und Bewertung m \u00f6 glicher Sicherheitskonzepte; Teil 1: Technologieprognose. 2022. https:\/\/doi.org\/10.48755\/dzsf.220008.06","DOI":"10.48755\/dzsf.220008.06"},{"key":"1198_CR40","unstructured":"Agency for Railways. Control Command and Signalling (CCS) Technical Specification for Interoperability (TSI). Tech. rep. European Union, 2024"},{"key":"1198_CR41","doi-asserted-by":"publisher","first-page":"2933","DOI":"10.1016\/j.ins.2005.08.004","volume":"176","author":"RR Yager","year":"2006","unstructured":"Yager, R.R.: OWA trees and their role in security modeling using attack trees. Inf. Sci. 176, 2933\u20132959 (2006)","journal-title":"Inf. Sci."},{"key":"1198_CR42","doi-asserted-by":"crossref","unstructured":"Ram Dantu, Kall Loper, and Prakash Kolan. Risk management using behavior based attack graphs. In: International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. 1 (2004), 445\u2013449 Vol.1","DOI":"10.1109\/ITCC.2004.1286496"},{"key":"1198_CR43","doi-asserted-by":"crossref","unstructured":"Shanai Ardi, David Byers, and Nahid Shahmehri. Towards a structured unified process for software security. In: SESS \u201906. 2006","DOI":"10.1145\/1137627.1137630"},{"key":"1198_CR44","doi-asserted-by":"crossref","unstructured":"Dejan Baca and Kai Petersen. Prioritizing Countermeasures through the Countermeasure Method for Software Security (CM-Sec). In: PROFES. 2010","DOI":"10.1007\/978-3-642-13792-1_15"},{"key":"1198_CR45","doi-asserted-by":"publisher","unstructured":"Marcel Frigault and Lingyu Wang. Measuring Network Security Using Bayesian Network-Based Attack Graphs. In: 2008 32nd Annual IEEE International Computer Software and Applications Conference. 2008, pp.698\u2013703. https:\/\/doi.org\/10.1109\/COMPSAC.2008.88","DOI":"10.1109\/COMPSAC.2008.88"},{"key":"1198_CR46","unstructured":"Steven Noel et al. Measuring Security Risk of Networks Using Attack Graphs. en. In: 1 (July 2010)"},{"key":"1198_CR47","doi-asserted-by":"publisher","unstructured":"Marcel Frigault et al. Measuring network security using dynamic bayesian network. In: Proceedings of the 4th ACM workshop on Quality of protection - QoP \u201908. ACM Press, 2008. https:\/\/doi.org\/10.1145\/1456362.1456368","DOI":"10.1145\/1456362.1456368"},{"key":"1198_CR48","doi-asserted-by":"crossref","unstructured":"Ludovic Pi\u00e8tre-Cambac\u00e9d\u00e8s and Marc Bouissou. Beyond Attack Trees: Dynamic Security Modeling with Boolean Logic Driven Markov Processes (BDMP). In: 2010 European Dependable Computing Conference (2010), pp.199\u2013208","DOI":"10.1109\/EDCC.2010.32"},{"issue":"2","key":"1198_CR49","doi-asserted-by":"publisher","first-page":"420","DOI":"10.1109\/JSAC.2023.3339172","volume":"42","author":"F Klement","year":"2024","unstructured":"Klement, F., Liu, W., Katzenbeisser, S.: Toward securing the 6G transition: a comprehensive empirical method to analyze threats in O-RAN environments. IEEE J. Sel. Areas Commun. 42(2), 420\u2013431 (2024). https:\/\/doi.org\/10.1109\/JSAC.2023.3339172","journal-title":"IEEE J. Sel. Areas Commun."}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01198-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01198-7","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01198-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T16:07:24Z","timestamp":1769875644000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01198-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,22]]},"references-count":49,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,2]]}},"alternative-id":["1198"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01198-7","relation":{"has-preprint":[{"id-type":"doi","id":"10.21203\/rs.3.rs-4629721\/v1","asserted-by":"object"}]},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,22]]},"assertion":[{"value":"24 June 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 December 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 January 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of Interest"}},{"value":"The authors declare no competing interests.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"34"}}