HiRAM: A hierarchical risk assessment model and its implementation for an industrial Internet of Things in the cloud

The trend towards intelligent control processes has introduced the Internet of Things (IoT) and cloud computing technologies to factories. IoT devices can sense data and send it to a cloud for further analysis in a factory. Consequently, the quantity of such valuable data flowing in an industrial cyber-physical system has gradually increased. Tailoring a risk assessment system for Industrial IoT (IIoT) is essential, particularly for a cloud platform that handles the IIoT data flow. In this study, we leverage analytic hierarchy processes (AHPs) and propose Hierarchical Risk Assessment Model (HiRAM) for an IIoT cloud platform. The proposed model allows the platform to self-evaluate its security status. Furthermore, a modular and responsive Risk Assessment System based on HiRAM, called HiRAM-RAS, is realized and evaluated in a real-world IIoT cloud platform. We deploy HiRAM-RAS to a sample application and introduce the practical deployment procedures. We then estimate the practicality of the HiRAM-RAS by injecting different degrees of errors and launching Distributed denial-of-service (DDoS) attacks. The results demonstrate the changes in integrity and availability scores evaluated by HiRAM.