Aligned with the development needs of Industry 4.0, industrial cyber-physical systems (ICPSs) are widely applied to chemical facilities to facilitate so-called intelligent production processes. Meanwhile, emerging cyber-to-physical (C2P) risks are introduced due to the vulnerability of ICPSs to cyberattacks. An integrated safety and security risk assessment of chemical facilities equipped with industrial cyber-physical systems becomes challenging, particularly in performing a probabilistic/quantitative risk assessment. Targeting this gap, this study develops a systematic approach to construct accident scenarios concerning both safety hazards and security threats and performs a probabilistic risk assessment of chemical facilities considering the interdependency between safety-associated events and security-associated events. In the proposed approach, bow-tie technique is used to perform a safety risk analysis, and meanwhile, the possible dangerous scenarios caused by physical attacks and C2P attacks are also identified and integrated into the bow-tie diagram. Particularly, attack impact modeling of C2P attacks helps to identify dangerous attack modes, and a time-to-compromise (TTC) based method is used to quantify the vulnerability of ICPSs to C2P attacks. Then, a Bayesian network (BN) model is developed to perform an integrated safety and security risk analysis. An illustrative case study is used in this study to give guidance on performing integrated safety and security risk assessment of ICPSs and validate the feasibility of the proposed approach.

顺应工业4.0的发展需求，工业信息物理系统（ICPS）被广泛应用于化工设施，以促进所谓的智能生产过程。同时，由于 ICPS 容易受到网络攻击，因此引入了新的网络到物理 (C2P) 风险。对配备工业网络物理系统的化学设施进行综合安全和安保风险评估变得具有挑战性，特别是在执行概率/定量风险评估时。针对这一差距，本研究开发了一种系统方法来构建涉及安全危害和安全威胁的事故场景，并考虑安全相关事件和安全相关事件之间的相互依赖性，对化工设施进行概率风险评估。在所提出的方法中，使用领结技术进行安全风险分析，同时还识别物理攻击和C2P攻击可能引起的危险场景并将其集成到领结图中。特别是，C2P攻击的攻击影响建模有助于识别危险的攻击模式，并且使用基于妥协时间（TTC）的方法来量化ICPS对C2P攻击的脆弱性。然后，开发贝叶斯网络（BN）模型来执行集成的安全和安保风险分析。本研究使用说明性案例研究来指导对 ICPS 进行综合安全和安保风险评估，并验证所提出方法的可行性。