A novel dynamic risk assessment tool for evaluating cybersecurity risks in the digital industry
摘要
The increasing integration of Operational Technology (OT) and Information Technology (IT) systems within industrial environments has introduced significant cybersecurity challenges. Traditional risk assessment approaches often lack the adaptability and scalability needed to address evolving threat landscapes and complex asset interdependencies. This paper presents a semi-automated risk analysis tool designed to evaluate OT cybersecurity risks through a multi-layered approach that integrates asset inventories, governance-based questionnaires, and external threat intelligence databases such as MITRE ATT&CK and CVE. The tool applies fuzzy logic to map potential threats and vulnerabilities, and generates graphical outputs including risk level visualizations, threat distribution charts, and lifecycle-based exposure matrices. Through experimentation on an industrial platform and validation via intrusion testing, the tool demonstrated its capacity to identify high-risk assets and operational stages that require mitigation. The framework provides a practical foundation for structured, scalable, and governance-aligned OT risk assessments.