*Result*: Model-Based Systems Engineering Cybersecurity Risk Assessment for Industrial Control Systems Leveraging NIST Risk Management Framework Methodology.

*The realm of cybersecurity is perpetually evolving. Organizations must adapt to changing threat environments to protect their assets. Implementing the NIST Risk Management Framework (RMF) has become vital for the protection and security of industrial control and automation systems powered by SCADA technology. However, cybersecurity professionals face challenges in implementing the RMF, leading to systems operating without proper authorization resulting in non-compliance with standards and regulations. Current RMF-based business practices are inadequate, exposing organizations to cyber threats that compromise consumer personal data and essential infrastructure information. To address these challenges, this research proposes a Model-Based Systems Engineering (MBSE) approach to implementing cybersecurity controls and assessing risk through the RMF process. The study stresses the importance of adopting a modeling approach to streamline the RMF process. MBSE can effectively eliminate erroneous structures, simplifying the acquisition of an Authorization-to-Operate (ATO). Focusing on the practical application of MBSE in industrial control and automation systems can improve the security and safety of operations. This research concludes that MBSE can address the implementation challenges of the NIST RMF process while improving the security of industrial control and automation systems. The research suggests MBSE to be a more effective strategy for implementing cybersecurity controls and risk assessment through the RMF process. The study suggests that the MBSE approach can apply to other domains beyond industrial control and automation systems. [ABSTRACT FROM AUTHOR]

Copyright of Journal of Cyber Security & Risk Auditing is the property of Smart Technologies Academic Press and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)*