Cybersecurity Self-assessment Tools: Evaluating the Importance for Securing Industrial Control Systems in Critical Infrastructures

A review: towards practical attack taxonomy for industrial control systems

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.14.12815 ◽

2018 ◽

Vol 7 (2.14) ◽

pp. 145 ◽

Cited By ~ 1

Author(s):

Qais Saif Qassim ◽

Norziana Jamil ◽

Razali Jidin ◽

Mohd Ezanee Rusli ◽

Md Nabil Ahmad Zawawi ◽

...

Keyword(s):

Control Systems ◽

Supervisory Control ◽

Cyber Attacks ◽

Critical Infrastructures ◽

Cyber Attack ◽

Industrial Control ◽

Industrial Control Systems ◽

Scada System ◽

Water Transportation ◽

Different Types

Supervisory Control and Data Acquisition (SCADA) system is the underlying control system of most national critical infrastructures such as power, energy, water, transportation and telecommunication. In order to understand the potential threats to these infrastructures and the mechanisms to protect them, different types of cyber-attacks applicable to these infrastructures need to be identified. Therefore, there is a significant need to have a comprehensive understanding of various types of cyber-attacks and its classification associated with both Opera-tion Technology (OT) and Information Technology (IT). This paper presents a comprehensive review of existing cyber-attack taxonomies available in the literature and evaluates these taxonomies based on defined criteria.

Download Full-text

Measuring Impact of Cybersecurity on the Performance of Industrial Control Systems

Mechanical Engineering ◽

10.1115/1.2014-dec-5 ◽

2014 ◽

Vol 136 (12) ◽

pp. S4-S7 ◽

Cited By ~ 2

Author(s):

Keith Stouffer ◽

Rick Candell

Keyword(s):

Control Systems ◽

Power Plants ◽

Performance Metrics ◽

Industrial Process ◽

Transportation Systems ◽

Critical Infrastructures ◽

Industrial Control ◽

Industrial Control Systems ◽

Security Standards ◽

The Impact

This article examines the impact of cybersecurity on the performance of industrial control systems (ICS). Control systems are embedded in essentially all engineered systems, such as our cars, homes, offices, industrial plants, and in critical infrastructures such as power plants, water treatment plants, and transportation systems. To ensure the security of ICS, particularly for critical infrastructures, standards are being developed to ensure ICS cybersecurity. The NIST ICS cybersecurity testbed will be constructed to facilitate the measurement of industrial process performance for systems instrumented with cybersecurity technologies. This testbed will allow for validation of existing security standards and guidelines and will allow researchers to provide valuable feedback to the community on methods, practices, and pitfalls when applying a cybersecurity program to an ICS. Additional work will be required to identify new use cases and pertinent performance metrics. The testbed will provide an opportunity for collaboration between government, research institutions, and industry partners. Interested parties are encouraged to contact the authors directly to discuss opportunities for collaboration.

Download Full-text

Investigation of risks for Critical Infrastructures due to the exposure of SCADA systems and industrial controls on the Internet based on the search engine Shodan

Electronic Imaging ◽

10.2352/issn.2470-1173.2020.3.mobmu-253 ◽

2020 ◽

Vol 2020 (3) ◽

pp. 253-1-253-16 ◽

Cited By ~ 1

Author(s):

Daniel Kant ◽

Reiner Creutzburg ◽

Andreas Johannsen

Keyword(s):

Control Systems ◽

Search Engine ◽

Common Good ◽

Cyber Attacks ◽

The Internet ◽

Critical Infrastructures ◽

Industrial Control ◽

Industrial Control Systems ◽

Industrial Plants ◽

Scada Systems

Industrial Control Systems occur in automation processes and process control procedures within Critical Infrastructures (CI) - these are institutions with important significance for the common good of the state and thus for the maintenance of a society. Failures or disturbances in industrial plants can have serious physical consequences, such as power outages or interruptions in production. Energy suppliers, in particular, are an attractive target for cyber attacks due to their interdependencies with other infrastructures. A large number of SCADA systems and Industrial Control Systems are directly connected to the Internet and inadequately secured from an information technology perspective, this represents a considerable risk for IT security and, consequently, for the availability of Critical Infrastructures. The Shodan search engine reveals a worrying extent of exposed industrial control equipment on the Internet. The collected information and metadata about Industrial Control Systems from this search are freely available online. They can serve as a basis for potential attacks. Without authentication mechanisms, anyone can connect to open ports using industrial and remote maintenance protocols. The resulting risks and consequences for the companies, operators as well as for the society due the exposure of industrial plants and Critical Infrastructures are examined based on the Shodan search engine within the scope of this work.

Download Full-text

Control Systems Security

Corporate Hacking and Technology-Driven Crime ◽

10.4018/978-1-61692-805-6.ch010 ◽

2011 ◽

pp. 187-204 ◽

Cited By ~ 5

Author(s):

Jake Brodsky ◽

Robert Radvanovsky

Keyword(s):

Control Systems ◽

News Media ◽

The Internet ◽

Critical Infrastructures ◽

Industrial Control ◽

Industrial Control Systems ◽

Systems Security ◽

National Power ◽

Executive Level ◽

The U.S

With recent news media discussions highlighting the safety and integrity of the U.S. national power grid, questions have been raised by both political and executive-level management, specifically, as to the risks associated with our critical infrastructures. More specifically, the issue of concern is dealing with and addressing cyber vulnerability issues, threats and risks associated with an extremely complex and inter-twining series of dependencies arising from legacy industries established almost 100 years ago. Equally as important are the growing threats and risks to these environments resulting from their exposure to outside networks (such as the Internet), exposing critically vital and important cyber systems to just about everyone and anyone globally. This chapter highlights the importance of preventing hack attacks against SCADA systems, or Industrial Control Systems (abbreviated as ICS), as a means of protecting our critical infrastructures.

Download Full-text