Cyber Security Requirements in the Norwegian Energy Sector

Author(s):  
Janne Hagen ◽  
Oyvind Toftegaard
Signals ◽  
2021 ◽  
Vol 2 (4) ◽  
pp. 803-819
Author(s):  
Nabin Chowdhury

As digital instrumentation in Nuclear Power Plants (NPPs) is becoming increasingly complex, both attack vectors and defensive strategies are evolving based on new technologies and vulnerabilities. Continued efforts have been made to develop a variety of measures for the cyber defense of these infrastructures, which often consist in adapting security measures previously developed for other critical infrastructure sectors according to the requirements of NPPs. That being said, due to the very recent development of these solutions, there is a lack of agreement or standardization when it comes to their adoption at an industrial level. To better understand the state of the art in NPP Cyber-Security (CS) measures, in this work, we conduct a Systematic Literature Review (SLR) to identify scientific papers discussing CS frameworks, standards, guidelines, best practices, and any additional CS protection measures for NPPs. From our literature analysis, it was evidenced that protecting the digital space in NPPs involves three main steps: (i) identification of critical digital assets; (ii) risk assessment and threat analysis; (iii) establishment of measures for NPP protection based on the defense-in-depth model. To ensure the CS protection of these infrastructures, a holistic defense-in-depth approach is suggested in order to avoid excessive granularity and lack of compatibility between different layers of protection. Additional research is needed to ensure that such a model is developed effectively and that it is based on the interdependencies of all security requirements of NPPs.


2012 ◽  
Vol 7 (5) ◽  
pp. 255-265
Author(s):  
Soo-Youl Park ◽  
Wook-Jin Choi ◽  
Bo-Heung Chung ◽  
Jeong-Nyeo Kim ◽  
Joo-Man Kim

Electronics ◽  
2020 ◽  
Vol 9 (9) ◽  
pp. 1460
Author(s):  
Neetesh Saxena ◽  
Emma Hayes ◽  
Elisa Bertino ◽  
Patrick Ojo ◽  
Kim-Kwang Raymond Choo ◽  
...  

The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed.


2020 ◽  
Vol 4 (1) ◽  
pp. 044-046
Author(s):  
Beretas Christos P

Industrial control systems (ICS) are critical, as in these systems, cyber threats have the potential to affect, disorganize, change their mode of operation, act as an information extraction vehicle, and ultimately turn against itself. Creating risks to the system itself, infrastructure, downtime, leakage of sensitive data, and even loss of human life. Industrial control systems (ICS) are vital to the operation of all the modern automated infrastructure in the western world, such as power plant and power stations. Industrial control systems (ICS) differ from the traditional information systems and infrastructures of organizations and companies, a standard cyber security strategy cannot be implemented but part of it adapting to the real facts and needs of each country, legislation and infrastructure. These systems require continuous operation, reliability and rapid recovery when attacked electronically with automated control, isolation and attack management processes. Incorrect settings and lack of strategic planning can lead to unprotected operation of critical installations, as they do not meet the cyber security requirements. Industrial control systems (ICS) require special protection in their networks, as they should be considered vulnerable in all their areas, they need protection from cyber attacks against ICS, SCADA servers, workstations, PLC automations, etc. Security policies to be implemented should provide protection against cyber threats, and systems recovery without affecting the operation and reliability of operating processes. Security policies such as security assessment, smart reporting, vulnerability and threat simulation, integrity control analysis, apply security policy to shared systems, intrusion detection and prevention, and finally firewall with integrated antivirus and sandbox services should be considered essential entities.


Energies ◽  
2021 ◽  
Vol 15 (1) ◽  
pp. 218
Author(s):  
Mohammed Alghassab

Monitoring and control systems in the energy sector are specialized information structures that are not governed by the same information technology standards as the rest of the world’s information systems. Such industrial control systems are also used to handle important infrastructures, including smart grids, oil and gas facilities, nuclear power plants, water management systems, and so on. Industry equipment is handled by systems connected to the internet, either via wireless or cable connectivity, in the present digital age. Further, the system must work without fail, with the system’s availability rate being of paramount importance. Furthermore, to certify that the system is not subject to a cyber-attack, the entire system must be safeguarded against cyber security vulnerabilities, threats, and hazards. In addition, the article looks at and evaluates cyber security evaluations for industrial control systems, as well as their possible impact on the accessibility of industrial control system operations in the energy sector. This research work discovers that the hesitant fuzzy-based method of the Analytic Hierarchy Process (AHP) and the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is an operational procedure for estimating industrial control system cyber security assessments by understanding the numerous characteristics and their impacts on cyber security industrial control systems. The author evaluated the outputs of six distinct projects to determine the quality of the outcomes and their sensitivity. According to the results of the robustness analysis, alternative 1 shows the utmost effective cybersecurity project for the industrial control system. This research work will be a conclusive reference for highly secure and managed monitoring and control systems.


Sign in / Sign up

Export Citation Format

Share Document