An Attack Execution Model for Industrial Control Systems Security Assessment

2016 ◽  
pp. 157-167 ◽  
Author(s):  
Ziad Ismail ◽  
Jean Leneutre ◽  
Alia Fourati
Keyword(s):  
Control Systems ◽  
Security Assessment ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Systems Security ◽  
Execution Model

scholarly journals A Review of Cyber Security Assessment (CSA) for Industrial Control Systems (ICS) and Their Impact on The Availability of the ICS Operation

2021 ◽  
Vol 1860 (1) ◽  
pp. 012015
Author(s):  
Nor Afiq Bonandir ◽  
Norziana Jamil ◽  
Md Nabil Ahmad Nawawi ◽  
Razali Jidin ◽  
Mohd Ezanee Rusli ◽  
...  
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Security Assessment ◽  
Industrial Control ◽  
Industrial Control Systems

A review of security assessment methodologies in industrial control systems

2019 ◽  
Vol 27 (1) ◽  
pp. 47-61 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Maslina Daud ◽  
Ahmed Patel ◽  
Norhamadi Ja’affar
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Electrical Power ◽  
Assessment Method ◽  
Cyber Attacks ◽  
Security Requirements ◽  
Security Assessment ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Content Type

Purpose The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure. Design/methodology/approach This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems. Findings The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements. Originality/value This paper presents a review and a comparative analysis of several standard SCADA security assessment methodologies and guidelines published by internationally recognised bodies. In addition, it explores the adequacy of the existing methodologies in meeting cyber security assessment practices required for electrical power networks.

Sign in / Sign up

Export Citation Format

Share Document