Deriving Implicit Security Requirements in Safety-Explicit Formal Development of Control Systems

2020 ◽  
pp. 109-130
Author(s):  
Inna Vistbakka ◽  
Elena Troubitsyna
Keyword(s):  
Control Systems ◽  
Security Requirements ◽  
Formal Development

scholarly journals Industrial control systems: The biggest cyber threat

2020 ◽  
Vol 4 (1) ◽  
pp. 044-046
Author(s):  
Beretas Christos P
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Security Policy ◽  
Security Requirements ◽  
Security Policies ◽  
Western World ◽  
Control Analysis ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Cyber Threats

Industrial control systems (ICS) are critical, as in these systems, cyber threats have the potential to affect, disorganize, change their mode of operation, act as an information extraction vehicle, and ultimately turn against itself. Creating risks to the system itself, infrastructure, downtime, leakage of sensitive data, and even loss of human life. Industrial control systems (ICS) are vital to the operation of all the modern automated infrastructure in the western world, such as power plant and power stations. Industrial control systems (ICS) differ from the traditional information systems and infrastructures of organizations and companies, a standard cyber security strategy cannot be implemented but part of it adapting to the real facts and needs of each country, legislation and infrastructure. These systems require continuous operation, reliability and rapid recovery when attacked electronically with automated control, isolation and attack management processes. Incorrect settings and lack of strategic planning can lead to unprotected operation of critical installations, as they do not meet the cyber security requirements. Industrial control systems (ICS) require special protection in their networks, as they should be considered vulnerable in all their areas, they need protection from cyber attacks against ICS, SCADA servers, workstations, PLC automations, etc. Security policies to be implemented should provide protection against cyber threats, and systems recovery without affecting the operation and reliability of operating processes. Security policies such as security assessment, smart reporting, vulnerability and threat simulation, integrity control analysis, apply security policy to shared systems, intrusion detection and prevention, and finally firewall with integrated antivirus and sandbox services should be considered essential entities.

Music is the Key

2013 ◽  
pp. 1018-1037
Author(s):  
Marcia Gibson ◽  
Karen Renaud ◽  
Marc Conrad ◽  
Carsten Maple
Keyword(s):  
Access Control ◽  
Control Systems ◽  
Security Requirements ◽  
Support Needs ◽  
Business Environments ◽  
Current Thinking ◽  
The Web

Devising access control systems to support needs and capabilities of users, as well as the security requirements of organisations, is a key challenge faced in many of today’s business environments. If users are to behave securely, they must not be overburdened with unworkable authentication policies and methods. Yet the prevailing alphanumeric password can be a double-edged sword: secure passwords are inherently difficult to recall and vice-versa. Consequentially, a growing number of alternatives are emerging. In this chapter, the authors describe one novel scheme - a musical password. Musipass was designed with the user in mind and is tailored toward the task of authentication on the Web, where biometric and token-based systems have proved unsuccessful in replacing the flawed, yet prevalent traditional password. This chapter, which includes discussion on current thinking in the field of authentication, will be of interest to information managers, security practitioners, and HCI professionals.

scholarly journals A survey of intrusion detection on industrial control systems

2018 ◽  
Vol 14 (8) ◽  
pp. 155014771879461 ◽  
Author(s):  
Yan Hu ◽  
An Yang ◽  
Hong Li ◽  
Yuyan Sun ◽  
Limin Sun
Keyword(s):  
Intrusion Detection ◽  
Control Systems ◽  
Internet Technology ◽  
Security Requirements ◽  
Intrusion Detection Systems ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Detection Systems ◽  
Advantages And Disadvantages ◽  
Detection Technology

The modern industrial control systems now exhibit an increasing connectivity to the corporate Internet technology networks so as to make full use of the rich resource on the Internet. The increasing interaction between industrial control systems and the outside Internet world, however, has made them an attractive target for a variety of cyber attacks, raising a great need to secure industrial control systems. Intrusion detection technology is one of the most important security precautions for industrial control systems. It can effectively detect potential attacks against industrial control systems. In this survey, we elaborate on the characteristics and the new security requirements of industrial control systems. After that, we present a new taxonomy of intrusion detection systems for industrial control systems based on different techniques: protocol analysis based, traffic mining based, and control process analysis based. In addition, we analyze the advantages and disadvantages of different categories of intrusion detection systems and discuss some future developments of intrusion detection systems for industrial control systems, in order to promote further research on intrusion detection technology for industrial control systems.

scholarly journals Cluster Analytical Method of Fault Risk Analysis in Systems

2016 ◽  
Vol 24 (39) ◽  
pp. 167-173
Author(s):  
German Michaľčonok ◽  
Michaela Horalová Kalinová
Keyword(s):  
Cluster Analysis ◽  
Control Systems ◽  
Systems Analysis ◽  
Subject Area ◽  
Good Choice ◽  
Individual Characteristics ◽  
Security Requirements ◽  
Reduction Strategy ◽  
The Subject ◽  
Safety Systems

Abstract In providing safety functions, the proposal of safety functions of control systems is an important part of a risk reduction strategy. In the specification of security requirements, it is necessary to determine and document individual characteristics and the desired performance level for each safety. This article presents the results of the experiment cluster analysis. The results of the experiment prove that the methods of cluster analysis provide a suitable tool for analyzing the reliability of safety systems analysis. Regarding the increasing complexity of the systems, we can state that the application of these methods in the subject area is a good choice.

scholarly journals Specifics of modern security requirements for software of electronic machine control systems

2021 ◽  
Vol 13 (S) ◽  
pp. 87-97
Author(s):  
Serhii F. KASHTANOV ◽  
Yury O. POLUKAROV ◽  
Oleksiy I. POLUKAROV ◽  
Liudmyla O. MITIUK ◽  
Nataliia F. KACHYNSKA
Keyword(s):  
Control Systems ◽  
Safety Management ◽  
Security Requirements ◽  
Application Software ◽  
Electronic Control ◽  
Industrial Equipment ◽  
Safety Requirements ◽  
Applied Software ◽  
Machine Control ◽  
Security Standards

The required level of safety of machines and mechanisms is achieved through the use of appropriate safety management systems for industrial equipment, including programmable electronic ones. Such systems usually include a variety of security devices for managing industrial equipment settings. Since electronic control systems are currently considered the most promising control systems in this area, the study of the security parameters of their application support determines the relevance of this study. This study analyses the main requirements of IEC 61508 and IEC 62061 standards for compliance with modern safety requirements of embedded and applied software for electronic control systems of machines and mechanisms. This study proposes an algorithm for step-by-step implementation of software for electronic machine control systems in accordance with basic security standards for both built-in and application software. Testing has been determined as the main method of verification of application software. Based on the results of the analysis, it was found that the specification of security requirements, both built-in and application software, should highlight the necessary characteristics of each subsystem, providing information that allows choosing the equipment that meets existing security requirements. Relevant recommendations are given on the specifics of practical application of these standards.

A review of security assessment methodologies in industrial control systems

2019 ◽  
Vol 27 (1) ◽  
pp. 47-61 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Maslina Daud ◽  
Ahmed Patel ◽  
Norhamadi Ja’affar
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Electrical Power ◽  
Assessment Method ◽  
Cyber Attacks ◽  
Security Requirements ◽  
Security Assessment ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Content Type

Purpose The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure. Design/methodology/approach This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems. Findings The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements. Originality/value This paper presents a review and a comparative analysis of several standard SCADA security assessment methodologies and guidelines published by internationally recognised bodies. In addition, it explores the adequacy of the existing methodologies in meeting cyber security assessment practices required for electrical power networks.

Cyber security requirements for railway control systems according to standard IEC 62443

2020 ◽  
Vol 131 ◽  
pp. 79-86
Author(s):  
Bartłomiej Tworek
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Security Requirements ◽  
Security Level ◽  
Critical Systems ◽  
Safety Critical ◽  
Railway Traffic ◽  
Automation Control ◽  
Iec 62443

Modern railway control systems are based on computer and embedded systems. This components are connected directly via ICT networks, it is also possible to use wireless industrial networks. Cyber security attacks in automation control systems are becoming more dangerous and common. To protect these safety critical systems, the standard IEC 62443 has been developed. This standard provides guidelines and requirements for industrial automation and control systems which also apply to railway systems. This article is mainly focused on chapter IEC 62443-4-2 which provides Technical security requirements for IACS components. Proper protection against cyber attacks is also important for maintaining RAMS parameters (Reliability, Availability, Maintainability and Safety). Railway control systems performs mainly safety critical functionality which are related with railway traffic management. Safety related control algorithms and vital modules cannot be disturbed by security mechanisms and functions. The analysis of cyber threats should be performed by railway infrastructure operators in cooperation with manufacturers of railway control systems. It is important to determine what level of requirements fulfilment according to standard IEC 62443 must be met (security level). Railway traffic control systems are long life and high availability systems, therefore they should be properly maintained during lifecycle. The manufacturer of railway control systems and end user should together develop a policy and guidelines for securing the systems against cyber attacks.

Sign in / Sign up

Export Citation Format

Share Document