Specification of the Current State Vulnerabilities Related to Industrial Control Systems

The contemporary trend of increasing connectivity, interoperability and efficiency of technologies, which are used in organizations, also affected Industrial Control System (further only ICS). The recently isolated system is becoming more dependent on interconnection with external technologies. This leads to a formation of new vulnerabilities, which are significant threats to ICS. For this reason, it is necessary to devote considerable effort to analyze vulnerabilities. Neglecting of this area could lead to damage or unavailability of ICS services. The purpose of the article is to evaluate vulnerabilities related to individual elements of ICS. The fundamental question of the article is to find a true distribution of security risk related to ICS.

Download Full-text

Building a Cybersecurity Culture in the Industrial Control System Environment

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2019.01.05 ◽

2019 ◽

Vol 8 (1) ◽

pp. 39-44

Author(s):

Claudia ARAUJO MACEDO ◽

Jos MENTING

Keyword(s):

Control System ◽

Control Systems ◽

Cyber Attacks ◽

Cyber Attack ◽

Industrial Control System ◽

Security Measures ◽

Industrial Control ◽

Industrial Control Systems ◽

System A ◽

Educational Processes

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

Download Full-text

Analyzing the Impact of Cybersecurity on Monitoring and Control Systems in the Energy Sector

Energies ◽

10.3390/en15010218 ◽

2021 ◽

Vol 15 (1) ◽

pp. 218

Author(s):

Mohammed Alghassab

Keyword(s):

Control System ◽

Control Systems ◽

Cyber Security ◽

Energy Sector ◽

Industrial Control System ◽

Monitoring And Control ◽

Industrial Control ◽

Industrial Control Systems ◽

Monitoring And Control Systems ◽

And Control

Monitoring and control systems in the energy sector are specialized information structures that are not governed by the same information technology standards as the rest of the world’s information systems. Such industrial control systems are also used to handle important infrastructures, including smart grids, oil and gas facilities, nuclear power plants, water management systems, and so on. Industry equipment is handled by systems connected to the internet, either via wireless or cable connectivity, in the present digital age. Further, the system must work without fail, with the system’s availability rate being of paramount importance. Furthermore, to certify that the system is not subject to a cyber-attack, the entire system must be safeguarded against cyber security vulnerabilities, threats, and hazards. In addition, the article looks at and evaluates cyber security evaluations for industrial control systems, as well as their possible impact on the accessibility of industrial control system operations in the energy sector. This research work discovers that the hesitant fuzzy-based method of the Analytic Hierarchy Process (AHP) and the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is an operational procedure for estimating industrial control system cyber security assessments by understanding the numerous characteristics and their impacts on cyber security industrial control systems. The author evaluated the outputs of six distinct projects to determine the quality of the outcomes and their sensitivity. According to the results of the robustness analysis, alternative 1 shows the utmost effective cybersecurity project for the industrial control system. This research work will be a conclusive reference for highly secure and managed monitoring and control systems.

Download Full-text

Information Security Evaluation of the Key Equipment in Industrial Control Systems

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.336-338.1640 ◽

2013 ◽

Vol 336-338 ◽

pp. 1640-1644

Author(s):

Zhi Gang Zhang ◽

Zhuo Lv ◽

Shuang Xia Niu

Keyword(s):

Control System ◽

Information Security ◽

Control Systems ◽

Research Program ◽

System Level ◽

Security Evaluation ◽

Industrial Control System ◽

Industrial Control ◽

Security Risks ◽

Industrial Control Systems

This paper analyzes the information security risks faced by the industrial control systems, Propose the Information Security Evaluation on industrial control system based on the level protection assessment technology, The development of industrial control system from the device level , field-level and system-level three levels of information security evaluation, propose the next step in the research program.

Download Full-text

Research of Smart Gird Functional Safety Certification

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.263-266.3168 ◽

2012 ◽

Vol 263-266 ◽

pp. 3168-3173

Author(s):

Xiu Li Huang ◽

Tao Zhang ◽

Yuan Yuan Ma ◽

Yu Fei Wang ◽

Ye Hua

Keyword(s):

Control System ◽

Smart Grid ◽

Control Systems ◽

Evaluation Process ◽

Functional Safety ◽

Industrial Control System ◽

Industrial Control ◽

Industrial Control Systems ◽

Security Issues ◽

Safety Certification

With the increasing number of attacks against industrial control systems, functions security issues of the smart grid industrial control system gradually become the focus of research in the field of smart grid. This paper introduced smart grid industrial control systems threats which faced and incidents firstly, and analyzed the current situation of the functional safety certification, including certification bodies, certification tools and certification classes; Then, researched the smart grid industrial control system functional safety certification, gave the content of the smart grid industrial control system functional safety certification, and made the design of its hardware evaluation process; Finally, we discuss the research status of functional safety certification, and pointed out the problems that the smart grid industrial control system functional safety faces.

Download Full-text

Situation awareness framework for industrial control system based on cyber kill chain

MATEC Web of Conferences ◽

10.1051/matecconf/202133602013 ◽

2021 ◽

Vol 336 ◽

pp. 02013

Author(s):

Yufei Wang ◽

Tengbiao Zhang ◽

Qian Ye

Keyword(s):

Control System ◽

Control Systems ◽

Situation Awareness ◽

Cyber Security ◽

Reference Architecture ◽

Industrial Control System ◽

Industrial Control ◽

Industrial Control Systems ◽

High Level ◽

Cyber Kill Chain

Information and cyber security of Industrial Control Systems (ICS) has gained considerable importance. Situation Awareness (SA) is an exciting mechanism to achieve the perception, comprehension and projection of the ICS information security status. Based on the Purdue Enterprise Reference Architecture (PERA), a situation awareness framework for ICS is presented considering the ICS cyber kill chain. The proposed framework consists of IT SA Centre, OT SA Centre, and Comprehensive SA Centre. Comprehensive SA Centre is responsible for creating and maintaining an integrated and high level of security visibility into the whole environments. The introduced framework can be used to guide the development of the situation awareness infrastructure in organization with industrial control systems.

Download Full-text

Extremum seeking dead-zone pre-compensator for an industrial control system

at - Automatisierungstechnik ◽

10.1515/auto-2017-0095 ◽

2018 ◽

Vol 66 (6) ◽

pp. 471-482

Author(s):

Erkin Dincmen

Keyword(s):

Control System ◽

Control Systems ◽

Dead Zone ◽

Nonlinear Behavior ◽

Extremum Seeking ◽

Control Algorithms ◽

Industrial Control System ◽

Industrial Control ◽

Industrial Control Systems ◽

Compensation Algorithm

Abstract PID type industrial controllers such as PI, PD, PID are mature control algorithms and they are intensively used in industry due to their simplicity and easily implementability. However, they start to fail when there is an unknown or unpredictable nonlinear behavior in the plant or actuator. In this paper, a novel compensation algorithm is proposed for PD type industrial control systems, which possess an unknown dead-zone nonlinearity. An extremum-seeking technique is utilized in the compensation algorithm. The aim is to propose a new, effective and robust compensator which can be added easily to an existing industrial controller without any need to change/retune the controller settings/parameters. It is shown that by adding the compensator to an existing PD control system, the sensitivity of the controller to the dead-zone nonlinearity is removed.

Download Full-text

Cyber security in industrial control system

WEENTECH Proceedings in Energy ◽

10.32438/wpe.432021 ◽

2021 ◽

pp. 481-493

Author(s):

Sarika Singh ◽

Gargi Phadke

Keyword(s):

Control System ◽

Control Systems ◽

Communication Networks ◽

Cyber Security ◽

Denial Of Service ◽

Mitigation Measures ◽

Security Assessment ◽

Industrial Control System ◽

Industrial Control ◽

Smart Grid Communication

For any system to secure them industrial control system plays an important role in it. It helps to design the isolated procure system, specialized communication mechanisms is used to help for the setup. And with the help of this setup the flexibility, safety, threats, and vulnerabilities are the most important things to make. To secure them from risk assessment and other protection measurement need to specify with good instruments and security. The paper describes technical aspects on Denial of Service (Dos) attack. We also identify how smart grid communication networks works in security technical implementation guides of the different countries as a defense information systems agency. A brief chronicle of cyber storm on ICS; common challenges, some mitigation of those challenge, all levels of the multi-layered ICS architecture. This paper demonstrates railway control systems (RCS) compliance estimation of immovable control system design, operational scenarios that can be used for mitigation measures and security assessment.

Download Full-text

A Model-Data Integrated Cyber Security Risk Assessment Method for Industrial Control Systems

2018 IEEE 7th Data Driven Control and Learning Systems Conference (DDCLS) ◽

10.1109/ddcls.2018.8516022 ◽

2018 ◽

Author(s):

Yuan Peng ◽

Kaixing Huang ◽

Weixun Tu ◽

Chunjie Zhou

Keyword(s):

Risk Assessment ◽

Control Systems ◽

Cyber Security ◽

Assessment Method ◽

Security Risk ◽

Model Data ◽

Industrial Control ◽

Industrial Control Systems ◽

Risk Assessment Method ◽

Security Risk Assessment

Download Full-text

Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.14.12816 ◽

2018 ◽

Vol 7 (2.14) ◽

pp. 153 ◽

Cited By ~ 2

Author(s):

Qais Saif Qassim ◽

Norziana Jamil ◽

Maslina Daud ◽

Norhamadi Ja'affar ◽

Salman Yussof ◽

...

Keyword(s):

Control System ◽

Power System ◽

Control Systems ◽

Industrial Control ◽

Power Utility ◽

Industrial Control Systems ◽

Injection Attacks ◽

Scada System ◽

Control Command ◽

Catastrophic Impact

IEC 60870-5-104 is an international standard used for tele-control in electrical engineering and power system applications. It is one of the major principal protocols in SCADA system. Major industrial control vendors use this protocol for monitoring and managing power utility devices. One of the most common attacks which has a catastrophic impact on industrial control systems is the control command injection attack. It happens when an attacker injects false control commands into a control system. This paper presents the IEC 60870-5-104 vulnera-bilities from the perspective of command and information data injection. From the SCADA testbed that we setup, we showed that a success-ful control command injection attack can be implemented by exploiting the vulnerabilities identified earlier.

Download Full-text

Analysis of Cyber Threats in the Connection Section of the Control System and Countermeasures Required

Turkish Journal of Computer and Mathematics Education (TURCOMAT) ◽

10.17762/turcomat.v12i6.1831 ◽

2021 ◽

Vol 12 (6) ◽

pp. 412-417

Author(s):

Yangha Chun

Keyword(s):

Control System ◽

Control Systems ◽

Real Life ◽

Information Storage ◽

Control Network ◽

Security Measures ◽

Industrial Control ◽

Industrial Control Systems ◽

Cyber Threats ◽

Cyber Threat

In the past, the general practice for the control system network that manages and controls industrial facilities such as electric power, gas, oil, water, chemicals, automobiles, etc. was to install and operate this as an independent system, but over time the practice has gradually shifted toward the use of an open and standardized system. Until recently, most industrial control systems consisted of an independent network, and the possibility of cyber threat infringement was very low. As information storage media such as laptops or USB are connected to the control system for maintenance or management purposes, the possibility of cyber infringement is increasing. When the use of the control system's operational information increases due to beingVinked with the internal business system network or the Internet, countermeasures against external cyber threats must be provided.This paper analyzes and organizes the cyber threat factors that exist in the linking section connected to the industrial control system and other networks, examining domestic and foreign incidents of hacking of control systems to identify the vulnerabilities and security measures for each scenario in the control system network linkage section. Through this analysis, a method is suggested for establishing a control network that secures both availability and security, which are important in the control system, as well as the safe relay system in the configuration of the linkage between the control network and the business network, while addressing the vulnerabilities in the structure due to long-term use of the control system.This study analyzes cyber threat factors and real-life examples of infringements with the aim of providing approaches that will ensure industrial control systems can be operated safely and the risk of cyber hacking threats that occur in connection with other networks can be managed, and suggesting cyber security measures for the control system connection sections.

Download Full-text