Cyber security requirements for railway control systems according to standard IEC 62443

2020 ◽  
Vol 131 ◽  
pp. 79-86
Author(s):  
Bartłomiej Tworek
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Security Requirements ◽  
Security Level ◽  
Critical Systems ◽  
Safety Critical ◽  
Railway Traffic ◽  
Automation Control ◽  
Iec 62443

Modern railway control systems are based on computer and embedded systems. This components are connected directly via ICT networks, it is also possible to use wireless industrial networks. Cyber security attacks in automation control systems are becoming more dangerous and common. To protect these safety critical systems, the standard IEC 62443 has been developed. This standard provides guidelines and requirements for industrial automation and control systems which also apply to railway systems. This article is mainly focused on chapter IEC 62443-4-2 which provides Technical security requirements for IACS components. Proper protection against cyber attacks is also important for maintaining RAMS parameters (Reliability, Availability, Maintainability and Safety). Railway control systems performs mainly safety critical functionality which are related with railway traffic management. Safety related control algorithms and vital modules cannot be disturbed by security mechanisms and functions. The analysis of cyber threats should be performed by railway infrastructure operators in cooperation with manufacturers of railway control systems. It is important to determine what level of requirements fulfilment according to standard IEC 62443 must be met (security level). Railway traffic control systems are long life and high availability systems, therefore they should be properly maintained during lifecycle. The manufacturer of railway control systems and end user should together develop a policy and guidelines for securing the systems against cyber attacks.

A review of security assessment methodologies in industrial control systems

2019 ◽  
Vol 27 (1) ◽  
pp. 47-61 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Maslina Daud ◽  
Ahmed Patel ◽  
Norhamadi Ja’affar
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Electrical Power ◽  
Assessment Method ◽  
Cyber Attacks ◽  
Security Requirements ◽  
Security Assessment ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Content Type

Purpose The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure. Design/methodology/approach This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems. Findings The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements. Originality/value This paper presents a review and a comparative analysis of several standard SCADA security assessment methodologies and guidelines published by internationally recognised bodies. In addition, it explores the adequacy of the existing methodologies in meeting cyber security assessment practices required for electrical power networks.

scholarly journals Cyber Attacks on Critical Infrastructure

2016 ◽  
pp. 448-465
Author(s):  
Ana Kovacevic ◽  
Dragana Nikolic
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Future Directions ◽  
Infrastructure Systems ◽  
Cyber Threats ◽  
Scada Systems ◽  
Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Cyber Attacks on Critical Infrastructure

2015 ◽  
pp. 1-18 ◽  
Author(s):  
Ana Kovacevic ◽  
Dragana Nikolic
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Future Directions ◽  
Infrastructure Systems ◽  
Cyber Threats ◽  
Scada Systems ◽  
Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Cyber Security Assessment of NPP I&C Systems

2020 ◽  
pp. 221-238
Author(s):  
Oleksandr Klevtsov ◽  
Artem Symonov ◽  
Serhii Trubchaninov
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Nuclear Power ◽  
Power Plants ◽  
Cyber Attacks ◽  
Security Assessment ◽  
Nuclear Facilities ◽  
Security Risks ◽  
Cyber Threats ◽  
And Control

The chapter is devoted to the issues of cyber security assessment of instrumentation and control systems (I&C systems) of nuclear power plants (NPP). The authors examined the main types of potential cyber threats at the stages of development and operation of NPP I&C systems. Examples of real incidents at various nuclear facilities caused by intentional cyber-attacks or unintentional computer errors during the maintenance of the software of NPP I&C systems are given. The approaches to vulnerabilities assessment of NPP I&C systems are described. The scope and content of the assessment and periodic reassessment of cyber security of NPP I&C systems are considered. An approach of assessment to cyber security risks is described.

Cybersecurity From Field to Host

2016 ◽  
Author(s):  
Lee A. Cysouw ◽  
Douglas C. Osburn ◽  
Nader M. Rabadi
Keyword(s):  
Best Practices ◽  
Control Systems ◽  
Cyber Security ◽  
Measurement Data ◽  
Cyber Attacks ◽  
Operating Costs ◽  
Data Monitoring ◽  
Industry Standards ◽  
And Control ◽  
Remote Communications

Remote communications to field devices for data monitoring and controls has greatly reduced operating costs, reduced downtime, and helped to optimize our industry. With the ever growing threat of cyber-attacks, the need for securing that data is becoming a more common topic of discussion. Whether collecting SCADA or Measurement data from the field, doing remote configuration, or even sitting dormant, it is important to keep the line of communication to your devices secure. This presentation will discuss potential threats and examples of cyber-attacks. It will cover industry standards, types of cyber security, and the importance and best practices for securing data for Measurement and/or SCADA and control systems.

scholarly journals CHALLENGES IN HOMOLOGATION PROCESS OF VEHICLES WITH ARTIFICIAL INTELLIGENCE

Transport ◽  
2020 ◽  
Vol 35 (4) ◽  
pp. 435-446
Author(s):  
Máté Zöldy ◽  
Zsolt Szalay ◽  
Viktor Tihanyi
Keyword(s):  
Artificial Intelligence ◽  
Cyber Security ◽  
Autonomous Vehicles ◽  
Functional Safety ◽  
Critical Systems ◽  
Safety Issues ◽  
Safety Critical ◽  
Critical Areas ◽  
Automotive Technology ◽  
Information And Communication

The traditional automotive homologation processes aim to ensure the safety of vehicles on public roads. Autonomous Vehicles (AV) with Artificial Intelligence (AI) are difficult to account for in these conventional processes. This research aims to map and attempt to close the gaps in the areas of testing and approval of such automated and connected vehicles. During our research into the homologation process of traditional vehicles; functional safety issues, challenges of AI in safety critical systems, along with questions of cyber security were investigated. Our process focuses on the integration of the already existing functions and prototypes into new products safely. As a key result, we managed to identify the main gaps between Information and Communication Technology (ICT) and automotive technology: the rigidity of the automotive homologation process, functional safety, AI in safety critical areas and we propose a solution.

scholarly journals Industrial control systems: The biggest cyber threat

2020 ◽  
Vol 4 (1) ◽  
pp. 044-046
Author(s):  
Beretas Christos P
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Security Policy ◽  
Security Requirements ◽  
Security Policies ◽  
Western World ◽  
Control Analysis ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Cyber Threats

Industrial control systems (ICS) are critical, as in these systems, cyber threats have the potential to affect, disorganize, change their mode of operation, act as an information extraction vehicle, and ultimately turn against itself. Creating risks to the system itself, infrastructure, downtime, leakage of sensitive data, and even loss of human life. Industrial control systems (ICS) are vital to the operation of all the modern automated infrastructure in the western world, such as power plant and power stations. Industrial control systems (ICS) differ from the traditional information systems and infrastructures of organizations and companies, a standard cyber security strategy cannot be implemented but part of it adapting to the real facts and needs of each country, legislation and infrastructure. These systems require continuous operation, reliability and rapid recovery when attacked electronically with automated control, isolation and attack management processes. Incorrect settings and lack of strategic planning can lead to unprotected operation of critical installations, as they do not meet the cyber security requirements. Industrial control systems (ICS) require special protection in their networks, as they should be considered vulnerable in all their areas, they need protection from cyber attacks against ICS, SCADA servers, workstations, PLC automations, etc. Security policies to be implemented should provide protection against cyber threats, and systems recovery without affecting the operation and reliability of operating processes. Security policies such as security assessment, smart reporting, vulnerability and threat simulation, integrity control analysis, apply security policy to shared systems, intrusion detection and prevention, and finally firewall with integrated antivirus and sandbox services should be considered essential entities.

scholarly journals Cyber Resilience Analysis of SCADA Systems in Nuclear Power Plants

2020 ◽  
Author(s):  
Meghan Galiardi ◽  
Amanda Gonzales ◽  
Jamie Thorpe ◽  
Eric Vugrin ◽  
Raymond Fasano ◽  
...  
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Security ◽  
Nuclear Power ◽  
Power Plants ◽  
Nuclear Power Plants ◽  
Cyber Attacks ◽  
Use Case ◽  
Design Features ◽  
Scada Systems

Abstract Aging plants, efficiency goals, and safety needs are driving increased digitalization in nuclear power plants (NPP). Security has always been a key design consideration for NPP architectures, but increased digitalization and the emergence of malware such as Stuxnet, CRASHOVERRIDE, and TRITON that specifically target industrial control systems have heightened concerns about the susceptibility of NPPs to cyber attacks. The cyber security community has come to realize the impossibility of guaranteeing the security of these plants with 100% certainty, so demand for including resilience in NPP architectures is increasing. Whereas cyber security design features often focus on preventing access by cyber threats and ensuring confidentiality, integrity, and availability (CIA) of control systems, cyber resilience design features complement security features by limiting damage, enabling continued operations, and facilitating a rapid recovery from the attack in the event control systems are compromised. This paper introduces the REsilience VeRification UNit (RevRun) toolset, a software platform that was prototyped to support cyber resilience analysis of NPP architectures. Researchers at Sandia National Laboratories have recently developed models of NPP control and SCADA systems using the SCEPTRE platform. SCEPTRE integrates simulation, virtual hardware, software, and actual hardware to model the operation of cyber-physical systems. RevRun can be used to extract data from SCEPTRE experiments and to process that data to produce quantitative resilience metrics of the NPP architecture modeled in SCEPTRE. This paper details how RevRun calculates these metrics in a customizable, repeatable, and automated fashion that limits the burden placed upon the analyst. This paper describes RevRun’s application and use in the context of a hypothetical attack on an NPP control system. The use case specifies the control system and a series of attacks and explores the resilience of the system to the attacks. The use case further shows how to configure RevRun to run experiments, how resilience metrics are calculated, and how the resilience metrics and RevRun tool can be used to conduct the related resilience analysis.

scholarly journals Security Assessment of Agriculture IoT (AIoT) Applications

2021 ◽  
Vol 11 (13) ◽  
pp. 5841
Author(s):  
Erwin Kristen ◽  
Reinhard Kloibhofer ◽  
Vicente Hernández Díaz ◽  
Pedro Castillejo
Keyword(s):  
Control Systems ◽  
Communication Networks ◽  
Working Environment ◽  
Assessment Process ◽  
Security Assessment ◽  
Industrial Control Systems ◽  
Digital World ◽  
Important Field ◽  
Automation Control ◽  
Iec 62443

Cybersecurity is an important field in our digital world. It protects computer systems and communication networks against theft or sabotage of information to guarantee trouble-free operation in a trustworthy working environment. This article gives an overview of a cybersecurity assessment process and an appropriate Cybersecurity Management (CSM) implementation for future digital agriculture applications. The cybersecurity assessment follows the IEC 62443 cybersecurity standard for Industrial Automation Control Systems (IACS), adapted to Agriculture Automation Control Systems (AACS). However, the research results showed application differences; thus, an expansion of the standard is necessary to fill the existing open security gaps in agriculture. Agriculture differs from industrial control systems because of the outdoor located field area, which requires other forms of security. An appropriate cybersecurity standard for the agriculture domain is not currently available. However, such a standard will be necessary to define generally applicable procedures to protect agricultural assets against cyberattacks. The cybersecurity standards and regulations existing today (2021) are not sufficient for securing the agriculture domain against new and domain-specific cyberattacks. This article describes some of the cyber vulnerabilities identified and provides initial recommendations for addressing them.

Sign in / Sign up

Export Citation Format

Share Document