Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements (original) (raw)
Related papers
An Analysis of Critical Cybersecurity Controls for Industrial Control Systems
European Conference on Cyber Warfare and Security
Industrial Control Systems (ICS) comprise software, hardware, network systems, and people that manage and operate industrial processes. Supervisory Control and Data Acquisition Systems (SCADA) and Distributed Control Systems (DCS) are two of the most prevalent ICS. An ICS facilitates the effective and efficient management and operation of industrial sectors, including critical infrastructure sectors like utilities, manufacturing, and water treatment facilities. An ICS collects and integrates data from various field controllers deployed in industrial contexts, enabling operators to make data-driven decisions in managing industrial operations. Historically, ICS were isolated from the internet, functioning as part of air-gapped networks. However, the efficiency improvements brought about by the emergence of Information Technology necessitated a shift towards a more connected industrial environment. The convergence of Information and Operational Technology (IT/OT) has made ICS vulnerabl...
The myths and facts behind cyber security risks for industrial control systems
Proceedings of the VDE Kongress, 2004
Process control and SCADA systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. Unfortunately, new research indicates this complacency is misplaced -the move to open standards such as Ethernet, TCP/IP and web technologies is letting hackers take advantage of the control industry's ignorance. This paper summarizes the incident information collected in the BCIT Industrial Security Incident Database (ISID), describes a number of events that directly impacted process control systems and identifies the lessons that can be learned from these security events.
A Methodology to Enhance Industrial Control System Security
Procedia Computer Science, 2018
The frequency and sophistication of cyber-threats towards Industrial Control Systems (ICS) continues to increase. This reality, coupled with the increased interconnectivity of ICS and enterprise networks and the utilisation of standard system platforms and operating systems, has raised the potential risk to both the security and safety of critical infrastructure. There is a growing awareness that the safety and security of ICS cannot be dealt with in isolation, it should be considered jointly. This paper proposes a methodology that harmonises safety and security within ICS environments. The findings also indicate that efforts to harmonise safety and security extends beyond deconflicting and implementing effective technical countermeasures-nontechnical factors and the organisational context play an equally important part.
Scientific Journal of Research and Reviews, 2019
Industrial Control Systems (ICS) were primarily designed to operate air-gapped; however, the pressure for cost reduction and integration with business systems demanded the adoption of open systems architecture and ended up exposing ICS to threats which until then had been restricted only to the Information Technology (IT) systems. Although Cybersecurity Standards for Industrial Control Systems have been in place since the 1990s, providing the foundational knowledge required to Secure Industrial Control Systems; implementation failures and media disclosures revealed that organizations are not yet prepared to deploy Cybersecurity Controls effectively. This research has employed Design Science and interaction with experts on a qualitative manner exploring new insights and allowing to identify the main barriers for deploying and assessing industrial control systems. The results of this research include a list of Practices for effective deployment of Cybersecurity controls; list of Critical Success Factors for assessing ICS; and a list of most effective ways to report Cybersecurity risks to the board. This research counted with the participation of 200 practitioners and experts from Europe, Asia, Americas and Oceania.
A Survey of Industrial Control Systems Security
2011
Industrial Control Systems (ICS) that monitor and operate critical industrial infrastructure worldwide are subject to an increasing frequency of cyber attacks. Evolution of the ICS environment to include standard operating system (OS) platforms and connectivity to corporate LANs and the world-wide-web occurred in ICS environments that were insulated from the outside world by a closed, trusted network. The result is legacy systems and component devices exposed to modern external threats with weak or non-existent security mechanisms in place. The risk to ICS is gradually being addressed, but not nearly fast enough to protect from easily devised cyber attacks.
Securing industrial control system environments: the missing piece
Journal of Cyber Security Technology, 2018
Cyber-attacks on Industrial Control Systems (ICS) are no longer matters of anticipation. Industrial infrastructures are continually being targeted by malicious cyber actors with very little resistance on their paths. From network breaches to data theft, denial of service attacks to privilege escalation; command and control functions have in some way been exerted on targeted industrial systems. Safety, security, resilience, reliability and performance require private industrial control system user organizations and the public sector to device strategies and steps towards dealing decisively to these emerging and increasing ICS cyber security concerns. There are already couple security solutions proposed by governments, private organizations, academia, and industries for achieving this goal. This discourse reviews the ICS security risk landscape, current security strategies and solutions with a view to discovering the gaps or weaknesses in the effective mitigation of cyber-attacks, and the enhancement of cyber security. Notable fissures in existing ICS security solutions include: greater emphasis on technology security while discounting other critical bits like people and processes, which is clearly incongruent with emerging security threats and attack trends, the unilateral dimension strategy towards security which focuses more on SCADA systems, and the emergence of more sector-specific solutions as against generic security solutions. Better solutions include approaches that follow similar evolutionary patterns as the problem trend. These include cyber security measures that would embrace constant evolution in response to changes in the threat, vulnerabilities, attacks, and impact domains. Solutions that recognise and capture; people, process, and technology security enhancement into a single system entity with holistic provisioning that can meet all three-entity vulnerabilities for a more secured ICS environment.
From safety to cyber security: New organizational challenges in Industrial Control Systems (ICS)
2017
Cyber security is a growing challenge for all organizations. In the past two decades, organizations have developed a huge amount of infrastructures based on important industrial control systems (ICS) for their businesses. A specific domain of these challenges comprises the industrial organizations that manage railway infrastructures, public utilities, nuclear plants, communication infrastructures and utilities. The aim of the paper is developing a conceptual bridge between organizational research on safety and new research program on cyber security in industrial setting. Working on data provided by an ongoing project on cyber risk in ICS, the paper suggest a preliminary framework to face with relevant questions and reflections on how the organizational social construction of safety can be in some way a good proxy to understand the sociotechnical side of cyber risk in industrial sites.