IDEAS home Printed from https://ideas.repec.org/a/eee/ijocip/v9y2015icp52-80.html
   My bibliography  Save this article

A survey of cyber security management in industrial control systems

Author

Listed:
  • Knowles, William
  • Prince, Daniel
  • Hutchison, David
  • Disso, Jules Ferdinand Pagna
  • Jones, Kevin

Abstract

Contemporary industrial control systems no longer operate in isolation, but use other networks (e.g., corporate networks and the Internet) to facilitate and improve business processes. The consequence of this development is the increased exposure to cyber threats. This paper surveys the latest methodologies and research for measuring and managing this risk. A dearth of industrial-control-system-specific security metrics has been identified as a barrier to implementing these methodologies. Consequently, an agenda for future research on industrial control system security metrics is outlined. The “functional assurance” concept is also introduced to deal with fail-safe and fail-secure industrial control system operations.

Suggested Citation

  • Knowles, William & Prince, Daniel & Hutchison, David & Disso, Jules Ferdinand Pagna & Jones, Kevin, 2015. "A survey of cyber security management in industrial control systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 9(C), pages 52-80.
    • Handle: RePEc:eee:ijocip:v:9:y:2015:i:c:p:52-80
    DOI: 10.1016/j.ijcip.2015.02.002
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1874548215000207
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijcip.2015.02.002?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Editors, 2014. "Software updates," Stata Journal, StataCorp LP, vol. 14(4), pages 997-997, December.
    2. Joost R. Santos & Yacov Y. Haimes & Chenyang Lian, 2007. "A Framework for Linking Cybersecurity Metrics to the Modeling of Macroeconomic Interdependencies," Risk Analysis, John Wiley & Sons, vol. 27(5), pages 1283-1297, October.
    3. Nai Fovino, Igor & Carcano, Andrea & Masera, Marcelo & Trombetta, Alberto, 2009. "An experimental investigation of malware attacks on SCADA systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(4), pages 139-145.
    4. Editors, 2014. "Software updates," Stata Journal, StataCorp LP, vol. 14(2), pages 451-451, June.
    5. Luiijf, Eric & Ali, Manou & Zielstra, Annemarie, 2011. "Assessing and improving SCADA security in the Dutch drinking water sector," International Journal of Critical Infrastructure Protection, Elsevier, vol. 4(3), pages 124-134.
    6. Okhravi, Hamed & Nicol, David M., 2009. "Application of trusted network technology to industrial control networks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(3), pages 84-94.
    7. Wesseler, Justus & Kaplan, Scott & Zilberman, David & Martin, Philip & Xu, Yan & Fennimore, Steven & Goodhue, Rachael & Klonsky, Karen & Miller, Thomas, 2014. "ARE Update Vol.17, No.3," Department of Agricultural & Resource Economics, UC Berkeley, Working Paper Series qt2gd0h59f, Department of Agricultural & Resource Economics, UC Berkeley.
    8. Alcaraz, Cristina & Lopez, Javier, 2012. "Analysis of requirements for critical control systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 5(3), pages 137-145.
    9. Editors, 2014. "Software updates," Stata Journal, StataCorp LP, vol. 14(3), pages 701-701, September.
    10. Morris, Thomas & Srivastava, Anurag & Reaves, Bradley & Gao, Wei & Pavurapu, Kalyan & Reddi, Ram, 2011. "A control system testbed to validate critical infrastructure protection concepts," International Journal of Critical Infrastructure Protection, Elsevier, vol. 4(2), pages 88-103.
    11. Beccuti, Marco & Chiaradonna, Silvano & Di Giandomenico, Felicita & Donatelli, Susanna & Dondossola, Giovanna & Franceschinis, Giuliana, 2012. "Quantification of dependencies between electrical and information infrastructures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 5(1), pages 14-27.
    12. Bompard, E. & Napoli, R. & Xue, F., 2009. "Assessment of information impacts in power system security against malicious attacks in a general framework," Reliability Engineering and System Safety, Elsevier, vol. 94(6), pages 1087-1094.
    13. Goldenberg, Niv & Wool, Avishai, 2013. "Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 6(2), pages 63-75.
    14. Henry, Matthew H. & Layer, Ryan M. & Zaret, David R., 2010. "Coupled Petri nets for computer network risk analysis," International Journal of Critical Infrastructure Protection, Elsevier, vol. 3(2), pages 67-75.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Rodofile, Nicholas R. & Radke, Kenneth & Foo, Ernest, 2019. "Extending the cyber-attack landscape for SCADA-based critical infrastructure," International Journal of Critical Infrastructure Protection, Elsevier, vol. 25(C), pages 14-35.
    2. Mustafa, Faizan E & Ahmed, Ijaz & Basit, Abdul & Alvi, Um-E-Habiba & Malik, Saddam Hussain & Mahmood, Atif & Ali, Paghunda Roheela, 2023. "A review on effective alarm management systems for industrial process control: Barriers and opportunities," International Journal of Critical Infrastructure Protection, Elsevier, vol. 41(C).
    3. Vlad Daniel SAVIN & Costel SERBAN, 2019. "Cybersecurity Vulnerabilities And Threats Of Scada Systems In Critical Infrastructures," Proceedings of the INTERNATIONAL MANAGEMENT CONFERENCE, Faculty of Management, Academy of Economic Studies, Bucharest, Romania, vol. 13(1), pages 234-237, November.
    4. Pramod T. C. & Thejas G. S. & S. S. Iyengar & N. R. Sunitha, 2019. "CKMI: Comprehensive Key Management Infrastructure Design for Industrial Automation and Control Systems," Future Internet, MDPI, vol. 11(6), pages 1-25, June.
    5. Juntao Chen & Quanyan Zhu & Tamer Başar, 2021. "Dynamic Contract Design for Systemic Cyber Risk Management of Interdependent Enterprise Networks," Dynamic Games and Applications, Springer, vol. 11(2), pages 294-325, June.
    6. Jarmakiewicz, Jacek & Parobczak, Krzysztof & Maślanka, Krzysztof, 2017. "Cybersecurity protection for power grid control infrastructures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 18(C), pages 20-33.
    7. Eric DuBois & Ashley Peper & Laura A. Albert, 2023. "Interdicting Attack Plans with Boundedly Rational Players and Multiple Attackers: An Adversarial Risk Analysis Approach," Decision Analysis, INFORMS, vol. 20(3), pages 202-219, September.
    8. CHERIFI, Tarek & HAMAMI, Lamia, 2018. "A practical implementation of unconditional security for the IEC 60780-5-101 SCADA protocol," International Journal of Critical Infrastructure Protection, Elsevier, vol. 20(C), pages 68-84.
    9. Mohammed Alghassab, 2021. "Analyzing the Impact of Cybersecurity on Monitoring and Control Systems in the Energy Sector," Energies, MDPI, vol. 15(1), pages 1-21, December.
    10. Rajan, Rishabh & Rana, Nripendra P. & Parameswar, Nakul & Dhir, Sanjay & Sushil, & Dwivedi, Yogesh K., 2021. "Developing a modified total interpretive structural model (M-TISM) for organizational strategic cybersecurity management," Technological Forecasting and Social Change, Elsevier, vol. 170(C).
    11. Xinzhan Li & Yang Zhou & Xin Li & Lijuan Xu & Dawei Zhao, 2022. "Protection Strategy Selection Model Based on Genetic Ant Colony Optimization Algorithm," Mathematics, MDPI, vol. 10(21), pages 1-24, October.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Singh, Abhishek Narain & Gupta, M.P. & Ojha, Amitabh, 2014. "Identifying critical infrastructure sectors and their dependencies: An Indian scenario," International Journal of Critical Infrastructure Protection, Elsevier, vol. 7(2), pages 71-85.
    2. Ronald Brisebois & Apollinaire Nadembega & Alain Abran, 2017. "Real Time Software Energy Consumption Measurement in the Context of Green Software," Collegium of Economic Analysis Annals, Warsaw School of Economics, Collegium of Economic Analysis, issue 43, pages 175-184.
    3. Sovacool, Benjamin K. & Kivimaa, Paula & Hielscher, Sabine & Jenkins, Kirsten, 2017. "Vulnerability and resistance in the United Kingdom's smart meter transition," Energy Policy, Elsevier, vol. 109(C), pages 767-781.
    4. Lim, Zhen-Wen & Goh, Kim-Leng, 2019. "Natural gas industry transformation in Peninsular Malaysia: The journey towards a liberalised market," Energy Policy, Elsevier, vol. 128(C), pages 197-211.
    5. Urrea, Claudio & Morales, Claudio & Kern, John, 2016. "Implementation of error detection and correction in the Modbus-RTU serial protocol," International Journal of Critical Infrastructure Protection, Elsevier, vol. 15(C), pages 27-37.
    6. Vosughi, Amirkhosro & Tamimi, Ali & King, Alexandra Beatrice & Majumder, Subir & Srivastava, Anurag K., 2022. "Cyber–physical vulnerability and resiliency analysis for DER integration: A review, challenges and research needs," Renewable and Sustainable Energy Reviews, Elsevier, vol. 168(C).
    7. Yadav, Geeta & Paul, Kolin, 2021. "Architecture and security of SCADA systems: A review," International Journal of Critical Infrastructure Protection, Elsevier, vol. 34(C).
    8. Ouyang, Min, 2014. "Review on modeling and simulation of interdependent critical infrastructure systems," Reliability Engineering and System Safety, Elsevier, vol. 121(C), pages 43-60.
    9. Sellevåg, Stig Rune, 2021. "Changes in inoperability for interdependent industry sectors in Norway from 2012 to 2017," International Journal of Critical Infrastructure Protection, Elsevier, vol. 32(C).
    10. Qianxiang Zhu & Yuanqing Qin & Yue Zhao & Zhou Chunjie, 2020. "A hierarchical colored Petri net–based cyberattacks response strategy making approach for critical infrastructures," International Journal of Distributed Sensor Networks, , vol. 16(1), pages 15501477198, January.
    11. Asad Hussain & Sunila Fatima Ahmad & Mishal Tanveer & Ansa Sameen Iqbal, 2022. "Computer Malware Classification, Factors, and Detection Techniques: A Systematic Literature Review (SLR)," International Journal of Innovations in Science & Technology, 50sea, vol. 4(3), pages 899-918, August.
    12. Alcaraz, Cristina & Zeadally, Sherali, 2015. "Critical infrastructure protection: Requirements and challenges for the 21st century," International Journal of Critical Infrastructure Protection, Elsevier, vol. 8(C), pages 53-66.
    13. Farsi, Hamed & Fanian, Ali & Taghiyarrenani, Zahra, 2019. "A novel online state-based anomaly detection system for process control networks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 27(C).
    14. Edward J. Oughton & Daniel Ralph & Raghav Pant & Eireann Leverett & Jennifer Copic & Scott Thacker & Rabia Dada & Simon Ruffle & Michelle Tuveson & Jim W Hall, 2019. "Stochastic Counterfactual Risk Analysis for the Vulnerability Assessment of Cyber‐Physical Attacks on Electricity Distribution Infrastructure Networks," Risk Analysis, John Wiley & Sons, vol. 39(9), pages 2012-2031, September.
    15. D. Thorleuchter & D. Van Den Poel, 2012. "Improved Multilevel Security with Latent Semantic Indexing," Working Papers of Faculty of Economics and Business Administration, Ghent University, Belgium 12/811, Ghent University, Faculty of Economics and Business Administration.
    16. Lombardi, Pio & Hänsch, Kathleen & Arendarski, Bartlomiej & Komarnicki, Przemyslaw, 2017. "Information and power terminals: A reliable microgrid infrastructure for use in disaster scenarios," International Journal of Critical Infrastructure Protection, Elsevier, vol. 19(C), pages 49-58.
    17. Wang, Shuliang & Zhang, Jianhua & Yue, Xin, 2018. "Multiple robustness assessment method for understanding structural and functional characteristics of the power network," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 510(C), pages 261-270.
    18. adepu, Sridhar & Mathur, Aditya, 2021. "SafeCI: Avoiding process anomalies in critical infrastructure," International Journal of Critical Infrastructure Protection, Elsevier, vol. 34(C).
    19. Erez, Noam & Wool, Avishai, 2015. "Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 10(C), pages 59-70.
    20. Andjelka Kelic & Zachary A. Collier & Christopher Brown & Walter E. Beyeler & Alexander V. Outkin & Vanessa N. Vargas & Mark A. Ehlen & Christopher Judson & Ali Zaidi & Billy Leung & Igor Linkov, 2013. "Decision framework for evaluating the macroeconomic risks and policy impacts of cyber attacks," Environment Systems and Decisions, Springer, vol. 33(4), pages 544-560, December.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijocip:v:9:y:2015:i:c:p:52-80. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-critical-infrastructure-protection .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.