A survey of cyber security management in industrial control systems

被引：183

作者：

Knowles, William ^{[1
]}

Prince, Daniel ^{[1
]}

Hutchison, David ^{[1
]}

Disso, Jules Ferdinand Pagna ^{[2
]}

Jones, Kevin ^{[2
]}

机构：

[1] Univ Lancaster, Sch Comp & Commun, Secur Lancaster, Lancaster LA1 4WA, England

[2] Airbus Grp Innovat, Newport NP10 8FZ, Gwent, Wales

来源：

INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION | 2015年 / 9卷

基金：

英国工程与自然科学研究理事会;

关键词：

Industrial control systems; SCADA systems; Risk assessment; Risk management; Security metrics; Risk metrics; VULNERABILITY ASSESSMENT; COMMUNICATION-NETWORKS; INFORMATION SECURITY; RISK-ASSESSMENT; SCADA SECURITY; FRAMEWORK; CYBERSECURITY; METHODOLOGY; TAXONOMY; ATTACKS;

D O I：

10.1016/j.ijcip.2015.02.002

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Contemporary industrial control systems no longer operate in isolation, but use other networks (e.g., corporate networks and the Internet) to facilitate and improve business processes. The consequence of this development is the increased exposure to cyber threats. This paper surveys the latest methodologies and research for measuring and managing this risk. A dearth of industrial-control-system-specific security metrics has been identified as a barrier to implementing these methodologies. Consequently, an agenda for future research on industrial control system security metrics is outlined. The "functional assurance" concept is also introduced to deal with fail-safe and fail-secure industrial control system operations. (C) 2015 Published by Elsevier B.V.

引用

页码：52 / 80

页数：29

共 229 条

[1]

Afzaal M., 2012, 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering (HASE 2012), P48, DOI 10.1109/HASE.2012.9

[2]

Alcaraz Cristina, 2012, Critical Infrastructure Protection. Information Infrastructure Models, Analysis, and Defense: LNCS 7130, P120, DOI 10.1007/978-3-642-28920-0_7

[3] Analysis of requirements for critical control systems [J].

Alcaraz, Cristina ;

Lopez, Javier .

INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION, 2012, 5 (3-4) :137-145

[4]

American Chemistry Council, 2006, GUID ADDR CYB SEC CH

[5]

American Gas Association, 2006, CRYPT PROT SCADA C 1

[6]

American Petroleum Institute, 2009, 1164 API

[7]

American Petroleum Institute, 2005, SEC GUID PETR IND

[8]

American Petroleum Institute (API) National Petrochemical and Refinery Association (NPRA), 2003, SEC VULN ASS METH PE

[9] In Quest of Benchmarking Security Risks to Cyber-Physical Systems [J].

Amin, Saurabh ;

Schwartz, Galina A. ;

Hussain, Alefiya .

IEEE NETWORK, 2013, 27 (01) :19-24

[10]

[Anonymous], 2009, 6244311 IEC

← 1 2 3 4 5 6 7 8 9 10 →