Yuitaka Ota scite author profile

Many companies, especially those that own critical infrastructure (CI), must prepare processes to cope with serious incidents before they happen. Conventional safety countermeasures already developed a priori to deal with expected problems, such as machinery malfunction, natural disasters and human errors. Field operators also are well trained against such problems. In recent years, however, cyberattacks have emerged as a 'clear and present danger' and have rendered CI uncertain and unsafe through industrial control systems (ICSs). Thus, CI owners should now prepare countermeasures to ensure the safety and security of ICSs. Unfortunately, responding to situations without experience and developing adequate countermeasures is a difficult challenge. A certain resilience must be developed that gives the actors the ability to flexibly cope with a crisis and quickly recover to a safer state. In CI systems, field operators are the most important element for dynamically managing ICS emergency response.In this paper, the authors would like to discuss the following two problems:1. Simultaneous achievement framework of safety and security in ICSs 2. Personnel training methodology based on the above framework Also, we present an illustrative example of the proposed framework and methods based on exercises in which almost 200 CI personnel and security experts participated.

show abstract

Cyber Incident Exercise Admitting Inter-Organization for Critical Infrastructure Companies

Tsuchiya

Ota

Takayama

et al. 2018

View full text Add to dashboard Cite

Development of a Hybrid Exercise for Organizational Cyber Resilience

Ota

MIZUNO

WATARAI

et al. 2021

View full text Add to dashboard Cite

In recent years, COTS (commercial off the shelf, such as Windows OS, Intel PC, and open source applications) have been proposed to reduce the cost of deploying operational technology (OT) systems. Also, DX efforts are being made to shift from physical operation to virtual operation by using virtualization with IoT, AI, and cloud servers. Current ransomwares, therefore, infect without distinguishing between IT systems and OT systems. For example, in May 2021, the Colonial Pipeline Company, a major oil pipeline company in the United States, was infected with ransomware and shut down its pipeline operation. As a countermeasure against cyberattacks, many companies focus on creating a less vulnerable environment. However, attackers exist worldwide, and they are constantly searching for new attack surfaces and developing new attack methods. It is also difficult for defenders to prevent all attacks, no matter what measures they take. Therefore, companies need to educate employees to ensure the safety of their factories in the event of a cyberattack. The authors developed a series of table-top BCP (business continuity plan) exercises to acquire the meta-knowledge necessary to respond to cyberattacks targeting the OT system for the above reasons. However, we found that the learning effect of these exercises depended on how the participants imagined cyberattacks. Therefore, in this paper, we propose a hybrid learning system that combines cyberattack simulations and table-top BCP exercises to increase the cyber resilience of participants.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yuitaka Ota

Design and Operation Framework for Industrial Control System Security Exercise

Designing Framework for Tabletop Exercise to Promote Resilience Against Cyber Attacks

Cyber incident exercise for safety protection in critical infrastructure

Cyber Incident Exercise Admitting Inter-Organization for Critical Infrastructure Companies

Development of a Hybrid Exercise for Organizational Cyber Resilience

Contact Info

Product

Resources

About