A review of security assessment methodologies in industrial control systems

Qassim, Qais Saif; Jamil, Norziana; Daud, Maslina; Patel, Ahmed; Ja’affar, Norhamadi

doi:10.1108/ics-04-2018-0048

Cited by 36 publications

(12 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Several research works have analyzed and assessed the vulnerabilities of SCADA communication protocols [52], [53], [54], [55], [56]. Table IV summarizes several protocol shortcomings that make it vulnerable to cyber threats.…”

Section: B Security Objectives and Vulnerabilitiesmentioning

confidence: 99%

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

Pliatsios

Sarigiannidis

Λάγκας

et al. 2020

IEEE Commun. Surv. Tutorials

201

View full text Add to dashboard Cite

Supervisory Control and Data Acquisition (SCADA) systems are the underlying monitoring and control components of critical infrastructures, such as power, telecommunication, transportation, pipelines, chemicals and manufacturing plants. Legacy SCADA systems operated on isolated networks, that made them less exposed to Internet threats. However, the increasing connection of SCADA systems to the Internet, as well as corporate networks, introduces severe security issues. Security considerations for SCADA systems are gaining higher attention, as the number of security incidents against these critical infrastructures is increasing. In this survey, we provide an overview of the general SCADA architecture, along with a detailed description of the SCADA communication protocols. Additionally, we discuss certain high-impact security incidents, objectives, and threats. Furthermore, we carry out an extensive review of the security proposals and tactics that aim to secure SCADA systems. We also discuss the state of SCADA system security. Finally, we present the current research trends and future advancements of SCADA security.

show abstract

Section: B Security Objectives and Vulnerabilitiesmentioning

confidence: 99%

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

Pliatsios

Sarigiannidis

Λάγκας

et al. 2020

IEEE Commun. Surv. Tutorials

201

View full text Add to dashboard Cite

show abstract

“…The guarantee of availability, confidentiality and integrality of this technology in the electricity industry depends on a structured IS governance (Qassim et al, 2019). Moreover, the risks faced in environments with critical infrastructure, like transport, electricity and telecommunications, have cyber attacks as main threat (Kure et al, 2018).…”

Section: Information Security Governance In the Electricity Industrymentioning

confidence: 99%

Information security governance in the electricity industry

Oliveira

Méxas

Machado

et al. 2021

BJO&PM

View full text Add to dashboard Cite

Goal: This study aims to assess the importance and use of Information Security (IS) governance in the electricity industry and other segments, in order to propose IS governance guidelines for this industry.Design / Methodology / Approach: Literature review was made of scientific articles, frameworks and norms that supported the field research applied to managers, coordinators and experts from IS area, totaling 104 respondents from different countries. The data collected were analyzed by comparing the degree of importance with the use, and also by means of cross-analysis.Results: It was observed that most respondents agree with the importance of the themes approached, however, in practice, these concepts are not always used by the organization. Besides, it was observed that when security is directly responding for the high level of the organization, the maturity level is between optimized and managed. However, where security is subordinated to the technology area, the level appears with higher percentage, as repeatable. Limitations of the investigation:The sample size is a limiting factor as it was conditioned to questionnaire responses sent to IS experts through electronic means and social networks and it is not possible to generalize as the population size is not known. Practical implications:To assist the electricity industry in taking measures turned to IS governance, and, with that, increase consumer protection with regard to their classified data and the company's reliability in power supply.Originality / Value: The present research originality lies in the proposal of 10 IS governance guidelines obtained from the literature review and the field research applied to IS experts, aiming to raise, more and more, its level of maturity.

show abstract

“…Hibridni metodi kombinuju prethodno opisane pristupe, na primer, stručnu procenu sa nekim od kvantitativnih metoda [13], [14]. Sistematičan pregled metoda za procenu bezbednosnog rizika u ICS sistemima koji koriste tradicionalne Internet tehnologije može se pronaći u [15] i [16].…”

Section: Slika 1 Ilustracija Procesa Procene Bezbednosnog Rizika U Icsunclassified

Dinamička Procena Bezbednosnog Rizika U Industrijskim Iot Sistemima

Stojanović¹,

Marković-Petrović²

2021

Zbornik Radova Trideset Devetog Simpozijuma O Novim Tehnologijama U Poštanskom I Telekomunikacionom Saobraćaju – Postel 2021

View full text Add to dashboard Cite

Predmet ovog rada je dinamička procena bezbednosnog rizika u IIoT (Industrial Internet of Things) sistemima. Prikazane su klasifikacije sajber napada na IIoT sisteme, a zatim su opisani principi procene bezbednosnog rizika u industrijskim sistemima daljinskog upravljanja. Sledi prikaz modela i metoda dinamičke procene bezbednosnog rizika u industrijskim IoT sistemima, sa naglaskom na primenljivost metoda mašinskog učenja za tu svrhu.

show abstract

A review of security assessment methodologies in industrial control systems

Cited by 36 publications

References 27 publications

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

Information security governance in the electricity industry

Dinamička Procena Bezbednosnog Rizika U Industrijskim Iot Sistemima

Contact Info

Product

Resources

About