Cyber Security Risk Assessment Method for SCADA of Industrial Control Systems

Poletykin, Alexey

doi:10.1109/rusautocon.2018.8501811

Cited by 17 publications

(4 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Examples include ADAMANT [26], an information security management system compliant with ISO standards; LISRA [27], a risk assessment framework simplifying the construction of attack scenarios in specific domains; and CSCCRA [28], a risk assessment methodology designed for evaluating risks in dynamic cloud environments with multiple service providers. Some research contributions, like [29], have even suggested integrating the safety of cyber-physical devices into existing risk management frameworks based on ISO standards. Others, such as [30], have proposed layered cyber risk management frameworks tailored to the unique challenges of the Internet of Things.…”

Section: Cyber Risk Managementmentioning

confidence: 99%

An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure

El Amin,

Samhat,

Chamoun

et al. 2024

JCP

View full text Add to dashboard Cite

Emerging cyber threats’ sophistication, impact, and complexity rapidly evolve, confronting organizations with demanding challenges. This severe escalation requires a deeper understanding of adversary dynamics to develop enhanced defensive strategies and capabilities. Cyber threat actors’ advanced techniques necessitate a proactive approach to managing organizations’ risks and safeguarding cyberspace. Cyber risk management is one of the most efficient measures to anticipate cyber threats. However, it often relies on organizations’ contexts and overlooks adversaries, their motives, capabilities, and tactics. A new cyber risk management framework incorporating emergent information about the dynamic threat landscape is needed to overcome these limitations and bridge the knowledge gap between adversaries and security practitioners. Such information is the product of a cyber threat intelligence process that proactively delivers knowledge about cyber threats to inform decision-making and strengthen defenses. In this paper, we overview risk management and threat intelligence frameworks. Then, we highlight the necessity of integrating cyber threat intelligence and assessment in cyber risk management. After that, we propose a novel risk management framework with integrated threat intelligence on top of EBIOS Risk Manager. Finally, we apply the proposed framework in the scope of a national telecommunications organization.

show abstract

Section: Cyber Risk Managementmentioning

confidence: 99%

An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure

El Amin,

Samhat,

Chamoun

et al. 2024

JCP

View full text Add to dashboard Cite

show abstract

“…The security gaps assessment provides organizations with a baseline along with strategic roadmap of short-term and long-term milestones. It also provides a plan of action to reach the security maturity level by implementation of security goals (Poletykin, 2018). The security gap analysis process comprises of determining, documenting and obtaining executive management recognition of the discrepancy between the requirements baselined in the regulation standard or the standard against which the assessment is carried out and the organizations current security maturity level.…”

Section: Security Gaps Assessmentmentioning

confidence: 99%

Security gaps assessment of smart grid based SCADA systems

Mir

Ramachandran

2019

ICS

View full text Add to dashboard Cite

Purpose Supervisory control and data acquisition (SCADA) systems security is of paramount importance, and there should be a holistic approach to it, as any gap in the security will lead to critical national-level disaster. The purpose of this paper is to present the case study of security gaps assessment of SCADA systems of electricity utility company in the Sultanate of Oman against the regulatory standard and security baseline requirements published by the Authority for Electricity Regulation (AER), Government of Sultanate of Oman. Design/methodology/approach The security gaps assessment presented in this paper are based on the security baseline requirements that include core areas, controls for each core area and requirements for each control. Findings The paper provides the security gaps assessment summary of SCADA systems of electricity utility company. Practical implications The summary of threats and vulnerabilities presented will help stakeholders to be proactive rather than reactive in the event of any attack. Originality/value This case study discusses the various security challenges in smart grid based on SCADA systems and provides the summary of challenges and recommendations to overcome the same.

show abstract

“…In addition to these studies, Alexey et al (2018) proposed a cyber security formula-based risk evaluation method for critical national infrastructure (CNI) plants, where they considered not only information protection but also all available safety, security, and reliability controls. They employed cyber threat sources (I), barriers (B), and vulnerabilities (Vt) in the formula, which had the ability to compare the maximum and current levels specified in the cyber security policy [27].…”

Section: Introductionmentioning

confidence: 99%

Cyber Security Controls in Nuclear Power Plant by Technical Assessment Methodology

et al. 2023

View full text Add to dashboard Cite

With the rapid increase in cyber attacks on industrial control systems, the significance of the application of cyber security controls and the evaluation of security against such attacks has also increased. Among them, cyber attacks on nuclear power plants (NPPs) can cause not only economic loss, but also human casualties. Thus, the application of cyber security controls is necessary for mitigating security threats, especially to NPPs. However, currently, there are limited resources pertaining to information protection, which is essential to uniformly deploy all the controls required to meet cyber security regulations. To overcome this challenge, effective cyber security controls need to be identified and adequate information protection resources must be allocated to each NPP. Although NPPs apply a differential security control according to its characteristics based on NEI 13-10 (Cyber Security Control Assessments), this alone is not only insufficient in reflecting the latest security threats, but also fails to confirm whether the security controls have actually mitigated such threats. To address this challenge, the Electric Power Research Institute (ETRI) developed the technical assessment methodology (TAM), which can be used to generate a quantitative score by assessing the effects of potential cyber attacks on an asset and the relevant security controls. This methodology allows for the application of differential security control based on the score to identify whether the security controls have actually mitigated the risks. Considering this context, the purpose of this paper is to conduct a comparative analysis of the results derived from applying security controls and assessing risks using only NEI 13-10 as well as both NEI 13-10 and TAM on the plant protection system of the nuclear power reactor APR1400. Furthermore, this paper discusses the scopes for subsequent research by addressing the limitations of the TAM and considerations for its use.

show abstract

Cyber Security Risk Assessment Method for SCADA of Industrial Control Systems

Cited by 17 publications

References 4 publications

An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure

An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure

Security gaps assessment of smart grid based SCADA systems

Cyber Security Controls in Nuclear Power Plant by Technical Assessment Methodology

Contact Info

Product

Resources

About