Advertisement

The Problem of Selecting APCS’ Information Security Tools

  • Andrew S. RimshaEmail author
  • Konstantin S. Rimsha
Chapter
Part of the Studies in Systems, Decision and Control book series (SSDC, volume 260)

Abstract

This article discusses the problem of selecting information security tools for one of the varieties of cyber-physical systems—automated process control systems. The study of several classes of solutions was conducted, considering their application in automated systems. Based on the formed criteria, a comparison was made; as a result, a tool was determined according to its characteristics that most met the criteria. Requirements were formed for popular existing solutions of this class, considering the specific features of providing information security systems for automated process control systems. None of the solutions fully met the specified requirements, therefore, a methodology was proposed that would solve this problem.

Keywords

Cyber-physical systems Automated process control systems Threat modeling tools Risk assessment 

References

  1. 1.
    Zegzhda, D., Poltavtseva, M., Lavrova, D.: Systematization and security assessment of cyber-physical systems. Autom. Control Comput. Sci. 51(8), 835–843 (2017).  https://doi.org/10.3103/S0146411617080272CrossRefGoogle Scholar
  2. 2.
    Alguliyev, R., Imamverdiyev, Y., Sukhostat, L.: Cyber-physical systems and their security issues. Comput. Ind. 100, 212–223 (2018).  https://doi.org/10.1016/j.compind.2018.04.017CrossRefGoogle Scholar
  3. 3.
    Zegzhda, D., Stepanova, T.: Approach to APCS protection from cyber threats. Autom. Control Comput. Sci. 49(8), 659–664 (2015).  https://doi.org/10.3103/S0146411615080179CrossRefGoogle Scholar
  4. 4.
    Huang, S., Zhou, C.J., Yang, S.H., Qin, Y.Q.: Cyber-physical system security for networked industrial processes. Int. J. Autom. Comput. 12(6), 567–578.  https://doi.org/10.1007/s11633-015-0923-9 (2015)
  5. 5.
    Okhravi, H., Sheldon, F., Haines, J.: Data diodes in support of trustworthy cyber infrastructure and net-centric cyber decision support. In: Pappu, V., Carvalho, M., Pardalos, P. (eds.) Optimization and Security Challenges in Smart Power Grids. Energy Systems. Springer, Berlin, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38134-8_10
  6. 6.
    Oman, P., Phillips, M.: Intrusion detection and event monitoring in SCADA networks. In: Goetz, E., Shenoi, S. (eds.) Critical Infrastructure Protection. ICCIP 2007. IFIP International Federation for Information Processing, vol. 253. Springer, Boston, MA (2008).  https://doi.org/10.1007/978-0-387-75462-8_12
  7. 7.
    Parry, J., Hunter, D., Radke, K., Fidge, C.: A network forensics tool for precise data packet capture and replay in cyber-physical systems. In: Proceedings of the Australasian Computer Science Week Multiconference, No. 22 (2016).  https://doi.org/10.1145/2843043.2843047
  8. 8.
    Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Enhancing SIEM technology to protect critical infrastructures. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds.) Critical Information Infrastructures Security. Lecture Notes in Computer Science, vol. 7722. Springer, Berlin, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-41485-5_2
  9. 9.
    Samtani, S., Yu, S., Zhu, H., Patton, M., Chen, H.: Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques. In: IEEE Conference on Intelligence and Security Informatics (ISI), pp. 25–30 (2016).  https://doi.org/10.1109/ISI.2016.7745438
  10. 10.
    Paté‐Cornell, M.E., Kuypers, M., Smith, M., Keller, P.: Cyber risk management for critical infrastructure: a risk analysis model and three case studies. Risk Anal. 38(2), 226–241 (2017).  https://doi.org/10.1111/risa.12844
  11. 11.
    Kerzhner, A.A., Tan, K., Fosse, E.: Analyzing cyber security threats on cyber-physical systems using Model-Based Systems Engineering. In: AIAA SPACE 2015 Conference and Exposition (2015).  https://doi.org/10.2514/6.2015-4575
  12. 12.
    Al-Mohannadi, H., Mirza, Q., Namanya, A., Awan, I., Cullen, A., Disso, J., Cyber-attack modeling analysis techniques: an overview. In: 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), pp. 69–76 (2016).  https://doi.org/10.1109/W-FiCloud.2016.29
  13. 13.
    Yang, Y., Lu, J., Choo, K.K.R., Liu, J.K.: On lightweight security enforcement in cyber-physical systems. In: Güneysu, T., Leander, G., Moradi, A. (eds.) Lightweight Cryptography for Security and Privacy. LightSec 2015. Lecture Notes in Computer Science, vol. 9542. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-29078-2_6
  14. 14.
    Xie, F., Peng, Y., Zhao, W., Gao, Y., Han, X.: Evaluating industrial control devices security: standards, technologies and challenges. In: Saeed, K., Snášel, V. (eds.) Computer Information Systems and Industrial Management. CISIM 2015. Lecture Notes in Computer Science, vol. 8838. Springer, Berlin, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45237-0_57
  15. 15.
    Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., Stoddart, K.: A review of cyber security risk assessment methods for SCADA systems. Comput. Secur. 56, 1–27 (2016).  https://doi.org/10.1016/j.cose.2015.09.009CrossRefGoogle Scholar
  16. 16.
    Kalashnikov, A., Sakrutina, E.: The model of evaluating the risk potential for critical infrastructure plants of nuclear power plants. In: Eleventh International Conference “Management of Largescale System Development”, Moscow (2018).  https://doi.org/10.1109/MLSD.2018.8551910
  17. 17.
    Singhal, A., Ou, X.: Security risk analysis of enterprise networks using probabilistic attack graphs. In: Network Security Metrics. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66505-4_3
  18. 18.
    Rimsha, A., Zakharov, A.: Method for risk assessment of industrial networks’ information security of gas producing enterprise. In: Global Smart Industry Conference (GloSIC), Chelyabinsk (2018).  https://doi.org/10.1109/GloSIC.2018.8570079
  19. 19.
    Sadeghi, A., Wachsmann, C., Waidner, M.: Security and privacy challenges in industrial internet of things. In: 2015, 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 1-6 (2015).  https://doi.org/10.1145/2744769.2747942
  20. 20.
    Doynikova, E., Chechulin, A., Kotenko, I.: Analytical at-tack modeling and security assessment based on the common vulnerability scoring system. In: 20th Conference of Open Innovations Association (FRUCT), St. Petersburg, pp. 53–61 (2017).  https://doi.org/10.23919/FRUCT.2017.8071292
  21. 21.
    McCormac, A., Zwaans, T., Parsons, K., Calic, D., Bu-tavicius, M., Pattinson, M.: Individual differences and information security awareness. Comput. Hum. Behav. 69, 151–156 (2017).  https://doi.org/10.1016/j.chb.2016.11.065CrossRefGoogle Scholar
  22. 22.
    Colombo, A.W., Karnouskos, S., Bangemann, T.: Towards the next generation of industrial cyber-physical systems. In: Colombo, A., et al. (eds.) Industrial Cloud-Based Cyber-Physical Systems. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-05624-1_1

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Tyumen State UniversityTyumenRussia

Personalised recommendations