Skip to main content
SpringerLink
Log in
Book cover

International Conference on Critical Information Infrastructures Security

CRITIS 2019: Critical Information Infrastructures Security pp 3–17Cite as

Everything Is Awesome! or Is It? Cyber Security Risks in Critical Infrastructure

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11777))

Abstract

Industrial Control Systems (ICS) play an important role in the monitoring, control and automation of critical infrastructure such as water, gas, oil and electricity. Recent years have seen a number of high profile cyber attacks on such infrastructure exemplified by Stuxnet and the Ukrainian Power Grid attacks. This naturally begs the question: how should we manage cyber security risks in such infrastructure on which the day-to-day functioning of societies rely? What are the complexities of managing security in a landscape shaped by the often competing demands of a variety of stakeholders, e.g., managers, control engineers, enterprise IT personnel and field site operators? What are the challenges posed by the convergence of Internet of Things (IoT) and critical infrastructure through the so-called Industrial Internet of Things (IIoT)? In this paper, we discuss insights from a multi-year programme of research investigating these issues and the challenges to addressing them.

The author conducted the work while employed by the Bristol Cyber Security Group.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://www.decisions-disruptions.org.

  2. 2.

    https://www.gunt.de/en/products/process-engineering/water-treatment/multistage-water-treatment/water-treatment-plant-1/083.58100/ce581/glct-1:pa-148:ca-255:pr-57.

  3. 3.

    https://www.se.com/uk/en/product-range-presentation/61264-clearscada/.

  4. 4.

    https://www.kepware.com/en-us/.

  5. 5.

    https://www.ptc.com/en/products/iiot.

  6. 6.

    https://www.symantec.com/blogs/threat-intelligence/asus-supply-chain-attack.

  7. 7.

    https://github.com/meeas/plcscan.

References

  1. Antrobus, R., Frey, S., Rashid, A., Green, B.: Simaticscan: towards a specialised vulnerability scanner for industrial control systems. In: 4th International Symposium for ICS & SCADA Cyber Security Research: ICS-CSR 2016, 23–25 August 2016, p. 2016. Queen’s Belfast University, UK (2016)

    Google Scholar 

  2. Antrobus, R., Green, B., Frey, S., Rashid, A.: The forgotten i in iiot: a vulnerability scanner for industrial internet of things. In: IET Conference on Living in the Internet of Things. IET (2019)

    Google Scholar 

  3. Schceider Electric. Security Notification - Modicon Controllers and SCADAPack (V3.0) (2019). https://www.schneider-electric.com/en/download/document/SEVD-2017-065-01/

  4. Frey, S., Rashid, A., Anthonysamy, P., Pinto-Albuquerque, M., Naqvi, S.A.: The good, the bad and the ugly: a study of security decisions in a cyber-physical systems game. IEEE Trans. Software Eng. 45(5), 521–536 (2019)

    Article  Google Scholar 

  5. Frey, S., Rashid, A., Zanutto, A., Busby, J.S., Follis, K.: On the role of latent design conditions in cyber-physical systems security. In: Proceedings of the 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems, SEsCPS@ICSE 2016, Austin, Texas, USA, May 14–22, 2016, pp. 43–46 (2016)

    Google Scholar 

  6. Gardiner, J., Craggs, B., Green, B., Rashid, A.: Oops I did it again: further adventures in the land of ICS security testbeds. In: ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC). ACM Press (2019)

    Google Scholar 

  7. Green, B., Krotofil, M., Abbasi, A.: On the significance of process comprehension for conducting targeted ICS attacks. In: ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC), Dallas, TX, USA, November 3, 2017, pp. 57–67 (2017)

    Google Scholar 

  8. McLaughlin, S., McDaniel, P.: Sabot: specification-based payload generation for programmable logic controllers. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 439–449. ACM, New York (2012)

    Google Scholar 

  9. Reason, J.: Managing the risks of organizational accidents. Ashgate (1997)

    Google Scholar 

Download references

Acknowledgements

This work is funded by EPSRC Grant “Mumba: Multi-faceted Metrics for ICS Business Risk Analysis” (EP/M002780/1), part of the Research Institute on Trustworthy, Interconnected, Cyber-Physical Systems (RITICS) and Lloyds Register Foundation grant “Securing IoT in Critical National Infrastructure”, part of the UK Research Hub on Cyber Security of IoT (PETRAS). The work is also supported by Rashid’s Fellowship from the Alan Turing Institute.

Author information

Authors and Affiliations

  1. Bristol Cyber Security Group, University of Bristol, Bristol, UK

    Awais Rashid, Joseph Gardiner & Barnaby Craggs

  2. Security Lancaster Institute, Lancaster University, Lancaster, UK

    Benjamin Green

Authors
  1. Awais Rashid
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joseph Gardiner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Benjamin Green
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Barnaby Craggs
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Awais Rashid .

Editor information

Editors and Affiliations

  1. Linköping University, Linköping, Sweden

    Simin Nadjm-Tehrani

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rashid, A., Gardiner, J., Green, B., Craggs, B. (2020). Everything Is Awesome! or Is It? Cyber Security Risks in Critical Infrastructure. In: Nadjm-Tehrani, S. (eds) Critical Information Infrastructures Security. CRITIS 2019. Lecture Notes in Computer Science(), vol 11777. Springer, Cham. https://doi.org/10.1007/978-3-030-37670-3_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-37670-3_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-37669-7

  • Online ISBN: 978-3-030-37670-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation