Abstract
Industrial Control Systems (ICS) play an important role in the monitoring, control and automation of critical infrastructure such as water, gas, oil and electricity. Recent years have seen a number of high profile cyber attacks on such infrastructure exemplified by Stuxnet and the Ukrainian Power Grid attacks. This naturally begs the question: how should we manage cyber security risks in such infrastructure on which the day-to-day functioning of societies rely? What are the complexities of managing security in a landscape shaped by the often competing demands of a variety of stakeholders, e.g., managers, control engineers, enterprise IT personnel and field site operators? What are the challenges posed by the convergence of Internet of Things (IoT) and critical infrastructure through the so-called Industrial Internet of Things (IIoT)? In this paper, we discuss insights from a multi-year programme of research investigating these issues and the challenges to addressing them.
The author conducted the work while employed by the Bristol Cyber Security Group.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
References
Antrobus, R., Frey, S., Rashid, A., Green, B.: Simaticscan: towards a specialised vulnerability scanner for industrial control systems. In: 4th International Symposium for ICS & SCADA Cyber Security Research: ICS-CSR 2016, 23–25 August 2016, p. 2016. Queen’s Belfast University, UK (2016)
Antrobus, R., Green, B., Frey, S., Rashid, A.: The forgotten i in iiot: a vulnerability scanner for industrial internet of things. In: IET Conference on Living in the Internet of Things. IET (2019)
Schceider Electric. Security Notification - Modicon Controllers and SCADAPack (V3.0) (2019). https://www.schneider-electric.com/en/download/document/SEVD-2017-065-01/
Frey, S., Rashid, A., Anthonysamy, P., Pinto-Albuquerque, M., Naqvi, S.A.: The good, the bad and the ugly: a study of security decisions in a cyber-physical systems game. IEEE Trans. Software Eng. 45(5), 521–536 (2019)
Frey, S., Rashid, A., Zanutto, A., Busby, J.S., Follis, K.: On the role of latent design conditions in cyber-physical systems security. In: Proceedings of the 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems, SEsCPS@ICSE 2016, Austin, Texas, USA, May 14–22, 2016, pp. 43–46 (2016)
Gardiner, J., Craggs, B., Green, B., Rashid, A.: Oops I did it again: further adventures in the land of ICS security testbeds. In: ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC). ACM Press (2019)
Green, B., Krotofil, M., Abbasi, A.: On the significance of process comprehension for conducting targeted ICS attacks. In: ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC), Dallas, TX, USA, November 3, 2017, pp. 57–67 (2017)
McLaughlin, S., McDaniel, P.: Sabot: specification-based payload generation for programmable logic controllers. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 439–449. ACM, New York (2012)
Reason, J.: Managing the risks of organizational accidents. Ashgate (1997)
Acknowledgements
This work is funded by EPSRC Grant “Mumba: Multi-faceted Metrics for ICS Business Risk Analysis” (EP/M002780/1), part of the Research Institute on Trustworthy, Interconnected, Cyber-Physical Systems (RITICS) and Lloyds Register Foundation grant “Securing IoT in Critical National Infrastructure”, part of the UK Research Hub on Cyber Security of IoT (PETRAS). The work is also supported by Rashid’s Fellowship from the Alan Turing Institute.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Rashid, A., Gardiner, J., Green, B., Craggs, B. (2020). Everything Is Awesome! or Is It? Cyber Security Risks in Critical Infrastructure. In: Nadjm-Tehrani, S. (eds) Critical Information Infrastructures Security. CRITIS 2019. Lecture Notes in Computer Science(), vol 11777. Springer, Cham. https://doi.org/10.1007/978-3-030-37670-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-37670-3_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37669-7
Online ISBN: 978-3-030-37670-3
eBook Packages: Computer ScienceComputer Science (R0)