Cyber Security and Resilience of Industrial Control Systems and Critical Infrastructures

Bologna, Sandro; Fasani, Alessandro; Martellini, Maurizio

doi:10.1007/978-3-319-02279-6_6

Sandro Bologna¹⁵,
Alessandro Fasani¹⁶ &
Maurizio Martellini¹⁶

Part of the book series: SpringerBriefs in Computer Science ((BRIEFSCOMPUTER))

2908 Accesses
5 Citations

Abstract

“Cyber Security And Resilience Of Industrial Control Systems And Critical Infrastructures”, written by Maurizio Martellini, Sandro Bologna and Alessandro Fasani, it’s a natural follow-up of the previous paper and describes what Industrial Control Systems are, provides an analysis on what are the main vulnerabilities affecting ICS and describes the principal methodologies for attacking them. Then, the paper defines what measures could be taken in order to make ICS and Critical Infrastructures resilient. The document ends outlining what international measures are being taken in order to protect critical infrastructure and their systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Bibliography

B. Abolghasem, IAEA Report: The growing resilience of Iran’s nuclear program (Foreign Policy J., 2012), http://www.foreignpolicyjournal.com/2012/02/27/iaea-report-the-growing-resilience-of-irans-nuclear-program/. Accessed 5 May 2013
M. Ahlers, Inside a government computer attack exercise (CNN, 2011), http://edition.cnn.com/2011/10/17/tech/innovation/cyberattack-exercise-idaho/index.html. Accessed 5 May 2013
A. Klimburg (ed.), National cyber security framework manual (NATO CCD COE publication, 2012), http://www.ccdcoe.org/publications/books/NationalCyberSecurityFrameworkManual.pdf. Accessed 5 May 2013
C. Ashton, Press conference on the launch of the EU’s cyber security strategy (2013), http://www.consilium.europa.eu/uedocs/cms_Data/docs/pressdata/EN/foraff/135287.pdf. Accessed 5 May 2013
C. Malmström, Stepping up the fight against cybercriminals to secure a free and open internet (Press conference on the launch of the EU’s cyber security strategy, 2013), http://europa.eu/rapid/press-release_SPEECH-13-105_en.htm. Accessed 5 May 2013
G. Chazan, Cyber saboteurs stalk the oil industry (Financial Times, 2013), http://www.ft.com/cms/s/0/989aa68c-692e-11e2-b254-00144feab49a.html#axzz2Y5HyNmEC. Accessed 5 May 2013
European Commission, Proposal for a regulation of the European parliament and of the council establishing horizon 2020—The framework programme for research and innovation (2014–2020) (European Commission, 2011), http://ec.europa.eu/research/horizon2020/pdf/proposals/com(2011)_809_final.pdf. Accessed on 5 May 2013
European Commission, Cybersecurity strategy of the European Union: an open, safe and secure cyberspace (Euopean Commission, 2013), http://ec.europa.eu/dgs/home-affairs/e-library/documents/policies/organized-crime-and-human-trafficking/cybercrime/docs/join_2013_1_en.pdf. Accessed 5 May 2013
D. Goldman, Hacker hits on U.S. power and nuclear targets spiked in 2012 (CNN, 2013), http://money.cnn.com/2013/01/09/technology/security/infrastructure-cyberattacks/index.html. Accessed 5 May 2013
G. Gritsai et al., Scada safety in numbers. Positive technologies ed. (2013), http://www.ptsecurity.com/download/SCADA_analytics_english.pdf. Accessed 5 May 2013
Idaho National Laboratories, Vulnerability analysis of energy delivery control systems (US DOE publication, 2011), http://energy.gov/sites/prod/files/Vulnerability%20Analysis%20of%20Energy%20Delivery%20Control%20Systems%202011.pdf. Accessed 5 May 2013
N. Kroes, Using cybersecurity to promote European values. Press conference on the launch of the EU’s cyber security strategy (2013), http://europa.eu/rapid/press-release_SPEECH-13-104_en.htm. Accessed May 5 2013
NERC, Cyber attack task force final report (NERC, 2012), http://www.nerc.com/docs/cip/catf/12-CATF_Final_Report_BOT_clean_Mar_26_2012-Board%20Accepted%200521.pdf. Accessed 5 May 2013
Newsroom, Iran ‘fends off new Stuxnet cyber attack (BBC, 2012), http://www.bbc.co.uk/news/world-middle-east-20842113. Accessed 5 May 2013
B. Obama, Improving critical infrastructure cybersecurity—executive order (White House press office, 2013), http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity. Accessed 5 May 2013
P. Paganini, The importance of security requirements in design of SCADA systems (PenTest auditing and standards, 2012:06)
Google Scholar
D. Sanger, Obama order sped up wave of cyberattacks against Iran (The New York Times, 2012), http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all&_r=0. Accessed 5 May 2013
SHODAN Search Engine (2009), http://www.shodanhq.com/. Accessed 5 May 2013
US Department of Homeland Security: Common cybersecurity vulnerabilities in industrial control systems (2011), http://ics-cert.us-cert.gov/sites/default/files/DHS_Common_Cybersecurity_Vulnerabilities_ICS_2010.pdf. Accessed 5 May 2013
US Department of Homeland Security: ICS–CERT incident response summary report 2009–2011 (2011), http://scadahacker.com/library/Documents/ICS_Events/ICS-CERT%20Incident%20Response%20Summary%20Report.pdf. Accessed 5 May 2013
US Department of Homeland Security: ICS–CERT monthly monitor Oct–Dec 2012 (2011), http://ics-cert.us-cert.gov/pdf/ICS-CERT_Monthly_Monitor_Oct-Dec2012.pdf. Accessed 5 May 2013
US National Communication Systems: Technical information bulletin 04-1, supervisory control and data acquisition (SCADA) systems (2004), http://www.ncs.gov/library/tech_bulletins/2004/tib_04-1.pdf. Accessed 5 May 2013
N. Weinstein, Stuxnet attacks Iran again, reports say (CNET, 2012), http://news.cnet.com/8301-1009_3-57560799-83/stuxnet-attacks-iran-again-reports-say/. Accessed 5 May 2013
J. Weiss, Assuring industrial control system (ICS) cyber security. CSIS ed. (2008), http://csis.org/files/media/csis/pubs/080825_cyber.pdf. Accessed 5 May 2013
K. Zetter, Vulnerability lets hackers control building locks, electricity, elevators and more (Wired US, 2013), http://www.wired.com/threatlevel/2013/02/tridium-niagara-zero-day/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%253A+wired27b+%2528Wired%253A+Blog+-+Threat+Level%2529. Accessed on 5 May 2013

Download references

Author information

Authors and Affiliations

IWG and Italian Association of Critical Infrastructures’ Experts, Rome, Italy
Sandro Bologna
IWG and Landau Network—Centro Volta, Como, Italy
Alessandro Fasani & Maurizio Martellini

Authors

Sandro Bologna
View author publications
You can also search for this author in PubMed Google Scholar
Alessandro Fasani
View author publications
You can also search for this author in PubMed Google Scholar
Maurizio Martellini
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sandro Bologna .

Editor information

Editors and Affiliations

Landau Network Centro Volta / ICIS, Como, Italy
Maurizio Martellini

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Bologna, S., Fasani, A., Martellini, M. (2013). Cyber Security and Resilience of Industrial Control Systems and Critical Infrastructures. In: Martellini, M. (eds) Cyber Security. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-02279-6_6

Download citation

DOI: https://doi.org/10.1007/978-3-319-02279-6_6
Published: 05 October 2013
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-02278-9
Online ISBN: 978-3-319-02279-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics