Abstract
Our society and its citizens increasingly depend on the undisturbed functioning of critical infrastructures (CI), their products and services. Many of the CI services as well as other organizations use Industrial Control Systems (ICS) to monitor and control their mission-critical processes. Therefore, it is crucial that the functioning of ICS is well protected inter alia against cyber threats. The cyber threat areas to ICS comprise the lack of proper governance as well as cyber security aspects related to organizational, system and network management, technology and technical issues. Moreover, newer functionality entering organizations is often controlled by embedded ICS which hide itself from those that are responsible for cyber security. The immature cyber security posture of ICS and their connectivity with public networks pose a major risk to society. This article explores the threats, provide some examples of cyber incidents with ICS, and will discuss the ICS security challenges to our societies.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bruce, R., Dynes, S., Brechbuhl, H., Brown, B., Goetz, E., Verhoest, P., Luiijf, E., Helmus, S.: International Policy Framework for Protecting Critical Information Infrastructure: A Discussion Paper Outlining Key Policy Issues, TNO report 33680, TNO, The Netherlands and Tuck School of Business/Center for Digital Strategies at Dartmouth, USA (2005). http://www.ists.dartmouth.edu/library/158.pdf
CIPediaMain Page. http://www.cipedia.eu
EC: European Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection, OJ 2008 L 345/77, Brussels, Belgium (2008). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF
EC: Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions - Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace, Brussels, Belgium (2013). http://ec.europa.eu/dgs/home-affairs/e-library/documents/policies/organized-crime-and-human-trafficking/cybercrime/docs/join_2013_1_en.pdf
ICS-CERT. https://ics-cert.us-cert.gov
Luiijf, E.: Why are we so unconsciously insecure? Int. J. Crit. Infrastruct. Prot. 6(3–4), 179–181 (2013). doi:10.1016/j.ijcip.2013.10.003. http://www.sciencedirect.com/science/article/pii/S1874548213000486
Luiijf, E., Kernkamp, A.: Sharing Cyber Security Information. TNO, The Hague (2015). http://www.tno.nl/info-share
Luiijf, E., te Paske, B.J.: Cyber Security of Industrial Control Systems. TNO, The Hague (2015). http://www.tno.nl/ICS-security
Lüders, S.: Control Systems under attack? In: 10th ICALEPCS Int. Conf. on Accelerator and Large Expt. Physics Control Systems, CERN, Geneva (2005). https://accelconf.web.cern.ch/accelconf/ica05/proceedings/pdf/O5_008.pdf
Oosterink, M.: Security of legacy process control systems: moving towards secure process control systems (whitepaper). CPNI.NL, The Hague, Netherlands (2012). http://publications.tno.nl/publication/102819/5psRPC/oosterlink-2012-security.pdf
Radvanosky, R., Brodsky, J.: Project Shine (SHodan INtelligence Extraction) Findings Report (2014). http://www.slideshare.net/BobRadvanovsky/project-shine-findings-report-dated-1oct2014
Russel, J.: A Brief History of SCADA/EMS (2015). http://scadahistory.com/
Shodan search engine. http://www.shodanhq.com
World Economic Forum: Risk and Responsibility in a Hyperconnected World (WEF principles), Geneva, Switzerland (2014). http://www.weforum.org/reports/risk-and-responsibility-hyperconnected-world-pathways-global-cyber-resilience
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Luiijf, E. (2015). Cyber (In-)security of Industrial Control Systems: A Societal Challenge. In: Koornneef, F., van Gulijk, C. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science(), vol 9337. Springer, Cham. https://doi.org/10.1007/978-3-319-24255-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-24255-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24254-5
Online ISBN: 978-3-319-24255-2
eBook Packages: Computer ScienceComputer Science (R0)