Design and Operation Framework for Industrial Control System Security Exercise
- 735 Downloads
In recent years, cyber-attacks on critical infrastructures have become a threat to reality. Incidents of cyber-attacks happen in the ICS (industrial control system) on site. As countermeasures against cyber-attacks, companies need not only consider stable plant operation from the viewpoint of safety but also consider business continuity from the business point of view. To promptly take the above countermeasures against cyber-attacks, companies have to prepare corporate resources in advance and educate their staffs and operators using the training exercise. In this paper, the authors propose a design framework of the exercise based on existing safety-BCP and IT-BCP. An illustrative example exercise is presented to easily understand the proposed methodologies.
KeywordsIndustrial control system Business continuity plan Cyber security
This research is partially supported by the Ministry of Education, Science, Sports and Culture, Grant-in-Aid for Scientific Research (A), No. 16H01837 (2016) and Council for Science, Technology and Innovation (CSTI), Cross-ministerial Strategic Innovation Promotion Program (SIP), “Cyber-Security for Critical Infrastructure” (Funding Agency: NEDO), however, all remaining errors are attributable to the authors.
- 1.IPA, Security of Industrial Control System (2018). https://www.ipa.go.jp/security/controlsystem/
- 2.Yoshihiro, F.: Countermeasures and challenges to cyber-attacks at factories and plants. A well-understood book, Japan, pp. 6–90 (2015)Google Scholar
- 3.Threat Modeling: Designing for Security, Adam Shostack (2014)Google Scholar
- 4.Yuitaka, O., Tomomi, A., Ichiro, K.: Cyber incident exercise for safety protection in critical infrastration. In: 13th Global Congress on Process Safety, San Antonio, USA (2017)Google Scholar