A review of security assessment methodologies in industrial control systems

Author:

Qassim Qais Saif,Jamil Norziana,Daud Maslina,Patel Ahmed,Ja’affar Norhamadi

Abstract

Purpose The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure. Design/methodology/approach This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems. Findings The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements. Originality/value This paper presents a review and a comparative analysis of several standard SCADA security assessment methodologies and guidelines published by internationally recognised bodies. In addition, it explores the adequacy of the existing methodologies in meeting cyber security assessment practices required for electrical power networks.

Publisher

Emerald

Subject

Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems

Reference40 articles.

1. Critical infrastructure protection: requirements and challenges for the 21st century;International Journal of Critical Infrastructure Protection,2015

2. Cyber and physical security vulnerability assessment for IoT-based smart homes;Sensors,2018

3. A data protection impact assessment methodology for cloud,2016

4. American Petroleum Institute (2003), Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries, American Petroleum Institute, Washington, DC, available at: www.nrc.gov/docs/ML0502/ML050260624.pdf

5. Automatic security assessment of critical cyber-infrastructures,2008

Cited by 29 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. A systematic review of cybersecurity assessment methods for HTTPS;Computers and Electrical Engineering;2024-04

2. Big Data Security Evaluation by Bidirectional Analysis of Access Control Policy;2024 International Russian Smart Industry Conference (SmartIndustryCon);2024-03-25

3. Secure Communication Protocols for SCADA Systems: Analysis and Comparisons of Different Secure Communication Protocols;2024 Seventh International Women in Data Science Conference at Prince Sultan University (WiDS PSU);2024-03-03

4. An Industrial Control System Risk Assessment Method;2023 20th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP);2023-12-15

5. Fostering information security policies compliance with ISA-95-based framework: an empirical study of oil and gas employees;International Journal of Information Security;2023-12-08

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3