A review of security assessment methodologies in industrial control systems. (11th March 2019)
- Record Type:
- Journal Article
- Title:
- A review of security assessment methodologies in industrial control systems. (11th March 2019)
- Main Title:
- A review of security assessment methodologies in industrial control systems
- Authors:
- Qassim, Qais Saif
Jamil, Norziana
Daud, Maslina
Patel, Ahmed
Ja'affar, Norhamadi - Abstract:
- Abstract : Purpose: The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure. Design/methodology/approach: This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems. Findings: The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements. Originality/value: This paper presents a review and a comparative analysis ofAbstract : Purpose: The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure. Design/methodology/approach: This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems. Findings: The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements. Originality/value: This paper presents a review and a comparative analysis of several standard SCADA security assessment methodologies and guidelines published by internationally recognised bodies. In addition, it explores the adequacy of the existing methodologies in meeting cyber security assessment practices required for electrical power networks. … (more)
- Is Part Of:
- Information and computer security. Volume 27:Number 1(2019)
- Journal:
- Information and computer security
- Issue:
- Volume 27:Number 1(2019)
- Issue Display:
- Volume 27, Issue 1 (2019)
- Year:
- 2019
- Volume:
- 27
- Issue:
- 1
- Issue Sort Value:
- 2019-0027-0001-0000
- Page Start:
- 47
- Page End:
- 61
- Publication Date:
- 2019-03-11
- Subjects:
- Cyber attacks -- Vulnerability analysis -- Power systems -- SCADA systems -- Security assessment -- Vulnerability analysis
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-04-2018-0048 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 22145.xml