Home > Research > Publications & Outputs > Achieving ICS resilience and security through g...

Research

Associated organisational units

Electronic data

  • CPS-SPC-2016

    Rights statement: © Owner/Author, 2016. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CPS-SPC’16, October 28 2016, Vienna, Austria http://dx.doi.org/10.1145/2994487.2994498

    Accepted author manuscript, 859 KB, PDF document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

Keywords

View graph of relations

Achieving ICS resilience and security through granular data flow management

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published
Close
More...
Publication date28/10/2016
Host publicationCPS-SPC '16 Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy
Place of PublicationNew York
PublisherACM
Pages93-101
Number of pages19
ISBN (print)9781450345682
<mark>Original language</mark>English
Event2nd ACM Workshop on Cyber-Physical Systems Security and Privacy - Hofburg Palace, Vienna, Austria
Duration: 28/10/201628/10/2016
Conference number: 2nd
https://www.sigsac.org/ccs/CCS2016/

Workshop

Workshop2nd ACM Workshop on Cyber-Physical Systems Security and Privacy
Abbreviated titleCPS-SPC '16
Country/TerritoryAustria
CityVienna
Period28/10/1628/10/16
Internet address

Workshop

Workshop2nd ACM Workshop on Cyber-Physical Systems Security and Privacy
Abbreviated titleCPS-SPC '16
Country/TerritoryAustria
CityVienna
Period28/10/1628/10/16
Internet address

Abstract

Modern Industrial Control Systems (ICS) rely on enterprise to plant floor connectivity. Where the size, diversity, and therefore complexity of ICS increase, operational requirements, goals, and challenges defined by users across various sub-systems follow. Recent trends in Information Technology (IT) and Operational Technology (OT) convergence may cause operators to lose a comprehensive understanding of end-to-end data flow requirements. This presents a risk to system security and resilience. Sensors were once solely applied for operational process use, but now act as inputs supporting a diverse set of organisational requirements. If these are not fully understood, incomplete risk assessment, and inappropriate implementation of security controls could occur. In search of a solution, operators may turn to standards and guidelines. This paper reviews popular standards and guidelines, prior to the presentation of a case study and conceptual tool, highlighting the importance of data flows, critical data processing points, and system-to-user relationships. The proposed approach forms a basis for risk assessment and security control implementation, aiding the evolution of ICS security and resilience.

Bibliographic note

© Owner/Author, 2016. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CPS-SPC’16, October 28 2016, Vienna, Austria http://dx.doi.org/10.1145/2994487.2994498