Home > Research > Publications & Outputs > The impact of social engineering on Industrial ...

Research

Associated organisational units

Links

Text available via DOI:

View graph of relations

The impact of social engineering on Industrial Control System security

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

The impact of social engineering on Industrial Control System security. / Green, Benjamin; Prince, Daniel; Busby, Jeremy et al.
CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy. New York: ACM, 2015. p. 23-29.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Green, B, Prince, D, Busby, J & Hutchison, D 2015, The impact of social engineering on Industrial Control System security. in CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy. ACM, New York, pp. 23-29, ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC), Denver, United States, 16/10/15. https://doi.org/10.1145/2808705.2808717

APA

Green, B., Prince, D., Busby, J., & Hutchison, D. (2015). The impact of social engineering on Industrial Control System security. In CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy (pp. 23-29). ACM. https://doi.org/10.1145/2808705.2808717

Vancouver

Green B, Prince D, Busby J, Hutchison D. The impact of social engineering on Industrial Control System security. In CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy. New York: ACM. 2015. p. 23-29 doi: 10.1145/2808705.2808717

Author

Green, Benjamin ; Prince, Daniel ; Busby, Jeremy et al. / The impact of social engineering on Industrial Control System security. CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy. New York : ACM, 2015. pp. 23-29

Bibtex

@inproceedings{9014c982e77a44a1becf351988f25dd9,
title = "The impact of social engineering on Industrial Control System security",
abstract = "In assessing the security posture of Industrial Control Systems (ICS), several approaches have been proposed, including attack graphs, attack trees, Bayesian networks and security ideals. Predominantly focusing on technical vulnerabilities, challenges stemming from social and organisational factors are often reviewed in isolation, if at all. Taking a mean time-to-compromise (MTTC) metric as a base for expansion, we explore the impact social engineering attack vectors (malicious e-mails) could have on such assessments. The applied method takes a holistic view, to better understand the potential impact of social engineering across a small European utility company. The results of this review are analysed and discussed, highlighting the level of access an attacker could gain through social engineering, and the need for assessment metrics to include vulnerabilities stemming not only from technical factors, but social and organisational ones as well.",
author = "Benjamin Green and Daniel Prince and Jeremy Busby and David Hutchison",
year = "2015",
doi = "10.1145/2808705.2808717",
language = "English",
isbn = "9781450338271",
pages = "23--29",
booktitle = "CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy",
publisher = "ACM",
note = "ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC) ; Conference date: 16-10-2015",

}

RIS

TY - GEN

T1 - The impact of social engineering on Industrial Control System security

AU - Green, Benjamin

AU - Prince, Daniel

AU - Busby, Jeremy

AU - Hutchison, David

PY - 2015

Y1 - 2015

N2 - In assessing the security posture of Industrial Control Systems (ICS), several approaches have been proposed, including attack graphs, attack trees, Bayesian networks and security ideals. Predominantly focusing on technical vulnerabilities, challenges stemming from social and organisational factors are often reviewed in isolation, if at all. Taking a mean time-to-compromise (MTTC) metric as a base for expansion, we explore the impact social engineering attack vectors (malicious e-mails) could have on such assessments. The applied method takes a holistic view, to better understand the potential impact of social engineering across a small European utility company. The results of this review are analysed and discussed, highlighting the level of access an attacker could gain through social engineering, and the need for assessment metrics to include vulnerabilities stemming not only from technical factors, but social and organisational ones as well.

AB - In assessing the security posture of Industrial Control Systems (ICS), several approaches have been proposed, including attack graphs, attack trees, Bayesian networks and security ideals. Predominantly focusing on technical vulnerabilities, challenges stemming from social and organisational factors are often reviewed in isolation, if at all. Taking a mean time-to-compromise (MTTC) metric as a base for expansion, we explore the impact social engineering attack vectors (malicious e-mails) could have on such assessments. The applied method takes a holistic view, to better understand the potential impact of social engineering across a small European utility company. The results of this review are analysed and discussed, highlighting the level of access an attacker could gain through social engineering, and the need for assessment metrics to include vulnerabilities stemming not only from technical factors, but social and organisational ones as well.

U2 - 10.1145/2808705.2808717

DO - 10.1145/2808705.2808717

M3 - Conference contribution/Paper

SN - 9781450338271

SP - 23

EP - 29

BT - CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy

PB - ACM

CY - New York

T2 - ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC)

Y2 - 16 October 2015

ER -