Home > Research > Publications & Outputs > A Cyber Incident Response and Recovery Framewor...

Electronic data

  • A_Cyber_Incident_Response_and_Recovery_Framework_to_SupportOperators_of_ICS_and_Critical_National_Infrastructure

    Rights statement: This is the author’s version of a work that was accepted for publication in International Journal of Critical Infrastructure Protection. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in International Journal of Critical Infrastructure Protection, 37, 2022 DOI: 10.1016/j.ijcip.2021.100505

    Accepted author manuscript, 644 KB, PDF document

    Available under license: CC BY-NC-ND: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License

Links

Text available via DOI:

View graph of relations

A Cyber Incident Response and Recovery Framework to Support Operators of Industrial Control Systems

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published
Article number100505
<mark>Journal publication date</mark>31/07/2022
<mark>Journal</mark>International Journal of Critical Infrastructure Protection
Volume37
Number of pages24
Publication StatusPublished
Early online date16/02/22
<mark>Original language</mark>English

Abstract

Over the last decade, we have seen a shift in the focus of cyber attacks, moving from traditional IT systems to include more specialised Industrial Control Systems (ICS), often found within Critical National Infrastructure (CNI). Despite a push from governments to introduce appropriate legislation and guidance for such systems, operators of ICS and CNI still face multiple challenges in their cyber incident response and recovery capabilities, a theme that is often viewed as a last line of defence in minimising the impact of cyber attacks. This paper provides the following contributions: Firstly, we analyse existing standards and guidelines within cyber incident response and recovery. This analysis provides a structure on key response and recovery phases, a foundational understanding of associated requirements for these, and identifies challenges that could affect the quality of in-practice response and recovery capabilities. Using this analysis as a baseline, we examine how response and recovery processes are currently undertaken in practice through engagement with UK-based CNI operators and regulators. Secondly, as a starting point towards improving identified challenges in existing standards and guidelines and their use in practice, we propose a framework, built using the outputs identified from the document analysis and the stakeholder engagement, for use by operators to support them in assessing and improving their response and recovery capabilities.

Bibliographic note

This is the author’s version of a work that was accepted for publication in International Journal of Critical Infrastructure Protection. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in International Journal of Critical Infrastructure Protection, 37, 2022 DOI: 10.1016/j.ijcip.2021.100505