Rights statement: © Owner/Author, 2016. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CPS-SPC’16, October 28 2016, Vienna, Austria http://dx.doi.org/10.1145/2994487.2994498
Accepted author manuscript, 859 KB, PDF document
Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License
Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Achieving ICS resilience and security through granular data flow management
AU - Green, Benjamin
AU - Krotofil, Marina
AU - Hutchison, David
N1 - Conference code: 2nd
PY - 2016/10/28
Y1 - 2016/10/28
N2 - Modern Industrial Control Systems (ICS) rely on enterprise to plant floor connectivity. Where the size, diversity, and therefore complexity of ICS increase, operational requirements, goals, and challenges defined by users across various sub-systems follow. Recent trends in Information Technology (IT) and Operational Technology (OT) convergence may cause operators to lose a comprehensive understanding of end-to-end data flow requirements. This presents a risk to system security and resilience. Sensors were once solely applied for operational process use, but now act as inputs supporting a diverse set of organisational requirements. If these are not fully understood, incomplete risk assessment, and inappropriate implementation of security controls could occur. In search of a solution, operators may turn to standards and guidelines. This paper reviews popular standards and guidelines, prior to the presentation of a case study and conceptual tool, highlighting the importance of data flows, critical data processing points, and system-to-user relationships. The proposed approach forms a basis for risk assessment and security control implementation, aiding the evolution of ICS security and resilience.
AB - Modern Industrial Control Systems (ICS) rely on enterprise to plant floor connectivity. Where the size, diversity, and therefore complexity of ICS increase, operational requirements, goals, and challenges defined by users across various sub-systems follow. Recent trends in Information Technology (IT) and Operational Technology (OT) convergence may cause operators to lose a comprehensive understanding of end-to-end data flow requirements. This presents a risk to system security and resilience. Sensors were once solely applied for operational process use, but now act as inputs supporting a diverse set of organisational requirements. If these are not fully understood, incomplete risk assessment, and inappropriate implementation of security controls could occur. In search of a solution, operators may turn to standards and guidelines. This paper reviews popular standards and guidelines, prior to the presentation of a case study and conceptual tool, highlighting the importance of data flows, critical data processing points, and system-to-user relationships. The proposed approach forms a basis for risk assessment and security control implementation, aiding the evolution of ICS security and resilience.
KW - Industrial Control Systems
KW - SCADA
KW - Data Flow
KW - Security
KW - Resilience
KW - Risk Assessment
KW - Socio-Technical Systems
U2 - 10.1145/2994487.2994498
DO - 10.1145/2994487.2994498
M3 - Conference contribution/Paper
SN - 9781450345682
SP - 93
EP - 101
BT - CPS-SPC '16 Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy
PB - ACM
CY - New York
T2 - 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy
Y2 - 28 October 2016 through 28 October 2016
ER -