Rights statement: This is an Accepted Manuscript of an article published by Taylor & Francis in Journal of Cyber Security Technology on 23 Nov 2020, available online: https://www.tandfonline.com/doi/abs/10.1080/23742917.2020.1843822
Accepted author manuscript, 716 KB, PDF document
Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License
Final published version
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - Design Considerations for Building Credible Security Testbeds
T2 - Perspectives from Industrial Control System Use Cases
AU - Ani, Uchenna D
AU - Watson, Jeremy M
AU - Green, Benjamin
AU - Craggs, Barnaby
AU - Nurse, Jason
N1 - This is an Accepted Manuscript of an article published by Taylor & Francis in Journal of Cyber Security Technology on 23 Nov 2020, available online: https://www.tandfonline.com/doi/abs/10.1080/23742917.2020.1843822
PY - 2021/11/23
Y1 - 2021/11/23
N2 - This paper presents a mapping framework for design factors and an implementation process for building credible Industrial Control Systems (ICS) security testbeds. The security and resilience of ICSs has become a critical concern to operators and governments following widely publicised cyber security events. The inability to apply conventional Information Technology security practice to ICSs further compounds challenges in adequately securing critical systems. To overcome these challenges, and do so without impacting live environments, testbeds are widely used for the exploration, development, and evaluation of security controls. However, how a testbed is designed and its attributes, can directly impact not only its viability but also its credibility. Combining systematic and thematic analysis, and the mapping of identified ICS security testbed design attributes, we propose a novel relationship map of credibility-supporting design factors (and their associated attributes) and a process implementation flow structure for ICS security testbeds. The framework and implementation process highlight the significance of demonstrating some design factors such as user/experimenter expertise, clearly defined testbed design objectives, simulation implementation approach, covered architectural components, core structural and functional characteristics covered, and evaluations to enhance confidence, trustworthiness and acceptance of ICS security testbeds as credible. These can streamline testbed requirement definition, improve design consistency and quality while reducing implementation costs.
AB - This paper presents a mapping framework for design factors and an implementation process for building credible Industrial Control Systems (ICS) security testbeds. The security and resilience of ICSs has become a critical concern to operators and governments following widely publicised cyber security events. The inability to apply conventional Information Technology security practice to ICSs further compounds challenges in adequately securing critical systems. To overcome these challenges, and do so without impacting live environments, testbeds are widely used for the exploration, development, and evaluation of security controls. However, how a testbed is designed and its attributes, can directly impact not only its viability but also its credibility. Combining systematic and thematic analysis, and the mapping of identified ICS security testbed design attributes, we propose a novel relationship map of credibility-supporting design factors (and their associated attributes) and a process implementation flow structure for ICS security testbeds. The framework and implementation process highlight the significance of demonstrating some design factors such as user/experimenter expertise, clearly defined testbed design objectives, simulation implementation approach, covered architectural components, core structural and functional characteristics covered, and evaluations to enhance confidence, trustworthiness and acceptance of ICS security testbeds as credible. These can streamline testbed requirement definition, improve design consistency and quality while reducing implementation costs.
U2 - 10.1080/23742917.2020.1843822
DO - 10.1080/23742917.2020.1843822
M3 - Journal article
VL - 5
SP - 71
EP - 119
JO - Journal of Cyber Security Technology
JF - Journal of Cyber Security Technology
IS - 2
ER -