Research output: Contribution to Journal/Magazine › Journal article
Research output: Contribution to Journal/Magazine › Journal article
}
TY - JOUR
T1 - Design Considerations for Building Credible Security Testbeds
T2 - A Systematic Study of Industrial Control System Use Cases
AU - Ani, Uchenna D
AU - Watson, Jeremy M
AU - Green, Benjamin
AU - Craggs, Barnaby
AU - Nurse, Jason
N1 - 17 pages (including Appendix), 2 Figures, 4 Tables, A Research output from the Analytical Lenses for Internet of Things Threats (ALIoTT) project
PY - 2019/11/4
Y1 - 2019/11/4
N2 - This paper presents a mapping framework for design factors and implementation process for building credible Industrial Control Systems (ICS) security testbeds. The resilience of ICSs has become a critical concern to operators and governments following widely publicised cyber security events. The inability to apply conventional Information Technology security practice to ICSs further compounds challenges in adequately securing critical systems. To overcome these challenges, and do so without impacting live environments, testbeds for the exploration, development and evaluation of security controls are widely used. However, how a testbed is designed and its attributes, can directly impact not only its viability but also its credibility as a whole. Through a combined systematic and thematic analysis and mapping of ICS security testbed design attributes, this paper suggests that the expertise of human experimenters, design objectives, the implementation approach, architectural coverage, core characteristics, and evaluation methods; are considerations that can help establish or enhance confidence, trustworthiness and acceptance; thus, credibility of ICS security testbeds.
AB - This paper presents a mapping framework for design factors and implementation process for building credible Industrial Control Systems (ICS) security testbeds. The resilience of ICSs has become a critical concern to operators and governments following widely publicised cyber security events. The inability to apply conventional Information Technology security practice to ICSs further compounds challenges in adequately securing critical systems. To overcome these challenges, and do so without impacting live environments, testbeds for the exploration, development and evaluation of security controls are widely used. However, how a testbed is designed and its attributes, can directly impact not only its viability but also its credibility as a whole. Through a combined systematic and thematic analysis and mapping of ICS security testbed design attributes, this paper suggests that the expertise of human experimenters, design objectives, the implementation approach, architectural coverage, core characteristics, and evaluation methods; are considerations that can help establish or enhance confidence, trustworthiness and acceptance; thus, credibility of ICS security testbeds.
KW - cs.CR
M3 - Journal article
JO - arXiv
JF - arXiv
ER -