A Cyber Incident Response and Recovery Framework to Support Operators of Industrial Control Systems

Staves, Alexander; Anderson, Tom; Balderstone, Harry; Green, Ben; Gouglidis, Antonios; Hutchison, David

doi:10.1016/j.ijcip.2021.100505

Cited by 18 publications

(3 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As part of the recovery process, you should test and monitor the impacted systems after the issue has been fixed. This guarantees that the measures you implement the function as planned and offers you the chance to fix any errors [16].…”

Section: Recoverymentioning

confidence: 99%

The Cyber Security Incident Response and Reverse Engineering

Suleman

Liaquat

2022

IJECI

View full text Add to dashboard Cite

Although incident response has always been a crucial component of information security, security administrators frequently ignore it. Whereas, Reverse engineering focuses on the difficult issue of analyzing legacy software code in the absence of appropriate documentation. This paper proposes an approach to understanding cyber security Incident Response and the services it provides followed by Reverse Engineering resources and the practical analysis of a malware named “Alice ATM Malware” in detail.

show abstract

Section: Recoverymentioning

confidence: 99%

The Cyber Security Incident Response and Reverse Engineering

Suleman

Liaquat

2022

IJECI

View full text Add to dashboard Cite

show abstract

“…An incident response plan details the steps taken to respond to a cyber incident, which includes (but is not limited to) preparation, detection, containment, eradication, recovery, and post-incident activity (Staves et al, 2020). (Lee and Conway, 2022) advise that industrial organisations should have an ICS-specific incident response plan.…”

Section: Ics Incident Responsementioning

confidence: 99%

An Analysis of Critical Cybersecurity Controls for Industrial Control Systems

Sekonya

Sithungu

2023

eccws

View full text Add to dashboard Cite

Industrial Control Systems (ICS) comprise software, hardware, network systems, and people that manage and operate industrial processes. Supervisory Control and Data Acquisition Systems (SCADA) and Distributed Control Systems (DCS) are two of the most prevalent ICS. An ICS facilitates the effective and efficient management and operation of industrial sectors, including critical infrastructure sectors like utilities, manufacturing, and water treatment facilities. An ICS collects and integrates data from various field controllers deployed in industrial contexts, enabling operators to make data-driven decisions in managing industrial operations. Historically, ICS were isolated from the internet, functioning as part of air-gapped networks. However, the efficiency improvements brought about by the emergence of Information Technology necessitated a shift towards a more connected industrial environment. The convergence of Information and Operational Technology (IT/OT) has made ICS vulnerable to cyberattacks. Due to the crucial nature of the infrastructure that ICS manage, cyberattacks against ICS may cause critical infrastructure sectors to experience downtime. This may have a crippling impact on a country's well-being and essential economic activities. Given the proliferation of cyber warfare, cyberattacks against ICS are increasingly significant at present, as was the case during the 2015 attack on Ukraine's power infrastructure, which was successful in causing a blackout that affected over 200 000 persons. The threat actors used malicious software known as "BlackEnergy3", which was created to interfere with the regular operation of the ICS in charge of controlling electrical substations. This was the first known instance of malicious software causing blackouts. In response to increasing cyberattacks against ICS, the SANS Institute, in a whitepaper titled “The Five ICS Cybersecurity Critical Controls”, present five critical controls for an ICS cybersecurity strategy. This paper discusses ICS and the increased convergence of IT and OT. The paper also outlines significant cyberattacks directed at ICS. The paper then follows an exploratory research methodology done in response to the Five ICS Cybersecurity Critical Controls to determine the state of ICS literature that can help ICS operators secure their environments in accordance with the framework. Additionally, the ICS Cybersecurity Critical Controls are mapped to the NERC CIP standards, which provide guidance on the security of the Bulk Electric System (BES) and associated critical assets in North America.

show abstract

“…Previous work also highlighted the inconsistencies of OTfocused standards and guidelines when assessing and improving cyber incident response and recovery [21]. While some standards were found to have sufficient maturity regarding their use in practice, the inconsistencies that were identified could result in a less than complete picture when selecting specific standards over others.…”

Section: Related Workmentioning

confidence: 99%

Learning to Walk: Towards Assessing the Maturity of OT Security Control Standards and Guidelines

Staves

Maesschalck

Derbyshire³

et al. 2023

2023 IFIP Networking Conference (IFIP Networking)

Self Cite

View full text Add to dashboard Cite

The convergence of IT and OT has presented OT environments with several challenges, such as increasing the attack surface of its real time systems to include more commonplace enterprise vulnerabilities. As OT is used across heavily regulated sectors, including water and nuclear, many standards and guidelines are available to these sectors, providing them with assistance towards continued improvements from a cyber security perspective. However, these standards and guidelines are not always as mature as their IT counterparts. This paper proposes a model to benchmark the maturity of OT focused standards and guidelines, which we then use to analyse seven commonly adopted resources. Based on this analysis, we find that these OT standards and guidelines do not always provide in-depth implementation guidance, and often refer instead to IT standards and guidelines for more information. Improvements are urgently needed in security and risk mitigation for interconnected OT and IT systems, as security controls in OT are typically reappropriated IT controls. To help achieve this goal, OT standards must mature further.

show abstract

A Cyber Incident Response and Recovery Framework to Support Operators of Industrial Control Systems

Cited by 18 publications

References 44 publications

The Cyber Security Incident Response and Reverse Engineering

The Cyber Security Incident Response and Reverse Engineering

An Analysis of Critical Cybersecurity Controls for Industrial Control Systems

Learning to Walk: Towards Assessing the Maturity of OT Security Control Standards and Guidelines

Contact Info

Product

Resources

About