Guide to Industrial Control Systems (ICS) Security : Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC)

Stouffer, Keith; Falco, Joe; Scarfone, Karen

doi:10.6028/nist.sp.800-82r1

Cited by 21 publications

(24 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The source of a threat is the initiator of an attack. Threat sources fall into three types: adversarial threats which pose malicious intentions from individuals, groups organizations or states/nations; accidental threats are threats that have been caused accidentally or through legitimate CPS components; environmental threats which include natural disasters (floods, earthquakes), human-caused disasters (fires, explosions), and failures of supporting infrastructure (power outage or telecommunications loss) [16], [74], [119], [132], [146], [147], [155].…”

Section: A General Cps Threat Modelmentioning

confidence: 99%

“…Following ICS security standards like theirs, among others, should significantly contribute to securing ICS. For example, Stouffer et al [147] provided a comprehensive guidelines for ICS security. They provide guidelines for technical controls such as firewalls, IDS, and access control, and operational controls such as personnel security, awareness, and training.…”

Section: Ics Controlsmentioning

confidence: 99%

“…Security is not taken into consideration in the design of most CPS as a result of their isolation in physically-secured environments without connectivity to other networks, the Internet for instance. Hence, physical security has been almost the main security measure [147].…”

Section: Espionage (C)mentioning

confidence: 99%

“…In addition, there is a large number of stakeholders who can affect the security posture unintentionally. Therefore, some kind of coordinated change management should be introduced to prevent and detect security-related changes in the ICS application [97], [147].…”

Section: Ics Challengesmentioning

confidence: 99%

See 3 more Smart Citations

Cyber-Physical Systems Security—A Survey

Humayed

Lin

et al. 2017

IEEE Internet Things J.

796

358

View full text Add to dashboard Cite

Abstract-With the exponential growth of cyber-physical systems (CPS), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lack a systematic study of CPS security issues. In particular, the heterogeneity of CPS components and the diversity of CPS systems have made it very difficult to study the problem with one generalized model.In this paper, we capture and systematize existing research on CPS security under a unified framework. The framework consists of three orthogonal coordinates: (1) from the security perspective, we follow the well-known taxonomy of threats, vulnerabilities, attacks and controls; (2)from the CPS components perspective, we focus on cyber, physical, and cyber-physical components; and (3) from the CPS systems perspective, we explore general CPS features as well as representative systems (e.g., smart grids, medical CPS and smart cars). The model can be both abstract to show general interactions of a CPS application and specific to capture any details when needed. By doing so, we aim to build a model that is abstract enough to be applicable to various heterogeneous CPS applications; and to gain a modular view of the tightly coupled CPS components. Such abstract decoupling makes it possible to gain a systematic understanding of CPS security, and to highlight the potential sources of attacks and ways of protection.

show abstract

Section: A General Cps Threat Modelmentioning

confidence: 99%

Section: Ics Controlsmentioning

confidence: 99%

Section: Espionage (C)mentioning

confidence: 99%

Section: Ics Challengesmentioning

confidence: 99%

See 2 more Smart Citations

Cyber-Physical Systems Security—A Survey

Humayed

Lin

et al. 2017

IEEE Internet Things J.

796

358

View full text Add to dashboard Cite

show abstract

“…NIST has developed security guidelines, especially NISTIR 7628 and NIST SP 800-82 for AMI and SCADA security [9,15,27]. NERC also provides cyber security requirements for bulk electric power systems [16,17].…”

Section: Security Analytics For Ami and Scadamentioning

confidence: 99%

Analytics for Smart Grid Security and Resiliency

Al-Shaer

Rahman

2016

Security and Resiliency Analytics for Smart Grids

View full text Add to dashboard Cite

The security and resiliency analysis of a smart grid needs to consider the target component(s), flexible attack model, and the integration among different smart grid components and attack properties. An exhaustive security analysis is not only expensive but also infeasible using testbeds. Formal analytics can play an important role toward comprehensive security analysis of the system, which can identify potential threats provably, that can further be verified on testbeds.Recent research studies have established the capability of formal models for analyzing security and resiliency of different components of a smart grid [1,19,[21][22][23][24][25]. The proactive identification of security threats is performed by developing formal security verification techniques that discover cyber and physical security threats on different components of smart grids, including AMI, SCADA, and EMS. Dynamic security schemes for smart grids are designed with the idea of security by agility. In particular, these schemes make the behavior unpredictable for the attacker by frequently randomizing various critical parameters in the smart grid system, whilst keeping it deterministic for the system. These techniques provide automatic analysis of security properties and synthesis of threat mitigation plans ensuring the security and resiliency of the system. This chapter summarizes the formal analytics presented in this book and presents an overview of the technical approach. Finally, it briefly discusses about the tools used for formal modeling. Formal AnalyticsThere are formal techniques and tools that can address the security requirements, identify potential threats, and offer remediation plans for smart grids, so that secure and reliable smart grids can be established. These techniques mostly focus on 2 Analytics for Smart Grid Security and Resiliency AMI, SCADA, and EMS, the most critical components of a smart grid ( Fig. 1.2). The formal analytics for smart grid security and resiliency falls can be described in the following three major categories: Security Analytics for AMI and SCADA A scalable and provable formal framework is presented that can verify the compliance of AMI configurations with NIST security guidelines [15], and generate remediation plans for potential security violations. This framework is implemented as a tool named SmartAnalyzer, which enables energy providers to proactively investigate AMI security configurations in order to identify and mitigate potential security threats and to guarantee AMI operational integrity and security requirements. The uniqueness of this framework lies in the formal modeling of novel security properties that are critical for the integrity and security of AMI. These security properties include different invariant and user-driven constraints, such as data overflow/overwrite protection, cyber bandwidth limitation, data integrity and confidentiality, assured report delivery, and data freshness. An identical formal model for the proactive security analysis of SCADA is also presented. This model ...

show abstract

Robust algorithm for attack detection based on time‐varying hidden Markov model subject to outliers

Dai

Huang

2020

Adaptive Control & Signal

View full text Add to dashboard Cite

The problem of robust attack detection and prediction for networked control systems in the presence of outliers is discussed in this article. The conventional hidden Markov model (HMM) is trained to learn the system behavior (ie, transitions between different operating modes) in the nominal process. The HMM with time-varying transition probabilities is used to track the attack behavior in which the adversary triggers more hazard modes to hasten fatigue of control devices by injecting attack signals with random magnitude and frequency. For different operating modes, the observations are assumed to follow different multivariate Student's t distributions instead of Gaussian distributions and thus address the robust estimation problem. The expectation maximization algorithm is used to estimate parameters. Finally, simulations are conducted to verify the effectiveness of the proposed method.

show abstract

Guide to Industrial Control Systems (ICS) Security : Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC)

Cited by 21 publications

References 11 publications

Cyber-Physical Systems Security—A Survey

Cyber-Physical Systems Security—A Survey

Analytics for Smart Grid Security and Resiliency

Robust algorithm for attack detection based on time‐varying hidden Markov model subject to outliers

Contact Info

Product

Resources

About