Security management of cyber physical control systems using NIST SP 800-82r2

Jillepalli, Ananth A.; Sheldon, Frederick T.; Leon, Daniel Conte de; Haney, Michael; Abercrombie, Robert K.

doi:10.1109/iwcmc.2017.7986568

Cited by 22 publications

(8 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The [24] used previously in industrial settings [25]; applied to industry standards [26] [27]; and applied to cloud environments [27] [28]. The cost/benefits risk assessment of the project [2] was carried out by computing the Mean Failure Cost (MFC) for various UPS stakeholders addressing grid vulnerability, consequence, and risk analysis.…”

Section: Process and Resultsmentioning

confidence: 99%

Microgrid Disaster Resiliency Analysis: Reducing Costs in Continuity of Operations (COOP) Planning

Abercrombie

Ollis

Sheldon

et al. 2019

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

The electric grid serves a vital role in the supply chain of nearly all industrial and commercial organizations. A Microgrid infrastructure can provide this service and beneficial non-emergency services including a variety of generation/energy sources. To demonstrate the applicability of microgrids for energy resiliency, we present a microgrid resiliency case study for United Parcel Service's (UPS) three separate shipping facilities. The goal, to enhance energy security, minimize cost and prevent cascading losses within other related business units. The impacts and consequences of which are quantified in this study using a Mean Failure Cost (MFC) risk assessment measure. MFC accounts for the potential loses to identified stakeholders that may result from a set of identified failures due to a set of identified threats. In this case, our study uses a method we call All Hazards Econometric System (AHES). AHES incorporates the cost of COOP using a strategy that considers the payback period of microgrid installation as compared to other energy delivery strategies.

show abstract

Section: Process and Resultsmentioning

confidence: 99%

Microgrid Disaster Resiliency Analysis: Reducing Costs in Continuity of Operations (COOP) Planning

Abercrombie

Ollis

Sheldon

et al. 2019

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

show abstract

“…The CIP standard documents associated to the security management are shown in Table 2. It is also worth mentioning that the SP800-82 special publication published by the NIST document [25,26] provides recommendations and best practices for the security of industrial control systems, including, for example, SCADA (Supervisory Control And Data Acquisition) systems, DCS (Distributed Control System) and other control system configurations, such as PLCs (Programmable Logic Controllers). This technical document also identifies common security threats and vulnerabilities in the scope of industrial systems and provides recommended security countermeasures to mitigate the associated risks.…”

Section: National Standardsmentioning

confidence: 99%

Security Issues and Software Updates Management in the Industrial Internet of Things (IIoT) Era

Mugarza

Flores

Montero

2020

Sensors

View full text Add to dashboard Cite

New generation Industrial Automation and Control Systems (IACS) are providing advanced connectivity features, enabling new automation applications, services and business models in the Industrial Internet of Things (IIoT) era. Nevertheless, due to the extended attack surface and increasing number of cyber-attacks against industrial equipment, security concerns arise. Hence, these systems should provide enough protection and resiliency against cyber-attacks throughout their entire lifespan, which, in the case of industrial systems, may last several decades. A sound and complete management of security issues and software updates is fundamental to achieve such goal, since leading-edge security countermeasures implemented in the development phase may eventually become out-of-date. In this article, a review of the IEC 62443 industrial security standard concerning the security maintenance of IIoT systems and components is given, along with guidelines for the implementation of such processes. As concluded, the security issues and software updates management shall jointly be addressed by the asset owner, service providers and product suppliers. These security processes should also be compatible with the safety procedures established by safety standards.

show abstract

“…Existing cyber security risk frameworks for ICS fall into three main categories: i) international/national standards and guidelines on ICS cyber security [1]- [3]; ii) quantitative risk assessment [4], [5]; and iii) attack tree approaches [6]- [8]. Standards provide a high level guidance for improving and managing cyber security risks in ICS contexts.…”

Section: Related Workmentioning

confidence: 99%

Understanding Security Requirements for Industrial Control System Supply Chains

Hou

Such

Rashid

2019

2019 IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS)

View full text Add to dashboard Cite

We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account the whole spectrum of security risks-from technical aspects through to human and organizational issues-across an ICS supply chain. We demonstrate the effectiveness of SEISMiC through a supply chain risk assessment of Natanz, Iran's nuclear facility that was the subject of the Stuxnet attack. Index Terms-security requirements, cyber-physical systems, risk decision-making, supply chains.

show abstract

Security management of cyber physical control systems using NIST SP 800-82r2

Cited by 22 publications

References 12 publications

Microgrid Disaster Resiliency Analysis: Reducing Costs in Continuity of Operations (COOP) Planning

Microgrid Disaster Resiliency Analysis: Reducing Costs in Continuity of Operations (COOP) Planning

Security Issues and Software Updates Management in the Industrial Internet of Things (IIoT) Era

Understanding Security Requirements for Industrial Control System Supply Chains

Contact Info

Product

Resources

About