Security Metrics in Industrial Control Systems

Risk—the topic of the previous chapter—is the best known and perhaps the best studied approach within a much broader class of cyber security assessments. However, risk assessment is not the only possible approach to cyber security. Other approaches and metrics such as resilience exist and could be potentially very valuable to defenders of ICS systems.

[1]  Andy Neely,et al.  Designing performance measures: a structured approach , 1997 .

[2]  Mark E. Borsuk,et al.  Concepts of decision support for river rehabilitation , 2007, Environ. Model. Softw..

[3]  Wayne F. Boyer,et al.  Primer Control System Cyber Security Framework and Technical Metrics , 2008 .

[4]  Mo-Yuen Chow,et al.  Optimal Tradeoff Between Performance and Security in Networked Control Systems Based on Coevolutionary Algorithms , 2012, IEEE Transactions on Industrial Electronics.

[5]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[6]  Igor Linkov,et al.  Measurable resilience for actionable policy. , 2013, Environmental science & technology.

[7]  David S Alberts,et al.  Information Age Transformation: Getting to a 21st Century Military (revised) , 2002 .

[8]  Harry Eugene Stanley,et al.  Catastrophic cascade of failures in interdependent networks , 2009, Nature.

[9]  Ralph L. Keeney,et al.  Selecting Attributes to Measure the Achievement of Objectives , 2005, Oper. Res..

[10]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[11]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[12]  Robert K. Cunningham,et al.  Why Measuring Security Is Hard , 2010, IEEE Security & Privacy.

[13]  Zachary A. Collier,et al.  Decision Making for Resilience within the Context of Network Centric Operations , 2014 .

[14]  I. Linkov,et al.  Changing the resilience paradigm , 2014 .

[15]  M. Zoback,et al.  Disaster Resilience: A National Imperative , 2013 .

[16]  Zachary A. Collier,et al.  Systems engineering framework for cyber physical security and resilience , 2015, Environment Systems and Decisions.

[17]  Ralph L. Keeney,et al.  MAKING SMARTER ENVIRONMENTAL MANAGEMENT DECISIONS , 2002 .

[18]  Julia Allen Measures for Managing Operational Resilience , 2011 .

[19]  Karen A. Scarfone,et al.  Cyber Security Metrics and Measures , 2008 .

[20]  Zachary A. Collier,et al.  Metrics for energy resilience , 2014 .

[21]  Alessandro Vespignani,et al.  Complex networks: The fragility of interdependency , 2010, Nature.

[22]  Miles A. McQueen,et al.  Ideal Based Cyber Security Technical Metrics for Control Systems , 2007, CRITIS.

[23]  S. Kaplan,et al.  On The Quantitative Definition of Risk , 1981 .

[24]  Igor Linkov,et al.  Resilience metrics for cyber systems , 2013, Environment Systems and Decisions.

[25]  Zachary A. Collier,et al.  Cybersecurity Standards: Managing Risk and Creating Resilience , 2014, Computer.

[26]  Darren D. Medlin Information Age Transformation: Getting to a 21st Century Military , 2008 .

[27]  Jerome H. Saltzer,et al.  Protection and the control of information sharing in multics , 1974, CACM.

[28]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[29]  Michel Bruneau,et al.  Framework for analytical quantification of disaster resilience , 2010 .