Threats in Industrial Control Systems

Having explored the general nature of ICS and SCADA systems, it is time to take a broad look at threats to these systems, i.e., the causes of cyber incidents. An ISO standard (ISO27000 2014) for information and communication technology (ICT) defines threat as potential cause of an unwanted incident , which may result in harm to a system or organization. The former (ISO22399 2007) standard, which stems from the incident preparedness and operational continuity management domain, defines a threat as potential cause of an unwanted incident , which may result in harm to individuals, a system or organization, the environment or the community.

[1]  H.A.M. Luiijf,et al.  Cyber Security of Industrial Control Systems , 2015 .

[2]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティ管理策の実践のための規範 : ISO/IEC 27002 = Information technology-Security techniques-Code of practice for information security controls : ISO/IEC 27002 , 2013 .

[3]  Tyler Moore,et al.  The economics of cybersecurity: Principles and policy options , 2010, Int. J. Crit. Infrastructure Prot..

[4]  Sujeet Shenoi,et al.  Assessing The Integrity Of Field Devices In Modbus Networks , 2008, Critical Infrastructure Protection.

[5]  Wolfgang Kastner,et al.  On the security of security extensions for IP-based KNX networks , 2014, 2014 10th IEEE Workshop on Factory Communication Systems (WFCS 2014).

[6]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[7]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[8]  Eric A. M. Luiijf Are we in love with cyber insecurity? , 2014, Int. J. Crit. Infrastructure Prot..

[9]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[10]  Bradley Reaves,et al.  Analysis and mitigation of vulnerabilities in short-range wireless communications for industrial control systems , 2012, Int. J. Crit. Infrastructure Prot..

[11]  Sujeet Shenoi,et al.  Attack taxonomies for the Modbus protocols , 2008, Int. J. Crit. Infrastructure Prot..

[12]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[13]  Eric Luiijf Why are we so unconsciously insecure? , 2013, Int. J. Crit. Infrastructure Prot..

[14]  Stefan Lüders CONTROL SYSTEMS UNDER ATTACK , 2005 .

[15]  Igor Nai Fovino SCADA System Cyber Security , 2014, Secure Smart Embedded Devices, Platforms and Applications.