论文信息 - Categorization of Cyber Training Environments for Industrial Control Systems

Categorization of Cyber Training Environments for Industrial Control Systems

First responders and professionals in hazardous occupations undergo intense training and evaluation to enable them to efficiently and effectively mitigate risk and damage. For example, helicopter pilots train with multiple simulations that increase in complexity before they fly real aircraft. However, in the industrial control systems domain, where incident response professionals help detect, respond and recover from cyber incidents, there is no official categorization of training environments, let alone training regimens. To address this gap, this chapter provides a categorization of industrial control training environments based on realism. Four levels of environments are proposed and mapped to Bloom’s Taxonomy. The categorization enables organizations to determine the cyber training environments that best align with their training needs and budgets.

Mason Rice | John M. Pecarina | Stephen Dunlap | Evan Plumley

[1] Jonathan Butts,et al. How Industrial Control System Security Training is Falling Short , 2015, Critical Infrastructure Protection.

[2] Karen A. Scarfone,et al. Guide to Industrial Control Systems (ICS) Security , 2015 .

[3] Karen A. Scarfone,et al. Computer Security Incident Handling Guide , 2004 .

[4] Mason Rice,et al. Constructing cost-effective and targetable industrial control system honeypots for production networks , 2015, Int. J. Crit. Infrastructure Prot..

[5] Benjamin W. P. Ramsey,et al. Evaluating the readiness of cyber first responders responsible for critical infrastructure protection , 2016, Int. J. Crit. Infrastructure Prot..

[6] Béla Genge,et al. EPIC: A Testbed for Scientifically Rigorous Cyber-Physical Security Experimentation , 2013, IEEE Transactions on Emerging Topics in Computing.

[7] Wei Gao,et al. A control system testbed to validate critical infrastructure protection concepts , 2011, Int. J. Crit. Infrastructure Prot..

[8] D. Krathwohl. A Revision of Bloom's Taxonomy: An Overview , 2002 .

[9] Eric Cornelius,et al. Recommended Practice: Creating Cyber Forensics Plans for Control Systems , 2008 .

[10] Bradley Reaves,et al. An open virtual testbed for industrial control system security research , 2012, International Journal of Information Security.