Even though serious accidents such as explosion or leakage of poisonous substances have not occurred yet, several cyber-attacks, e.g. Stuxnet, Havex and etc. have been developed to attack industrial control systems (ICS) and succeeded to hinder the operation of industries for long term. These mal wares utilized zero-day exploits and concealment. Although countermeasures against them have been developed, new kinds of cyber-attacks will be developed. It looks a vicious spiral. Especially for ICS, safety should be maintained even if the cyber-attacks utilize unknown vulnerability. In this paper, a systematic approach to design protection systems against cyber-attacks for ICS is proposed. Not only the vulnerabilities of the control network but also properties of the process safety are considered to design and evaluate them. The investment for cyber-security should be proposed according to the seriousness of possible hazards, required security level and budgets. The proposed approach enables the strategic decision making. Moreover, the scenarios of incident responses to care safety and security are discussed.
[1]
Ichiro Koshijima,et al.
Safety securing approach against cyber-attacks for process control system
,
2013,
Comput. Chem. Eng..
[2]
James D. Gilsinn,et al.
Security Assurance Levels: A Vector Approach to Describing Security Requirements | NIST
,
2010
.
[3]
Ichiro Koshijima,et al.
Detection of Cyber-attacks with Zone Dividing and PCA
,
2013,
KES.
[4]
Jing Sun,et al.
Development of cad for zone dividing of process control networks to improve cyber security
,
2014,
2014 14th International Conference on Control, Automation and Systems (ICCAS 2014).