The Industrial Control System Cyber Defence Triage Process

dc.cclicenceCC-BY-NC-NDen
dc.contributor.authorCook, Allanen
dc.contributor.authorJanicke, Helgeen
dc.contributor.authorSmith, Richarden
dc.contributor.authorMaglaras, Leandrosen
dc.date.acceptance2017-07-15en
dc.date.accessioned2017-10-03T14:51:20Z
dc.date.available2017-10-03T14:51:20Z
dc.date.issued2017-07-24
dc.descriptionThe file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.en
dc.description.abstractThe threat to Industrial Control Systems (ICS) from cyber attacks is widely acknowledged by governments and literature. Operators of ICS are looking to address these threats in an effective and cost-sensitive manner that does not expose their operations to additional risks through invasive testing. Whilst existing standards and guidelines offer comprehensive advice for reviewing the security of ICS infrastructure, resource and time limitations can lead to incomplete assessments or undesirably long countermeasure implementation schedules. In this paper we consider the problem of undertaking efficient cyber security risk assessments and implementing mitigations in large, established ICS operations for which a full security review cannot be implemented on a constrained timescale. The contribution is the Industrial Control System Cyber Defence Triage Process (ICS-CDTP). ICS-CDTP determines areas of priority where the impact of attacks is greatest, and where initial investment reduces the organisation's overall exposure swiftly. ICS-CDTP is designed to be a precursor to a wider, holistic review across the operation following established security management approaches. ICS-CDTP is a novel combination of the Diamond Model of Intrusion Analysis, the Mandiant Attack Lifecycle, and the CARVER Matrix, allowing for an effective triage of attack vectors and likely targets for a capable antagonist. ICS-CDTP identifies and focuses on key ICS processes and their exposure to cyber threats with the view to maintain critical operations. The article defines ICS-CDTP and exemplifies its application using a fictitious water treatment facility, and explains its evaluation as part of a large-scale serious game exercise.en
dc.funderN/Aen
dc.identifier.citationCook, A., Janicke, H., Smith, R., Maglaras, L., (2017) The Industrial Control System Cyber Defence Triage Proces., Computers & Security, 70,, pp. 467-481en
dc.identifier.doihttps://doi.org/10.1016/j.cose.2017.07.009
dc.identifier.urihttp://hdl.handle.net/2086/14556
dc.language.isoenen
dc.peerreviewedYesen
dc.projectidN/Aen
dc.publisherElsevieren
dc.researchgroupCyber Security Centreen
dc.researchinstituteCyber Technology Institute (CTI)en
dc.subjectICSen
dc.subjectSCADAen
dc.subjectCyber Security Triage Risken
dc.titleThe Industrial Control System Cyber Defence Triage Processen
dc.typeArticleen

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
triage_10.pdf
Size:
1.82 MB
Format:
Adobe Portable Document Format
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
4.2 KB
Format:
Item-specific license agreed upon to submission
Description: