Acceso abierto

Risk Assessment For Industrial Control Systems Quantifying Availability Using Mean Failure Cost (MFC)

Qian Chen
Qian Chen
, 
Robert K. Abercrombie
Robert K. Abercrombie
 y 
Frederick T. Sheldon
Frederick T. Sheldon
   | 23 sept 2015
Journal of Artificial Intelligence and Soft Computing Research's Cover Image
Acerca de este artículo
Artículo anterior
Artículo siguiente
Cite
Publicado en línea: 23 sept 2015
Páginas: 205 - 220
DOI: https://doi.org/10.1515/jaiscr-2015-0029
© Academy of Management (SWSPiZ), Lodz
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License.

[1] B. Miller and D. Rowe, ”A survey SCADA of and critical infrastructure incidents,” in Proceedings of the 1st Annual Conference on Research in Information Technology (RITI’12), Calgary, Alberta, Canada, October 11-13, 2012, pp. 51-56.10.1145/2380790.2380805Search in Google Scholar

[2] T. M. Chen, ”Stuxnet, the real start of cyber warfare? [Editor’s note],” Network, IEEE, vol. 24, pp. 2-3, 2010.10.1109/MNET.2010.5634434Search in Google Scholar

[3] D. Kushner, ”The Real Story of Stuxnet: How Kaspersky Lab tracked down the malware that stymied Iran’s nuclear-fuel enrichment program,” IEEE Spectrum, 2013.10.1109/MSPEC.2013.6471059Search in Google Scholar

[4] D. P. Fidler, ”Was Stuxnet an Act of War? Decoding a Cyberattack,” IEEE Security & Privacy, vol. 9, pp. 56-59, 2011.10.1109/MSP.2011.96Search in Google Scholar

[5] ”Sector Risk Snapshot,” DHS Office of Cyber and Infrastructure Analysis (OCIA) ed. Washington, DC, 2014, p. 52.Search in Google Scholar

[6] ”Inventory of Risk Management/Risk Assessment Methods,” in Risk Management/Risk Assessment Methods and Tools, ENISA European Network and Information Security Agency ed. Heraklion, Greece, 2014.Search in Google Scholar

[7] ”Comparison of Risk Management Methods and Tools,” in Risk Management/Risk Assessment Methods and Tools, ENISA European Network and Information Security Agency ed. Heraklion, Greece, 2014.Search in Google Scholar

[8] B. Boehm, L. G. Huang, A. Jain, and R. Madachy, ”The nature of system dependability: A stake-holder/value approach,” University of Southern California USC-CSSE-2004-520, 2004.Search in Google Scholar

[9] D. Wu, Q. Li, M. He, B. Boehm, Y. Yang, and S. Koolmanojwong, ”Analysis of stakeholder/value dependency patterns and process implications: A controlled experiment,” in 43rd Hawaii Int. Conf. on System Sciences (HICSS), 2010.10.1109/HICSS.2010.60Search in Google Scholar

[10] A. B. Aissa, R. K. Abercrombie, F. T. Sheldon, and A. Mili, ”Defining and computing a value based cyber-security measure,” Information Systems and e-Business Management, vol. 10, pp. 433-453, 2012.10.1007/s10257-011-0177-1Search in Google Scholar

[11] IEEE, ”IEEE C37.1-2007, IEEE Standard for SCADA and Automation Systems,” ed, 2008, p. 143.Search in Google Scholar

[12] V. M. Igure, S. A. Laughter, and R. D. Williams, ”Security issues in SCADA networks,” Computers & Security, vol. 25, pp. 498-506, October 2006.10.1016/j.cose.2006.03.001Search in Google Scholar

[13] M. Hentea, ”Improving Security for SCADA Control Systems,” Interdisciplinary Journal of Information, Knowledge, and Management, vol. 3, pp. 73-86, 2008.10.28945/91Search in Google Scholar

[14] Y. Cherdantseva and J. Hilton, ”A reference model of information assurance & security,” in 2013 Int. Conf. on Availability, Reliability and Security (ARES), Regensburg, 2013, pp. 546-555.10.1109/ARES.2013.72Search in Google Scholar

[15] A. Daneels and W. Salter, ”What is SCADA?,” in Int. Conf. on Accelerator and Large Experimental Physics Control Systems, 1999, pp. 339-343.Search in Google Scholar

[16] D. H. Ryu, H. Kim, and K. Um, ”Reducing security vulnerabilities for critical infrastructure,” Journal of Loss Prevention in the Process Industries, vol. 22, pp. 1020-1024, 2009.Search in Google Scholar

[17] P. A. S. Ralston, J. H. Graham, and J. L. Hieb, ”Cyber security risk assessment for SCADA and DCS networks,” ISA Transactions, vol. 46, pp. 583-594, 2007.10.1016/j.isatra.2007.04.00317624350Search in Google Scholar

[18] R. Dawson, C. Boyd, E. Dawson, and J. M. G. Nieto, ”SKMA: A Key Management Architecture for SCADA systems,” in Proceedings of the 2006 Australasian Workshops on Grid computing and e-Research - Volume 54, Hobart, Tasmania, Australia, 2006, pp. 183-192.Search in Google Scholar

[19] C. Ning, W. Jidong, and Y. Xinghuo, ”SCADA system security: Complexity, history and new developments,” in Industrial Informatics, 2008. INDIN 2008. 6th IEEE International Conference on, Daejeon, Korea, 2008, pp. 569-574.Search in Google Scholar

[20] W. Yang and Q. Zhao, ”Cyber security issues of critical components for industrial control system,” in 2014 IEEE Chinese on Guidance, Navigation and Control Conference (CGNCC), Yantai, 2014, pp. 2698-2703.10.1109/CGNCC.2014.7007593Search in Google Scholar

[21] A. B. Aissa, R. K. Abercrombie, F. T. Sheldon, and A. Mili, ”Quantifying Security Threats and Their Potential Impacts: A Case Study,” Innovations in Systems and Software Engineering, vol. 6, pp. 269-281, December 2010.10.1007/s11334-010-0123-2Search in Google Scholar

[22] J. Caswell, ”Survey of Industrial Control Systems Security,” Washington University in St. Louis, St. Loius, Missouri 2011.Search in Google Scholar

[23] A. Hildick-Smith, ”Security for Critical Infrastructure SCADA Systems,” SANS GSEC Practical Assignment, Version 1.4c, Option 1, February 23, 2005.Search in Google Scholar

[24] ”Vulnerability analysis of energy delivery control system,” Idaho National Laboratory, Idaho Falls INL/EXT-10-18381, September 2011.Search in Google Scholar

[25] S. Amin, A. Crdenas, and S. S. Sastry, ”Safe and secure networked control systems under Denial-of-Service attacks,” in Hybrid Systems: Computation and Control. vol. 5469, R. Majumdar and P. Tabuada, Eds., ed: Springer Berlin Heidelberg, 2009, pp. 31-45.Search in Google Scholar

[26] A. Nicholson, S. Webber, S. Dyer, T. Patel, and H. Janicke, ”SCADA security in the light of Cyber-Warfare,” Computers & Security, vol. 31, pp. 418-436, 2012.10.1016/j.cose.2012.02.009Search in Google Scholar

[27] K. Stouffer, J. Falco, and K. Scarfone, ”Guide to Industrial Control Systems (ICS) Security,” National Institute of Standards and Technology (NIST), Gaithersburg, MD Special Publication 800-82, June 2011.Search in Google Scholar

[28] I. Onyeji, M. Bazilian, and C. Bronk, ”Cyber Security and Critical Energy Infrastructure,” The Electricity Journal, vol. 27, pp. 52-60, 2014.10.1016/j.tej.2014.01.011Search in Google Scholar

[29] F. T. Sheldon, R. K. Abercrombie, and A. Mili, ”Evaluating security controls based on key performance indicators and stakeholder mission,” in 4th Workshop on Cyber security and information intelligence research (CSIIRW’08), Oak Ridge, Tennessee, 2008, pp. 1-11.10.1145/1413140.1413188Search in Google Scholar

[30] Q. Chen and S. Abdelwahed, ”Towards realizing self-protecting SCADA systems,” in Proceedings of the 9th Annual Cyber and Information Security Research Conference, Oak Ridge, Tennessee, USA, 2014, pp. 105-108.10.1145/2602087.2602113Search in Google Scholar

[31] Q. Chen and S. Abdelwahed, ”A Model-based Approach to Self-Protection in SCADA Systems,” in 9th International Workshop on Feedback Computing (Feedback Computing ’14), Philadelphia, 2014.Search in Google Scholar

[32] ”DOE Electricity Subsector Cybersecurity Risk Management Process (RMP) Guideline (DOE/OE-003),” Department of Energy, Washington, D.C., 2012.Search in Google Scholar

[33] G. Stoneburner, A. Y. Goguen, and A. Feringa, ”Risk Management Guide for Information Technology Systems,” NIST Special Publication 800-30, Germantown, MD United States, 2002.10.6028/NIST.SP.800-30Search in Google Scholar

[34] ”Guide for Conducting Risk Assessments,” NIST Special Publication 800-30, Revision 1, Germantown, MD United States, September 2012.Search in Google Scholar

[35] A. Mili and F. T. Sheldon, ”Challenging the Mean Time to Failure: Measuring Dependability as a Mean Failure Cost,” in 42nd Hawaii International Conference on System Sciences (HICSS), 2009, pp. 1-10.Search in Google Scholar

[36] F. T. Sheldon, R. K. Abercrombie, and A. Mili, ”Methodology for evaluating security controls based on key performance indicators and stake-holder mission,” in 2009 42nd Hawaii International Conference on System Sciences (HICSS), 2009, pp. 1-10.Search in Google Scholar

[37] R. K. Abercrombie, E. M. Ferragut, F. T. Sheldon, and M. R. Grimaila, ”Addressing the need for independence in the CSE model,” in 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), 2011, pp. 68-75.10.1109/CICYBS.2011.5949395Search in Google Scholar

[38] R. K. Abercrombie, F. T. Sheldon, and M. R. Grimaila, ”A systematic comprehensive computational model for stake estimation in mission assurance,” in 2010 IEEE SocialCom, Minneapolis, MN, 2010, pp. 1153-1158.Search in Google Scholar

[39] R. K. Abercrombie, F. T. Sheldon, and A. Mili, ”Synopsis of evaluating security controls based on key performance indicators and stakeholder mission value,” in High Assurance Systems Engineering Symposium, 2008. HASE 2008. 11th IEEE, 2008, pp. 479-482.10.1109/HASE.2008.61Search in Google Scholar

[40] R. K. Abercrombie, B. G. Schlicher, and F. T. Sheldon, ”Security analysis of selected AMI failure scenarios using agent based game theoretic simulation,” in 47th Hawaii International Conference on System Sciences (HICSS), Big Island, HI, 2014, pp. 2015-2024.10.1109/HICSS.2014.255Search in Google Scholar

[41] R. K. Abercrombie, F. T. Sheldon, K. R. Hauser, M. W. Lantz, and A. Mili, ”Failure impact analysis of key management in AMI using cybernomic situational assessment (CSA),” in Eighth Cyber Security and Information Intelligence Research Workshop, 2013.10.1145/2459976.2459998Search in Google Scholar

[42] R. K. Abercrombie, F. T. Sheldon, K. R. Hauser, M. W. Lantz, and A. Mili, ”Risk assessment methodology based on the NISTIR 7628 guidelines,” in 46th Hawaii International Conference on System Sciences (HICSS), Wailea, Maui, HI USA, 2013, pp. 1802-1811.10.1109/HICSS.2013.466Search in Google Scholar

[43] R. K. Abercrombie, ”Cryptographic Key Management and Critical Risk Assessment,” Oak Ridge National Laboratory, Oak Ridge, TN ORNL/TM-2014/131, 2014.Search in Google Scholar

[44] C. Vishik, F. T. Sheldon, and D. Ott, ”Economic Incentives for Cybersecurity: Using Economics to Design Technologies Ready for Deployment,” in ISSE 2013 Securing Electronic Business Processes, ed: Springer, 2013, pp. 133-147.10.1007/978-3-658-03371-2_12Search in Google Scholar

[45] M. Jouini, A. B. Aissa, L. B. A. Rabai, and A. Mili, ”Towards Quantitative Measures of Information Security: A Cloud Computing Case Study,” International Journal of Cyber-Security and Digital Forensics, vol. 1, pp. 248-262, 2012.Search in Google Scholar

[46] A. B. Aissa, L. B. A. Rabai, R. K. Abercrombie, F. T. Sheldon, and A. Mili, ”Quantifying availability in SCADA environments using the cyber security metric MFC,” in Proceedings of 2014 9th Cyber and Information Security Research Conference, Oak Ridge, TN, 2014, pp. 81-84.10.1145/2602087.2602103Search in Google Scholar

[47] A. B. Aissa, R. K. Abercrombie, F. T. Sheldon, and A. Mili, ”Quantifying the impact of unavailability in cyber-physical environments,” in 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), 2014, pp. 1-8.10.1109/CICYBS.2014.7013364Search in Google Scholar

[48] ”Introduction to Repairable Systems,” in System Analysis Reference, Reliability, Availability & Optimization, ed Tucson: RealiSoft Corporation, 2013, pp. 112-125.Search in Google Scholar

eISSN:
2083-2567
Idioma:
Inglés
Calendario de la edición:
4 veces al año
Temas de la revista:
Computer Sciences, Artificial Intelligence, Databases and Data Mining
RSS Feed de revista