Vulnerability Assessment of Cyber Security in Power Industry

Due to the wide application of SCADA systems in national critical infrastructure, their cyber security issues and vulnerabilities have been a primary concern; whereas, the impact and consequences of cyber-attacks to these systems have the potential to result in catastrophic consequences in the physical domain. Therefore, estimating possible attack impacts and identifying system vulnerabilities are major concern in SCADA management and operations. However, it is quite difficult to plan, execute and review vulnerability analysis in critical infrastructure systems as well as in industrial control systems (such as SCADA system) due to its complexity, large-scale and heterogeneity. Consequently, a consistent domain-specific conceptual model is required to establish a generic framework for cyber security analysis to examine and investigate security threats on cyber-physical systems, the role of the entities within the system as well as system operations. The main contribution of this work is to present a multi-facets model to support cyber security analysis practices such as penetration testing, vulnerability assessment and risk analysis. The proposed model presents a common insight among different SCADA configurations, implementations and the employed protocols to handle its complexity, heterogeneous and scale. To demonstrate the usability as a proof of concept and applicability of the proposed model, the paper also presents an example illustrating how the proposed model can be employed to carry out security vulnerability assessment.

Download Full-text

Systems Approach Solution: Cyber Security and Power Industry Resilience

Engineering & Technology Reference ◽

10.1049/etr.2015.0110 ◽

2016 ◽

Author(s):

Jamie D C Darling

Keyword(s):

Cyber Security ◽

Systems Approach ◽

Power Industry

Download Full-text

A Web Platform for Integrated Vulnerability Assessment and Cyber Risk Management

Information ◽

10.3390/info10070242 ◽

2019 ◽

Vol 10 (7) ◽

pp. 242

Author(s):

Pietro Russo ◽

Alberto Caponi ◽

Marco Leuti ◽

Giuseppe Bianchi

Keyword(s):

Risk Management ◽

Risk Analysis ◽

Vulnerability Assessment ◽

Cyber Security ◽

Assessment Tool ◽

Security Assessment ◽

Software Platform ◽

Web Based ◽

Custom Made ◽

Cyber Risk

Cyber risk management is a very important problem for every company connected to the internet. Usually, risk management is done considering only Risk Analysis without connecting it with Vulnerability Assessment, using external and expensive tools. In this paper we present CYber Risk Vulnerability Management (CYRVM)—a custom-made software platform devised to simplify and improve automation and continuity in cyber security assessment. CYRVM’s main novelties are the combination, in a single and easy-to-use Web-based software platform, of an online Vulnerability Assessment tool within a Risk Analysis framework following the NIST 800-30 Risk Management guidelines and the integration of predictive solutions able to suggest to the user the risk rating and classification.

Download Full-text

Cyber security analysis using vulnerability assessment and penetration testing

2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave) ◽

10.1109/startup.2016.7583912 ◽

2016 ◽

Cited By ~ 13

Author(s):

Prashant S. Shinde ◽

Shrikant B. Ardhapurkar

Keyword(s):

Vulnerability Assessment ◽

Cyber Security ◽

Security Analysis ◽

Penetration Testing

Download Full-text

PENERAPAN ZERO ENTRY HACKING DIDALAM SECURITY MISCONFIGURATION PADA VAPT (VULNERABILITY ASSESSMENT AND PENETRATION TESTING)

Journal of Information System Management (JOISM) ◽

10.24076/joism.2019v1i1.18 ◽

2019 ◽

Vol 1 (1) ◽

pp. 18-22

Author(s):

Rama Sahtyawan

Keyword(s):

Vulnerability Assessment ◽

Cyber Security ◽

Penetration Testing ◽

Testing Methodology ◽

Zero Entry

Serangan terhadap sistem komputer dari waktu ke waktu semakin meningkat dan semakin canggih. Perusahaan dituntut untuk memastikan Cyber Security yang aman untuk melindungi dari serangan hacker. Penelitian ini, Mengimplementasikan VAPT (Vulnerability Assessment and Penetration Testing) menggunakan metode ZEH (Zero Entry Hacking)Penetration Testing Methodology untuk mengetahui kerentanan SMB (server Message block) dan RDP(remote desktop) pada server yang dapat dieksploitasi serta memberi penyerang hak akses terhadap server yang mampu memanipulasi data pada server.

Download Full-text

Research on Cyber Security Defense and Protection in Power Industry

Journal of Physics Conference Series ◽

10.1088/1742-6596/1769/1/012040 ◽

2021 ◽

Vol 1769 (1) ◽

pp. 012040

Author(s):

Zhiyu Chen ◽

Yonghe Guo ◽

Dongxia Bai ◽

Jiaxin Wang ◽

Yaozhong Dong ◽

...

Keyword(s):

Cyber Security ◽

Power Industry

Download Full-text