Functional Testing for Industrial Control Systems

2011 ◽  
Author(s):  
John Martens ◽  
Mark Fecke ◽  
Justin Bishop ◽  
Russ Ogle
Keyword(s):  
Control System ◽  
Control Systems ◽  
Case Studies ◽  
Careful Consideration ◽  
System Response ◽  
Functional Testing ◽  
Functional Tests ◽  
Industrial Control Systems ◽  
Functional Specification ◽  
Catastrophic Failures

Functional testing is an essential part of the process of developing trust in safety-critical control systems. A typical life cycle for a control system begins with a functional specification, which defines the system functionality. An important step in the design-to-commissioning process is the on-line functional testing that typically precedes release for operation. The functional testing is usually the last step in verifying operation and validating the design of the control system with respect to the functional description. Functional testing can often be the last chance to catch costly mistakes that may result from a system performing in unexpected ways. Many aspects of functional testing need careful consideration, including identifying hazards that the system is to guard against, developing tests to validate the control system response to the potential hazards, and performing the functional tests. This paper includes several case studies that highlight incidents where the functional testing has caught flaws in the control system that could have lead to catastrophic failures. Additional case studies where functional tests were not completed and catastrophic failures did occur are discussed and the lack of functional testing in those cases is examined. A simple methodology for selecting control loops that may benefit from functional testing is presented and useful guidance documents are identified.

Building a Cybersecurity Culture in the Industrial Control System Environment

2019 ◽  
Vol 8 (1) ◽  
pp. 39-44
Author(s):  
Claudia ARAUJO MACEDO ◽  
Jos MENTING
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Industrial Control System ◽  
Security Measures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
System A ◽  
Educational Processes

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

scholarly journals Specification of the Current State Vulnerabilities Related to Industrial Control Systems

2015 ◽  
Vol 11 (5) ◽  
pp. 64
Author(s):  
Jan Vávra ◽  
Martin Hromada ◽  
Roman Jašek
Keyword(s):  
Control System ◽  
Control Systems ◽  
Fundamental Question ◽  
Industrial Control System ◽  
Security Risk ◽  
Considerable Effort ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Current State ◽  
True Distribution

The contemporary trend of increasing connectivity, interoperability and efficiency of technologies, which are used in organizations, also affected Industrial Control System (further only ICS). The recently isolated system is becoming more dependent on interconnection with external technologies. This leads to a formation of new vulnerabilities, which are significant threats to ICS. For this reason, it is necessary to devote considerable effort to analyze vulnerabilities. Neglecting of this area could lead to damage or unavailability of ICS services. The purpose of the article is to evaluate vulnerabilities related to individual elements of ICS. The fundamental question of the article is to find a true distribution of security risk related to ICS.

scholarly journals Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system

2018 ◽  
Vol 7 (2.14) ◽  
pp. 153 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Maslina Daud ◽  
Norhamadi Ja'affar ◽  
Salman Yussof ◽  
...  
Keyword(s):  
Control System ◽  
Power System ◽  
Control Systems ◽  
Industrial Control ◽  
Power Utility ◽  
Industrial Control Systems ◽  
Injection Attacks ◽  
Scada System ◽  
Control Command ◽  
Catastrophic Impact

IEC 60870-5-104 is an international standard used for tele-control in electrical engineering and power system applications. It is one of the major principal protocols in SCADA system. Major industrial control vendors use this protocol for monitoring and managing power utility devices. One of the most common attacks which has a catastrophic impact on industrial control systems is the control command injection attack. It happens when an attacker injects false control commands into a control system. This paper presents the IEC 60870-5-104 vulnera-bilities from the perspective of command and information data injection. From the SCADA testbed that we setup, we showed that a success-ful control command injection attack can be implemented by exploiting the vulnerabilities identified earlier.  

scholarly journals Analysis of Cyber Threats in the Connection Section of the Control System and Countermeasures Required

2021 ◽  
Vol 12 (6) ◽  
pp. 412-417
Author(s):  
Yangha Chun
Keyword(s):  
Control System ◽  
Control Systems ◽  
Real Life ◽  
Information Storage ◽  
Control Network ◽  
Security Measures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Cyber Threats ◽  
Cyber Threat

In the past, the general practice for the control system network that manages and controls industrial facilities such as electric power, gas, oil, water, chemicals, automobiles, etc. was to install and operate this as an independent system, but over time the practice has gradually shifted toward the use of an open and standardized system. Until recently, most industrial control systems consisted of an independent network, and the possibility of cyber threat infringement was very low. As information storage media such as laptops or USB are connected to the control system for maintenance or management purposes, the possibility of cyber infringement is increasing. When the use of the control system's operational information increases due to beingVinked with the internal business system network or the Internet, countermeasures against external cyber threats must be provided.This paper analyzes and organizes the cyber threat factors that exist in the linking section connected to the industrial control system and other networks, examining domestic and foreign incidents of hacking of control systems to identify the vulnerabilities and security measures for each scenario in the control system network linkage section. Through this analysis, a method is suggested for establishing a control network that secures both availability and security, which are important in the control system, as well as the safe relay system in the configuration of the linkage between the control network and the business network, while addressing the vulnerabilities in the structure due to long-term use of the control system.This study analyzes cyber threat factors and real-life examples of infringements with the aim of providing approaches that will ensure industrial control systems can be operated safely and the risk of cyber hacking threats that occur in connection with other networks can be managed, and suggesting cyber security measures for the control system connection sections.

scholarly journals Analyzing the Impact of Cybersecurity on Monitoring and Control Systems in the Energy Sector

Energies ◽  
2021 ◽  
Vol 15 (1) ◽  
pp. 218
Author(s):  
Mohammed Alghassab
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Security ◽  
Energy Sector ◽  
Industrial Control System ◽  
Monitoring And Control ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Monitoring And Control Systems ◽  
And Control

Monitoring and control systems in the energy sector are specialized information structures that are not governed by the same information technology standards as the rest of the world’s information systems. Such industrial control systems are also used to handle important infrastructures, including smart grids, oil and gas facilities, nuclear power plants, water management systems, and so on. Industry equipment is handled by systems connected to the internet, either via wireless or cable connectivity, in the present digital age. Further, the system must work without fail, with the system’s availability rate being of paramount importance. Furthermore, to certify that the system is not subject to a cyber-attack, the entire system must be safeguarded against cyber security vulnerabilities, threats, and hazards. In addition, the article looks at and evaluates cyber security evaluations for industrial control systems, as well as their possible impact on the accessibility of industrial control system operations in the energy sector. This research work discovers that the hesitant fuzzy-based method of the Analytic Hierarchy Process (AHP) and the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is an operational procedure for estimating industrial control system cyber security assessments by understanding the numerous characteristics and their impacts on cyber security industrial control systems. The author evaluated the outputs of six distinct projects to determine the quality of the outcomes and their sensitivity. According to the results of the robustness analysis, alternative 1 shows the utmost effective cybersecurity project for the industrial control system. This research work will be a conclusive reference for highly secure and managed monitoring and control systems.

Information Security Evaluation of the Key Equipment in Industrial Control Systems

2013 ◽  
Vol 336-338 ◽  
pp. 1640-1644
Author(s):  
Zhi Gang Zhang ◽  
Zhuo Lv ◽  
Shuang Xia Niu
Keyword(s):  
Control System ◽  
Information Security ◽  
Control Systems ◽  
Research Program ◽  
System Level ◽  
Security Evaluation ◽  
Industrial Control System ◽  
Industrial Control ◽  
Security Risks ◽  
Industrial Control Systems

This paper analyzes the information security risks faced by the industrial control systems, Propose the Information Security Evaluation on industrial control system based on the level protection assessment technology, The development of industrial control system from the device level , field-level and system-level three levels of information security evaluation, propose the next step in the research program.

Cyber-Security for ICS/SCADA

2020 ◽  
pp. 613-630
Author(s):  
Barend Pretorius ◽  
Brett van Niekerk
Keyword(s):  
South Africa ◽  
Control System ◽  
Control Systems ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Physical Damage ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Nation States ◽  
National Infrastructure

Industrial control systems (ICS) or supervisory, control, and data acquisition (SCADA) systems drive many key components of the national infrastructure. It makes these control systems targets for cyber-attacks by terrorists and nation-states who wish to damage their target economically and socially, and cyber-criminals who blackmail the companies operating the infrastructure. Despite the high risk of leaving these systems exposed, providing adequate cyber-security is often challenging. The Stuxnet worm illustrated how vulnerable control systems potentially are when it bypassed a number of security mechanisms to cause physical damage to an Iranian nuclear facility. The article focuses on ICS/SCADA in South Africa discussing the unique challenges and legislation relate to securing control system in the South Africa. A governance and security framework for overcoming these challenges are proposed.

scholarly journals TRUST AND MANAGEMENT CONTROL SYSTEM: A STUDY ON META-SINTHETIC INTERACTIONS

2017 ◽  
Vol 23 (1) ◽  
pp. 156-178
Author(s):  
Patricia Villa Costa Vaz ◽  
Márcia Maria dos Santos Bortolocci Espejo
Keyword(s):  
Control System ◽  
Control Systems ◽  
Case Studies ◽  
Management Control ◽  
Management Control Systems ◽  
Primary Case ◽  
Management Control System ◽  
Trust In Management ◽  
And Performance ◽  
Organizational Objectives

ABSTRACT Management accounting has been associated to the institutionalization of trust inside organizations. Trust allows the implementation of systems which grant freedom to choose without trying to process more information about the world than it ought to be done. (TOMKINS, 2001). Regarding such aspects, this paper questions: how have previous studies been relating trust and Management Control Systems (MCS) towards reaching organizational objectives? To achieve this, we object to examine the role of trust in Management Control System, and its relation with organizational objectives, according to Hoon’s (2014) methodology, which allow the construction of a theory based on primary case studies. On developing the methodology four causal networks have been examined on selected studies: institutions, Management Control Systems, trust and organizational objectives. The institutions represent the effective background of the case studies, specially as a series of habits, rules, routines and procedures; the approaches regarding management control systems include budget and performance evaluation; in relation to trust, previous studies have primarily discussed it through contract, communication and competence approaches; and, as to organizational objectives, changes on current systems, focus on performance and business risk reduction are tackled. Feedback, however, was dealt with after achieving objectives, when management incorporates trust on personnel relationships – the primary step towards goals and objectives.

Sign in / Sign up

Export Citation Format

Share Document