scholarly journals Managing Cyber Security Risks of the Cyber-Enabled Ship

2020 ◽  
Vol 8 (10) ◽  
pp. 768
Author(s):  
Georgios Kavallieratos ◽  
Sokratis Katsikas
Keyword(s):  
Cyber Security ◽  
Cyber Physical Systems ◽  
Transformation Process ◽  
Cyber Attacks ◽  
Security Requirements ◽  
Shipping Industry ◽  
Security Risks ◽  
Industrial Control Systems ◽  
Physical Systems ◽  
Cyber Risk

One aspect of the digital transformation process in the shipping industry, a process often referred to as Shipping 4.0, is the increased digitization of on board systems that goes along with increased automation in and autonomy of the vessel. This is happening by integrating Information Technology with Operation Technology systems that results in Cyber Physical Systems on which the safe operations and sailing of contemporary and future vessels depend. Unavoidably, such highly interconnected and interdependent systems increase the exposure of the vessel’s digital infrastructure to cyber attacks and cyber security risks. In this paper, we leverage the STRIDE and DREAD methodologies to qualitatively and quantitatively assess the cyber risk of Cyber Physical Systems on board digitalized contemporary and future ships. Further, we propose appropriate cyber security baseline controls to mitigate such risks, by applying a systematic approach using a set of criteria that take into account the security requirements; the cyber risks; the possible attacks; and the possibly already existing controls, to select from the list of controls provided in the Industrial Control Systems (ICS) overlay of the NIST Guide to ICS Security. The results are expected to support the decision-making and the design of a security architecture for the cyber-enabled ship.

scholarly journals The Study on the Cyber Security Requirements of Cyber-Physical Systems for Cyber Security Frameworks

2012 ◽  
Vol 7 (5) ◽  
pp. 255-265
Author(s):  
Soo-Youl Park ◽  
Wook-Jin Choi ◽  
Bo-Heung Chung ◽  
Jeong-Nyeo Kim ◽  
Joo-Man Kim
Keyword(s):  
Cyber Security ◽  
Cyber Physical Systems ◽  
Security Requirements ◽  
Physical Systems

scholarly journals Risk Management and Standard Compliance for Cyber-Physical Systems of Systems

2021 ◽  
Vol 13 (2) ◽  
pp. 32-39
Author(s):  
George Matta ◽  
Sebastian Chlup ◽  
Abdelkader Magdy Shaaban ◽  
Christoph Schmittner ◽  
Andreas Pinzenöhler ◽  
...  
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Security Analysis ◽  
Cyber Physical Systems ◽  
Risk Identification ◽  
Security Requirements ◽  
Systems Of Systems ◽  
Physical Systems ◽  
Railway Systems ◽  
Industry Standards

The Internet of Things (IoT) and cloud technologies are increasingly implemented in the form of Cyber-Physical Systems of Systems (CPSoS) for the railway sector. In order to satisfy the security requirements of Cyber-Physical Systems (CPS), domainspecific risk identification assessment procedures have been developed. Threat modelling is one of the most commonly used methods for threat identification for the security analysis of CPSoS and is capable of targeting various domains. This paper reports our experience of using a risk management framework identify the most critical security vulnerabilities in CPSoS in the domain and shows the broader impact this work can have on the domain of safety and security management. Moreover, we emphasize the application of common analytical methods for cyber-security based on international industry standards to identify the most vulnerable assets. These will be applied to a meta-model for automated railway systems in the concept phase to support the development and deployment of these systems. Furthermore, it is the first step to create a secure and standard complaint system by design.

A review of security assessment methodologies in industrial control systems

2019 ◽  
Vol 27 (1) ◽  
pp. 47-61 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Maslina Daud ◽  
Ahmed Patel ◽  
Norhamadi Ja’affar
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Electrical Power ◽  
Assessment Method ◽  
Cyber Attacks ◽  
Security Requirements ◽  
Security Assessment ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Content Type

Purpose The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure. Design/methodology/approach This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems. Findings The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements. Originality/value This paper presents a review and a comparative analysis of several standard SCADA security assessment methodologies and guidelines published by internationally recognised bodies. In addition, it explores the adequacy of the existing methodologies in meeting cyber security assessment practices required for electrical power networks.

scholarly journals Securing Real-Time Internet-of-Things

Sensors ◽  
2018 ◽  
Vol 18 (12) ◽  
pp. 4356 ◽  
Author(s):  
Chien-Ying Chen ◽  
Monowar Hasan ◽  
Sibin Mohan
Keyword(s):  
Internet Of Things ◽  
Real Time ◽  
Manufacturing Systems ◽  
Cyber Physical Systems ◽  
Cyber Attacks ◽  
Power Grids ◽  
Embedded Devices ◽  
Industrial Control Systems ◽  
Physical Systems ◽  
Recent Developments

Modern embedded and cyber-physical systems are ubiquitous. Many critical cyber-physical systems have real-time requirements (e.g., avionics, automobiles, power grids, manufacturing systems, industrial control systems, etc.). Recent developments and new functionality require real-time embedded devices to be connected to the Internet. This gives rise to the real-time Internet-of-things (RT-IoT) that promises a better user experience through stronger connectivity and efficient use of next-generation embedded devices. However, RT-IoT are also increasingly becoming targets for cyber-attacks, which is exacerbated by this increased connectivity. This paper gives an introduction to RT-IoT systems, an outlook of current approaches and possible research challenges towards secure RT-IoT frameworks.

scholarly journals A Preliminary Design-Phase Security Methodology for Cyber–Physical Systems

Systems ◽  
2019 ◽  
Vol 7 (2) ◽  
pp. 21 ◽  
Author(s):  
Bryan Carter ◽  
Stephen Adams ◽  
Georgios Bakirtzis ◽  
Tim Sherburne ◽  
Peter Beling ◽  
...  
Keyword(s):  
Systems Engineering ◽  
Cyber Security ◽  
Cyber Physical Systems ◽  
Security Requirements ◽  
Complex Nature ◽  
Theoretic Model ◽  
Physical Systems ◽  
Model Based ◽  
The Face ◽  
Comparison Of The Results

Despite “cyber” being in the name, cyber–physical systems possess unique characteristics that limit the applicability and suitability of traditional cybersecurity techniques and strategies. Furthermore, vulnerabilities to cyber–physical systems can have significant safety implications. The physical and cyber interactions inherent in these systems require that cyber vulnerabilities not only be defended against or prevented, but that the system also be resilient in the face of successful attacks. Given the complex nature of cyber–physical systems, the identification and evaluation of appropriate defense and resiliency strategies must be handled in a targeted and systematic manner. Specifically, what resiliency strategies are appropriate for a given system, where, and which should be implemented given time and/or budget constraints? This paper presents two methodologies: (1) the cyber security requirements methodology and (2) a systems-theoretic, model-based methodology for identifying and prioritizing appropriate resiliency strategies for implementation in a given system and mission. This methodology is demonstrated using a case study based on a hypothetical weapon system. An assessment and comparison of the results from the two methodologies suggest that the techniques presented in this paper can augment and enhance existing systems engineering approaches with model-based evidence.

scholarly journals VERCASM-CPS: Vulnerability Analysis and Cyber Risk Assessment for Cyber-Physical Systems

Information ◽  
2021 ◽  
Vol 12 (10) ◽  
pp. 408
Author(s):  
Bradley Northern ◽  
Trey Burks ◽  
Marlana Hatcher ◽  
Michael Rogers ◽  
Denis Ulybyshev
Keyword(s):  
Cyber Physical Systems ◽  
Cyber Attacks ◽  
Risk Scores ◽  
Critical Infrastructures ◽  
Moving Target ◽  
Public Database ◽  
Physical Systems ◽  
Automatic Mode ◽  
System Configurations ◽  
Cyber Risk

Since Cyber-Physical Systems (CPS) are widely used in critical infrastructures, it is essential to protect their assets from cyber attacks to increase the level of security, safety and trustworthiness, prevent failure developments, and minimize losses. It is necessary to analyze the CPS configuration in an automatic mode to detect the most vulnerable CPS components and reconfigure or replace them promptly. In this paper, we present a methodology to determine the most secure CPS configuration by using a public database of cyber vulnerabilities to identify the most secure CPS components. We also integrate the CPS cyber risk analysis with a Controlled Moving Target Defense, which either replaces the vulnerable CPS components or re-configures the CPS to harden it, while the vulnerable components are being replaced. Our solution helps to design a more secure CPS by updating the configuration of existing CPS to make them more resilient against cyber attacks. In this paper, we will compare cyber risk scores for different CPS configurations and show that the Windows® 10 build 20H2 operating system is more secure than Linux Ubuntu® 20.04, while Red Hat® Enterprise® Linux is the most secure in some system configurations.

scholarly journals Communication Vulnerabilities in Electric Mobility HCP Systems: A Semi-Quantitative Analysis

Smart Cities ◽  
2021 ◽  
Vol 4 (1) ◽  
pp. 405-428
Author(s):  
Robert Basmadjian
Keyword(s):  
Cyber Security ◽  
Electric Mobility ◽  
Security Requirements ◽  
Security Risks ◽  
Physical Systems ◽  
Charging Station ◽  
Mobility Service ◽  
Supply Equipment ◽  
The Common ◽  
Available Information

An electric mobility ecosystem, which resembles a human-centred cyber physical (HCP) system, consists of several interacting sub-systems that constantly communicate with each other. Cyber-security of such systems is an important aspect as vulnerability of one sub-system propagates to the entire system, thus putting it into risk. Risk assessment requires modelling of threats and their impacts on the system. Due to lack of available information on all possible threats of a given system, it is generally more convenient to assess the level of vulnerabilities either qualitatively or semi-quantitatively. In this paper, we adopt the common vulnerability scoring system (CVSS) methodology in order to assess semi-quantitatively the vulnerabilities of the communication in electric mobility human-centred cyber physical systems. To this end, we present the most relevant sub-systems, their roles as well as exchanged information. Furthermore, we give the considered threats and corresponding security requirements. Using the CVSS methodology, we then conduct an analysis of vulnerabilities for every pair of communicating sub-systems. Among them, we show that the sub-systems between charging station operator (CSO) and electric vehicle supply equipment (charging box) as well as CSO and electric mobility service provider are the most vulnerable in the end-to-end chain of electric mobility. These results pave the way to system designers to assess the operational security risks, and hence to take the most adequate decisions, when implementing such electric mobility HCP systems.

Security of Cyber-Physical Systems: A Generalized Algorithm for Intrusion Detection and Determining Security Robustness of Cyber Physical Systems using Logical Truth Tables

2013 ◽  
Vol 9 ◽  
Author(s):  
Curtis G. Northcutt
Keyword(s):  
Intrusion Detection ◽  
Cyber Security ◽  
Logical Truth ◽  
Cyber Physical Systems ◽  
Security Model ◽  
Security Measures ◽  
Physical Systems ◽  
Multiple Signal ◽  
Security Attack ◽  
Truth Tables

The recent proliferation of embedded cyber components in modern physical systems [1] has generated a variety of new security risks which threaten not only cyberspace, but our physical environment as well. Whereas earlier security threats resided primarily in cyberspace, the increasing marriage of digital technology with mechanical systems in cyber-physical systems (CPS), suggests the need for more advanced generalized CPS security measures. To address this problem, in this paper we consider the first step toward an improved security model: detecting the security attack. Using logical truth tables, we have developed a generalized algorithm for intrusion detection in CPS for systems which can be defined over discrete set of valued states. Additionally, a robustness algorithm is given which determines the level of security of a discrete-valued CPS against varying combinations of multiple signal alterations. These algorithms, when coupled with encryption keys which disallow multiple signal alteration, provide for a generalized security methodology for both cyber-security and cyber-physical systems.

Sign in / Sign up

Export Citation Format

Share Document