Title :
Security assessment methodology for industrial control system products
Author :
Hristova, Ana ; Schlegel, Roman ; Obermeier, Sebastian
Author_Institution :
Corp. Res., ABB Switzerland Ltd., Baden, Switzerland
Abstract :
Industrial control systems (ICS) are at the heart of critical infrastructures and security is therefore important for such systems. In order to determine the security level of existing and planned systems, ICS products should be efficiently and comprehensively assessed. In this paper we present a methodology for assessing the security of a product or a system that can be used by security experts and non-experts alike. The methodology contains specific and concrete security recommendations (what), a rationale for each recommendation (why) as well as concrete implementation guidance (how). The methodology aims to help product teams to quickly and efficiently assess the security level of their products, prioritize resources on future development efforts, and generate security requirements for future products. We validate the approach by applying a concrete instantiation of the methodology to a fictitious ICS product.
Keywords :
control engineering computing; industrial control; production engineering computing; security of data; ICS; industrial control system products; security assessment methodology; security recommendations; Concrete; Conferences; Industrial control; Ports (Computers); Product development; Security; Testing;
Conference_Titel :
Cyber Technology in Automation, Control, and Intelligent Systems (CYBER), 2014 IEEE 4th Annual International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4799-3668-7
DOI :
10.1109/CYBER.2014.6917472
