Security assessment methodology for industrial control system products

Author

Hristova, Ana ; Schlegel, Roman ; Obermeier, Sebastian

Author_Institution

Corp. Res., ABB Switzerland Ltd., Baden, Switzerland

fYear

2014

fDate

4-7 June 2014

Firstpage

264

Lastpage

269

Abstract

Industrial control systems (ICS) are at the heart of critical infrastructures and security is therefore important for such systems. In order to determine the security level of existing and planned systems, ICS products should be efficiently and comprehensively assessed. In this paper we present a methodology for assessing the security of a product or a system that can be used by security experts and non-experts alike. The methodology contains specific and concrete security recommendations (what), a rationale for each recommendation (why) as well as concrete implementation guidance (how). The methodology aims to help product teams to quickly and efficiently assess the security level of their products, prioritize resources on future development efforts, and generate security requirements for future products. We validate the approach by applying a concrete instantiation of the methodology to a fictitious ICS product.

Keywords

control engineering computing; industrial control; production engineering computing; security of data; ICS; industrial control system products; security assessment methodology; security recommendations; Concrete; Conferences; Industrial control; Ports (Computers); Product development; Security; Testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Cyber Technology in Automation, Control, and Intelligent Systems (CYBER), 2014 IEEE 4th Annual International Conference on

Conference_Location

Hong Kong

Print_ISBN

978-1-4799-3668-7

Type

conf

DOI

10.1109/CYBER.2014.6917472

Filename

6917472