Skip to main content
SpringerLink
Log in

Architectures for Cyber-Security Incident Reporting in Safety-Critical Systems

  • Chapter
  • First Online:
Disaster Management: Enabling Resilience

Part of the book series: Lecture Notes in Social Networks ((LNSN))

Abstract

Cyber-attacks can have a devastating impact on safety-critical systems. The increasing reliance on mass market Commercial Off-The Shelf (COTS) infrastructures, including Linux and the IP stack, have created vulnerabilities in applications ranging from Air Traffic Management through to Railway signalling and Maritime surveillance. Once a system has been attacked, it is impossible to demonstrate that malware has been completely eradicated from a safety-related network. For instance, recent generations of malware use zero day exploits and process injection with command and control server architectures to circumvent existing firewalls and monitoring software. This creates enormous problems for regulators who must determine whether or not it is acceptably safe to resume operations. It is, therefore, important that we learn as much as possible from previous cyber-attacks without disclosing information that might encourage future attacks. This chapter describes different architectures for encouraging the exchange of lessons learned from security incidents in safety-critical applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Johnson CW (2003) Failure in safety-critical systems: a handbook of accident and incident reporting. University of Glasgow Press, Glasgow, Scotland

    Google Scholar 

  2. European Network and Information Security Agency (2012) Critical cloud computing: a critical information infrastructure protection perspective on cloud computing services, version 1.0, Heraklion, Greece, Dec 2012

    Google Scholar 

  3. NIST (2012) Computer security incident handling guide: recommendations of the National Institute of Standards and Technology. NIST special publication 800-61 revision 2, Aug 2012

    Google Scholar 

  4. Johnson CW (2012) CyberSafety: on the interactions between cybersecurity and the software engineering of safety-critical systems. In: Dale C, Anderson T (eds) Achieving System Safety. Springer, London, UK, pp 85–96. Paper to acompany a keynote address, 20th annual conference of the UK safety-critical systems club. ISBN: 978-1-4471-2493-1

    Google Scholar 

  5. Johnson CW (2013) The telecoms inclusion principle: the missing link between critical infrastructure protection and critical information infrastructure protection. In: Theron P, Bologna S (eds) Critical information infrastructure protection and resilience in the ICT sector. IGI Global, Pennsylvania, USA

    Google Scholar 

  6. U.S. National Institute of Standards and Technology (NIST) (2006) Guide to integrating forensic techniques into incident response. Special publication 800-86, Gaithersburg, Maryland. http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf

  7. U.S. National Institute of Standards and Technology (NIST) (2012) Computer security incident handling guide (draft). Special publication 800-61 revision 2 (draft), Gaithersburg, Maryland. http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf

  8. Wiik J, Gonzalez JJ, Kossakowski K-P (2005) Limits to effectiveness in computer security incident response teams. In: Twenty third international conference of the system dynamics society. The system dynamics society, Boston, MA, July 17–21 2005. http://www.cert.org/archive/pdf/Limits-to-CSIRT-Effectiveness.pdf

  9. US Government Accountability Office (2013) A better defined and implemented national strategy is needed to address persistent challenges, GAO-13-462T, Washington, DC, USA, 7 Mar 2013

    Google Scholar 

  10. US Government Accountability Office (2013) Cybersecurity: national strategy, roles, and responsibilities need to be better defined and more effectively implemented, GAO-13-187, Washington, DC, USA, 14 Feb 2013

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Science School of Computing Science, University of Glasgow, Glasgow, Scotland

    Chris W. Johnson

Authors
  1. Chris W. Johnson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chris W. Johnson .

Editor information

Editors and Affiliations

  1. Centre for Security Science, Ottawa, Ontario, Canada

    Anthony Masys

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

W. Johnson, C. (2015). Architectures for Cyber-Security Incident Reporting in Safety-Critical Systems. In: Masys, A. (eds) Disaster Management: Enabling Resilience. Lecture Notes in Social Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-08819-8_7

Download citation

Publish with us

Policies and ethics

Search

Navigation