Abstract
The importance of software-level communication security in ICS is growing as these systems become more automated and connected to the outside world. This chapter provides a secure-by-design approach to ICS application development, where design-time abstractions known as secure links are used to meet criteria from security protocols like ISA/IEC 62443. Secure links are a proposed addition to an IEC 61499 design standard that makes it easy to integrate both lightweight and conventional security measures into software. Automatic compilation into completely IEC 61499-compliant software is possible for applications that use secure links. To keep up with this demand for greater adaptability. Nowadays, in the revolution of digitalization, automation plays significant role to achieve a sufficient level of security and reduce the use of both human resources and static processes. Therefore, it is crucial to model all security related capabilities and functionalities. In this chapter a unique requirements repository model for Industrial Control System that applies the LPGs (Labelled Property Graphs) to form and store standards based and system specific requirements using well-defined relationship types are highlighted. In addition, the researcher integrates the proposed requirements repository with the Industrial Control System design tools to determine requirements traceability. A wind turbine case study demonstrates the entire workflow within the proposed framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Norwich University (2019) IT vs. OT: comparing two vital information security concepts. Norwich University. Online. Available at: https://online.norwich.edu/academic-programs/resources/it-vs-ot. Accessed: 2 Sept 2022
Kuppusamy E, Mariappan K (2021) Integration of operation technology (OT) and information technology (IT) through intelligent automation in manufacturing industries. In: Advances in manufacturing technology XXXIV: proceedings of the 18th international conference on manufacturing research, incorporating the 35th national conference on manufacturing research, 7–10 Sept 2021. University of Derby, Derby, UK. IOS Press
Alber B, Prince A (2021) The structure of OT typologies. Chapter 1: introduction to property theory
Green B, Derbyshire R, Knowles W, Boorman J, Ciholas P, Prince D, Hutchison D (2020) {ICS} testbed tetris: practical building blocks towards a cyber security resource. In: 13th USENIX workshop on cyber security experimentation and test (CSET 20)
US Homeland Security (2022) Cybersecurity, cybersecurity | Homeland security. Available at: https://www.dhs.gov/topics/cybersecurity. Accessed: 8 Sept 2022
Ani UPD, Watson JM, Green B, Craggs B, Nurse JR (2021) Design considerations for building credible security testbeds: perspectives from industrial control system use cases. J Cyber Secur Technol 5(2):71–119
Anwar RW, Abdullah T, Pastore F (2021) Firewall best practices for securing smart healthcare environment: a review. Appl Sci 11(19):9183
IECEE Publication (2022) Rules of procedure—CB scheme of the IECEE for mutual recognition of test certificates for electrotechnical equipment and components (CB scheme) and its related services: statement of test results—Energy Efficiency Testing Service (E3) Global Motor Energy Efficiency (GMEE) Program Industrial Cyber Security Program. IECEE documents | Rules, operational documents and guides. Available at: IECEE 02—rules of procedure. Accessed: 13 Sept 2022
Knapp ED, Langill J (2014) Industrial network security: securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems. Syngress
Stouffer K et al (2015) Guide to industrial control systems (ICS) security. CSRC. Available at: https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final. Accessed: 13 Nov 2022
Hayden E (2019) 4 steps to critical infrastructure protection readiness: TechTarget, security. TechTarget. Available at: http://www.techtarget.com/searchsecurity/tip/252465638/4-steps-to-critical-infrastructure-protection-readiness. Accessed: 26 Sept 2022
Boyer SA (2010) SCADA: supervisory control and data acquisition, 4th edn. ISA—International Society of Automation, Research Triangle Park
Franceschett AL, de Souza PR, de Barros FLP, de Carvalho VR (2019) A holistic approach—how to achieve the state-of-art in cybersecurity for a secondary distribution automation energy system applying the IEC 62443 standard. In: 2019 IEEE PES innovative smart grid technologies conference-Latin America (ISGT Latin America). IEEE
Ehrlich M et al (2019) Secure and flexible deployment of industrial applications inside cloud-based environments: semantic scholar. In: 2019 24th IEEE international conference on emerging technologies and factory automation (ETFA). Available at: https://www.semanticscholar.org/paper/Secure-and-Flexible-Deployment-of-Industrial-inside-Ehrlich-Trsek/e73f3d815cbf1c3f1ae437908cc39dbb37befb00. Accessed: 24 Dec 2022
Conklin WA (2016) IT vs. OT security: a time to consider a change in CIA to include resilienc. In: 2016 49th Hawaii international conference on system sciences (HICSS). IEEE
Joint Task Force Transformation Initiative (2011) Managing information security risk: organization, mission, and information system view. CSRC. Available at: https://csrc.nist.gov/publications/detail/sp/800-39/final. Accessed: 22 Sept 2022
Team E (2021) Understanding IEC 62443. IEC. Available at: https://www.iec.ch/blog/understanding-iec-62443. Accessed: 12 Sept 2022
ITL NIST (2018) About the RMF–NIST risk management framework: CSRC. CSRC. Available at: https://csrc.nist.gov/projects/risk-management/about-rmf. Accessed: 12 Nov 2022
Boehm A (2018) Take security to the next level with the top 5 CIS critical security controls, Ivanti. Ivanti. Available at: https://www.ivanti.com/blog/take-security-to-the-next-level-with-cis-critical-security-controls. Accessed: 21 Oct 2022
Cooper D (2021) NIST test personal identity verification (PIV) cards version 2
Abdelghani T (2019) Implementation of defense in depth strategy to secure industrial control system in critical infrastructures. Am J Artif Intell 3(2):17–22
Dutta N, Tanchak K, Delvadia K (2020) Modern methods for analyzing malware targeting control systems. In: Recent developments on industrial control systems resilience. Springer, Cham, pp 135–150
Culot G et al (2019) Addressing industry 4.0 cybersecurity challenges: semantic scholar. IEEE Eng Manag Rev. Available at: https://www.semanticscholar.org/paper/Addressing-Industry-4.0-Cybersecurity-Challenges-Culot-Fattori/ddefa2b96bdf6e9dc66ffc373ef5fd216b662574. Accessed 30 Sept 2022
Ehrlich M et al (2019) Figure 1 from automated processing of security requirements and controls for a common Industrie 4.0 use case: semantic scholar. In: 2019 international conference on networked systems (NetSys). Available at: https://www.semanticscholar.org/paper/Automated-Processing-of-Security-Requirements-and-a-Ehrlich-Gergeleit/51d9b30acce66178804333c960d20ee638887988/figure/0. Accessed 5 Oct 2022
Hahm O, Baccelli E, Petersen H, Tsiftes N (2015) Operating systems for low-end devices in the internet of things: a survey. IEEE Internet Things J 3(5):720–734
Raymundo Belleza R, de Freitas Pignaton E (2018) Performance study of real‐time operating systems for internet of things devices. IET Softw 12(3):176–182
Zakaria HM (2022) Security of IoT: sine logistic map, S-box, and Tan-Bessel function
Steinert LF (2022) Safety critical, high-performance systems based on COTS multicore processors for industrial and aerospace applications. Doctoral dissertation, Technische Universität München
IEC (2010) What is IEC 61508? 61508 Association. Available at: https://www.61508.org/knowledge/what-is-iec-61508.php. Accessed: 26 Dec 2022
DRAGOS (2022) 10 ways asset visibility builds the foundation for OT cybersecurity. Available at: https://cdn.cyberscoop.com/asset-visibility-builds-OT-cybersecurity-foundation.pdf. Accessed 21 Oct 2022
Lopes IM et al (2019) How ISO 27001 can help achieve GDPR compliance. In: 2019 14th Iberian conference on information systems and technologies (CISTI). IEEE
Singgrit P, Pamuji GC (2020) The use of ISO 27001 framework for government’s online E-monitoring system implementation. Int J Educ Inf Technol Others 3(3):556–563
Murray G, Johnstone MN, Valli C (2017) The convergence of IT and OT in critical infrastructure
Hohenegger A (2019) Die common criteria und IEC-62443. Deutscher IT-Sicherheitskongress
Fachot M (2020) IEC 62443 standards—a cornerstone of industrial cyber security. Etech. Available at: https://etech.iec.ch/issue/2020-04/iec-62443-standards-a-cornerstone-of-industrial-cyber-security#:~:text=The%20IEC%2062443%20series%20of%20Standards%20is%20organized,4%20Components%20%28IEC%2062443-4.%2A%20%E2%80%93%20both%20parts%20published%29. Accessed: 27 Oct 2022
ISA (2020) Security lifecycles in the ISA/IEC 62443 series. ISA.org. Available at: https://21577316.fs1.hubspotusercontent-na1.net/hubfs/21577316/2022%20ISA%20Website%20Redesigns/ISA%20Secure/Files%20Repository%20For%20Learning%20Center/Articles%20Page/ISAGCA-Security-Lifecycles-whitepaper.pdf. Accessed: 27 Oct 2022
Gupta S (2020) Assuring compliance with government certification and accreditation regulations. In: Cloud computing security
Brandao Filho SB, Cesar CDAC (2022) A secure method for industrial IoT development. SN Comput Sci 3(2):173
Stouffer K, Pease M, Tang C, Zimmerman T, Pillitteri V, Lightman S (2022) Guide to operational technology (OT) security (No. NIST Special Publication (SP) 800-82 Rev. 3 (Draft)). National Institute of Standards and Technology
Syafrizal M, Selamat SR, Zakaria NA (2020) Analysis of cybersecurity standard and framework components. Int J Commun Netw Inf Secur 12(3):417–432
Hohenegger A, Krummeck G, Baños J, Ortega A, Hager M, Sterba J, Kertis T, Novobilsky P, Prochazka J, Caracuel B, Sanz AL (2021) Security certification experience for industrial cyberphysical systems using common criteria and IEC 62443 certifications in certMILS. In: 2021 4th IEEE international conference on industrial cyber-physical systems (ICPS). IEEE
Téglásy BZ, Katsikas S, Lundteigen MA (2022) Standardized cyber security risk assessment for unmanned offshore facilities. In: Proceedings of the 3rd international workshop on engineering and cybersecurity of critical systems
Grove C (2021) Surprising findings in the SANS 2021 OT/ICS cybersecurity survey. Nozomi Networks. Available at: https://www.nozominetworks.com/blog/surprising-findings-in-the-sans-2021-ot-ics-cybersecurity-survey/. Accessed: 2 Nov 2022
Jones N (2019) International policy: pitfalls and possibilities. In: Cyber security: threats and responses for government and business
Stouffer K et al (2022) Guide to operational technology (OT) security. CSRC. Available at: https://csrc.nist.gov/publications/detail/sp/800-82/rev-3/draft. Accessed: 4 Nov 2022
Irny S, Rose A (2005) Designing a strategic information systems planning. Issues Inf Syst VI(1)
BouSaba C (2019) Implementing a DeMilitarized zone using holistic open source solution. In: 2019 ASEE annual conference and exposition
Tanveer A et al (2022) Tracing security requirements in industrial control systems using graph databases—software and systems modeling. Springer, Berlin. Available at: https://doi.org/10.1007/s10270-022-01019-8?code=4e726f40-5d33-456d-abf4-ffac84231bc8&error=cookies_not_supported. Accessed: 14 Dec 2022
Lal M (2015) Neo4j graph data modeling. Packt Publishing Ltd., UK
Tanveer A, Sinha R, Kuo MM (2020) Secure links: secure-by-design communications in IEC 61499 industrial control applications. IEEE Trans Ind Inf 17(6):3992–4002
Sinha R, Dowdeswell B, Zhabelova G, Vyatkin V (2018) Torus: scalable requirements traceability for large-scale cyber-physical systems. ACM Trans Cyber Phys Syst 3(2):1–25
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Akrama, F., Jahankhani, H. (2023). An Investigation into the State of Cybersecurity Preparedness with Respect to Operational Technology. In: Jahankhani, H., El Hajjar, A. (eds) Wireless Networks . Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-33631-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-33631-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33630-0
Online ISBN: 978-3-031-33631-7
eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)