Skip to main content
SpringerLink
Log in

An Investigation into the State of Cybersecurity Preparedness with Respect to Operational Technology

  • Chapter
  • First Online:
Wireless Networks

  • 295 Accesses

Abstract

The importance of software-level communication security in ICS is growing as these systems become more automated and connected to the outside world. This chapter provides a secure-by-design approach to ICS application development, where design-time abstractions known as secure links are used to meet criteria from security protocols like ISA/IEC 62443. Secure links are a proposed addition to an IEC 61499 design standard that makes it easy to integrate both lightweight and conventional security measures into software. Automatic compilation into completely IEC 61499-compliant software is possible for applications that use secure links. To keep up with this demand for greater adaptability. Nowadays, in the revolution of digitalization, automation plays significant role to achieve a sufficient level of security and reduce the use of both human resources and static processes. Therefore, it is crucial to model all security related capabilities and functionalities. In this chapter a unique requirements repository model for Industrial Control System that applies the LPGs (Labelled Property Graphs) to form and store standards based and system specific requirements using well-defined relationship types are highlighted. In addition, the researcher integrates the proposed requirements repository with the Industrial Control System design tools to determine requirements traceability. A wind turbine case study demonstrates the entire workflow within the proposed framework.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Norwich University (2019) IT vs. OT: comparing two vital information security concepts. Norwich University. Online. Available at: https://online.norwich.edu/academic-programs/resources/it-vs-ot. Accessed: 2 Sept 2022

  2. Kuppusamy E, Mariappan K (2021) Integration of operation technology (OT) and information technology (IT) through intelligent automation in manufacturing industries. In: Advances in manufacturing technology XXXIV: proceedings of the 18th international conference on manufacturing research, incorporating the 35th national conference on manufacturing research, 7–10 Sept 2021. University of Derby, Derby, UK. IOS Press

    Google Scholar 

  3. Alber B, Prince A (2021) The structure of OT typologies. Chapter 1: introduction to property theory

    Google Scholar 

  4. Green B, Derbyshire R, Knowles W, Boorman J, Ciholas P, Prince D, Hutchison D (2020) {ICS} testbed tetris: practical building blocks towards a cyber security resource. In: 13th USENIX workshop on cyber security experimentation and test (CSET 20)

    Google Scholar 

  5. US Homeland Security (2022) Cybersecurity, cybersecurity | Homeland security. Available at: https://www.dhs.gov/topics/cybersecurity. Accessed: 8 Sept 2022

  6. Ani UPD, Watson JM, Green B, Craggs B, Nurse JR (2021) Design considerations for building credible security testbeds: perspectives from industrial control system use cases. J Cyber Secur Technol 5(2):71–119

    Google Scholar 

  7. Anwar RW, Abdullah T, Pastore F (2021) Firewall best practices for securing smart healthcare environment: a review. Appl Sci 11(19):9183

    Article  Google Scholar 

  8. IECEE Publication (2022) Rules of procedure—CB scheme of the IECEE for mutual recognition of test certificates for electrotechnical equipment and components (CB scheme) and its related services: statement of test results—Energy Efficiency Testing Service (E3) Global Motor Energy Efficiency (GMEE) Program Industrial Cyber Security Program. IECEE documents | Rules, operational documents and guides. Available at: IECEE 02—rules of procedure. Accessed: 13 Sept 2022

    Google Scholar 

  9. Knapp ED, Langill J (2014) Industrial network security: securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems. Syngress

    Google Scholar 

  10. Stouffer K et al (2015) Guide to industrial control systems (ICS) security. CSRC. Available at: https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final. Accessed: 13 Nov 2022

  11. Hayden E (2019) 4 steps to critical infrastructure protection readiness: TechTarget, security. TechTarget. Available at: http://www.techtarget.com/searchsecurity/tip/252465638/4-steps-to-critical-infrastructure-protection-readiness. Accessed: 26 Sept 2022

  12. Boyer SA (2010) SCADA: supervisory control and data acquisition, 4th edn. ISA—International Society of Automation, Research Triangle Park

    Google Scholar 

  13. Franceschett AL, de Souza PR, de Barros FLP, de Carvalho VR (2019) A holistic approach—how to achieve the state-of-art in cybersecurity for a secondary distribution automation energy system applying the IEC 62443 standard. In: 2019 IEEE PES innovative smart grid technologies conference-Latin America (ISGT Latin America). IEEE

    Google Scholar 

  14. Ehrlich M et al (2019) Secure and flexible deployment of industrial applications inside cloud-based environments: semantic scholar. In: 2019 24th IEEE international conference on emerging technologies and factory automation (ETFA). Available at: https://www.semanticscholar.org/paper/Secure-and-Flexible-Deployment-of-Industrial-inside-Ehrlich-Trsek/e73f3d815cbf1c3f1ae437908cc39dbb37befb00. Accessed: 24 Dec 2022

  15. Conklin WA (2016) IT vs. OT security: a time to consider a change in CIA to include resilienc. In: 2016 49th Hawaii international conference on system sciences (HICSS). IEEE

    Google Scholar 

  16. Joint Task Force Transformation Initiative (2011) Managing information security risk: organization, mission, and information system view. CSRC. Available at: https://csrc.nist.gov/publications/detail/sp/800-39/final. Accessed: 22 Sept 2022

  17. Team E (2021) Understanding IEC 62443. IEC. Available at: https://www.iec.ch/blog/understanding-iec-62443. Accessed: 12 Sept 2022

  18. ITL NIST (2018) About the RMF–NIST risk management framework: CSRC. CSRC. Available at: https://csrc.nist.gov/projects/risk-management/about-rmf. Accessed: 12 Nov 2022

  19. Boehm A (2018) Take security to the next level with the top 5 CIS critical security controls, Ivanti. Ivanti. Available at: https://www.ivanti.com/blog/take-security-to-the-next-level-with-cis-critical-security-controls. Accessed: 21 Oct 2022

  20. Cooper D (2021) NIST test personal identity verification (PIV) cards version 2

    Google Scholar 

  21. Abdelghani T (2019) Implementation of defense in depth strategy to secure industrial control system in critical infrastructures. Am J Artif Intell 3(2):17–22

    Article  Google Scholar 

  22. Dutta N, Tanchak K, Delvadia K (2020) Modern methods for analyzing malware targeting control systems. In: Recent developments on industrial control systems resilience. Springer, Cham, pp 135–150

    Google Scholar 

  23. Culot G et al (2019) Addressing industry 4.0 cybersecurity challenges: semantic scholar. IEEE Eng Manag Rev. Available at: https://www.semanticscholar.org/paper/Addressing-Industry-4.0-Cybersecurity-Challenges-Culot-Fattori/ddefa2b96bdf6e9dc66ffc373ef5fd216b662574. Accessed 30 Sept 2022

  24. Ehrlich M et al (2019) Figure 1 from automated processing of security requirements and controls for a common Industrie 4.0 use case: semantic scholar. In: 2019 international conference on networked systems (NetSys). Available at: https://www.semanticscholar.org/paper/Automated-Processing-of-Security-Requirements-and-a-Ehrlich-Gergeleit/51d9b30acce66178804333c960d20ee638887988/figure/0. Accessed 5 Oct 2022

  25. Hahm O, Baccelli E, Petersen H, Tsiftes N (2015) Operating systems for low-end devices in the internet of things: a survey. IEEE Internet Things J 3(5):720–734

    Google Scholar 

  26. Raymundo Belleza R, de Freitas Pignaton E (2018) Performance study of real‐time operating systems for internet of things devices. IET Softw 12(3):176–182

    Google Scholar 

  27. Zakaria HM (2022) Security of IoT: sine logistic map, S-box, and Tan-Bessel function

    Google Scholar 

  28. Steinert LF (2022) Safety critical, high-performance systems based on COTS multicore processors for industrial and aerospace applications. Doctoral dissertation, Technische Universität München

    Google Scholar 

  29. IEC (2010) What is IEC 61508? 61508 Association. Available at: https://www.61508.org/knowledge/what-is-iec-61508.php. Accessed: 26 Dec 2022

  30. DRAGOS (2022) 10 ways asset visibility builds the foundation for OT cybersecurity. Available at: https://cdn.cyberscoop.com/asset-visibility-builds-OT-cybersecurity-foundation.pdf. Accessed 21 Oct 2022

  31. Lopes IM et al (2019) How ISO 27001 can help achieve GDPR compliance. In: 2019 14th Iberian conference on information systems and technologies (CISTI). IEEE

    Google Scholar 

  32. Singgrit P, Pamuji GC (2020) The use of ISO 27001 framework for government’s online E-monitoring system implementation. Int J Educ Inf Technol Others 3(3):556–563

    Google Scholar 

  33. Murray G, Johnstone MN, Valli C (2017) The convergence of IT and OT in critical infrastructure

    Google Scholar 

  34. Hohenegger A (2019) Die common criteria und IEC-62443. Deutscher IT-Sicherheitskongress

    Google Scholar 

  35. Fachot M (2020) IEC 62443 standards—a cornerstone of industrial cyber security. Etech. Available at: https://etech.iec.ch/issue/2020-04/iec-62443-standards-a-cornerstone-of-industrial-cyber-security#:~:text=The%20IEC%2062443%20series%20of%20Standards%20is%20organized,4%20Components%20%28IEC%2062443-4.%2A%20%E2%80%93%20both%20parts%20published%29. Accessed: 27 Oct 2022

  36. ISA (2020) Security lifecycles in the ISA/IEC 62443 series. ISA.org. Available at: https://21577316.fs1.hubspotusercontent-na1.net/hubfs/21577316/2022%20ISA%20Website%20Redesigns/ISA%20Secure/Files%20Repository%20For%20Learning%20Center/Articles%20Page/ISAGCA-Security-Lifecycles-whitepaper.pdf. Accessed: 27 Oct 2022

  37. Gupta S (2020) Assuring compliance with government certification and accreditation regulations. In: Cloud computing security

    Google Scholar 

  38. Brandao Filho SB, Cesar CDAC (2022) A secure method for industrial IoT development. SN Comput Sci 3(2):173

    Google Scholar 

  39. Stouffer K, Pease M, Tang C, Zimmerman T, Pillitteri V, Lightman S (2022) Guide to operational technology (OT) security (No. NIST Special Publication (SP) 800-82 Rev. 3 (Draft)). National Institute of Standards and Technology

    Google Scholar 

  40. Syafrizal M, Selamat SR, Zakaria NA (2020) Analysis of cybersecurity standard and framework components. Int J Commun Netw Inf Secur 12(3):417–432

    Google Scholar 

  41. Hohenegger A, Krummeck G, Baños J, Ortega A, Hager M, Sterba J, Kertis T, Novobilsky P, Prochazka J, Caracuel B, Sanz AL (2021) Security certification experience for industrial cyberphysical systems using common criteria and IEC 62443 certifications in certMILS. In: 2021 4th IEEE international conference on industrial cyber-physical systems (ICPS). IEEE

    Google Scholar 

  42. Téglásy BZ, Katsikas S, Lundteigen MA (2022) Standardized cyber security risk assessment for unmanned offshore facilities. In: Proceedings of the 3rd international workshop on engineering and cybersecurity of critical systems

    Google Scholar 

  43. Grove C (2021) Surprising findings in the SANS 2021 OT/ICS cybersecurity survey. Nozomi Networks. Available at: https://www.nozominetworks.com/blog/surprising-findings-in-the-sans-2021-ot-ics-cybersecurity-survey/. Accessed: 2 Nov 2022

  44. Jones N (2019) International policy: pitfalls and possibilities. In: Cyber security: threats and responses for government and business

    Google Scholar 

  45. Stouffer K et al (2022) Guide to operational technology (OT) security. CSRC. Available at: https://csrc.nist.gov/publications/detail/sp/800-82/rev-3/draft. Accessed: 4 Nov 2022

  46. Irny S, Rose A (2005) Designing a strategic information systems planning. Issues Inf Syst VI(1)

    Google Scholar 

  47. BouSaba C (2019) Implementing a DeMilitarized zone using holistic open source solution. In: 2019 ASEE annual conference and exposition

    Google Scholar 

  48. Tanveer A et al (2022) Tracing security requirements in industrial control systems using graph databases—software and systems modeling. Springer, Berlin. Available at: https://doi.org/10.1007/s10270-022-01019-8?code=4e726f40-5d33-456d-abf4-ffac84231bc8&error=cookies_not_supported. Accessed: 14 Dec 2022

  49. Lal M (2015) Neo4j graph data modeling. Packt Publishing Ltd., UK

    Google Scholar 

  50. Tanveer A, Sinha R, Kuo MM (2020) Secure links: secure-by-design communications in IEC 61499 industrial control applications. IEEE Trans Ind Inf 17(6):3992–4002

    Google Scholar 

  51. Sinha R, Dowdeswell B, Zhabelova G, Vyatkin V (2018) Torus: scalable requirements traceability for large-scale cyber-physical systems. ACM Trans Cyber Phys Syst 3(2):1–25

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Northumbria University, London, UK

    Farouk Akrama, Hamid Jahankhani & Hamid Jahankhani

Authors
  1. Farouk Akrama
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hamid Jahankhani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hamid Jahankhani .

Editor information

Editors and Affiliations

  1. Department of Information Security and Cyber Criminology, Northumbria University London, London, UK

    Hamid Jahankhani

  2. Department of Computer Science and Engineering, University of Westminster, London, UK

    Ayman El Hajjar

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Akrama, F., Jahankhani, H. (2023). An Investigation into the State of Cybersecurity Preparedness with Respect to Operational Technology. In: Jahankhani, H., El Hajjar, A. (eds) Wireless Networks . Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-33631-7_10

Download citation

Publish with us

Policies and ethics

Search

Navigation