Advertisement

Selected Issues of Cyber Security Practices in CBRNeCy Critical Infrastructure

  • Stanislav AbaimovEmail author
  • Maurizio Martellini
Chapter
Part of the Terrorism, Security, and Computation book series (TESECO)

Abstract

The article highlights the strong relevance and crucial importance of cyber security defence and response capacities in CBRNeCy assets and management, including in ICS and SCADA systems. Based on the overview of the recent cyber security publications and available information on global cybercrime, it reviews types of cyber and cyber related physical attacks on CBRN Industrial Control Systems; classifies attack types and defence techniques by network layer of attack; analyses security testing approaches based on knowledge of the targeted system, and evaluates types of due protection. The proper combination of existing physical security measures and cyber security testing exercises is considered, by the authors, as one of the most efficient ways to ensure sufficient protection against increasing global cyber threats to CBRNeCy infrastructures. The paper deals also with the best security practises, and contains enumeration of the globally recognized testing techniques and methodologies required to design effective multi-disciplinary security measures, thus providing a substantial ground for their practical implementation in the areas of concern.

Abbreviations

APT

Advanced Persistent Threat

BYOD

“Bring your own device”

CBRNe

Chemical, Biological, Radioactive, Nuclear and Explosives

CBRNeCy

Chemical, Biological, Radioactive, Nuclear, Explosives and Cyber

DoS

Denial of Service

DDoS

Distributed Denial of Service

DMZ

Demilitarised Zone

ICS

Industrial Control System (or Systems)

IEEE

Institute of Electrical and Electronics

PLC

Programmable Logic Controller

RFID

Radio-frequency identification

SCADA

Supervisory Control and Data Acquisition

SIEM

Security Information and Event Management

UN

United Nations

US CERT

United States Computer Emergency Readiness Team

Notes

Acknowledgements

One of the authors, Stanislav Abaimov, would like to express the sincere gratitude to Professor Giuseppe Bianchi for his trust, support and highly professional guidance.

References

  1. 1.
    Bennett, S.: A Brief History of Automatic Control. IEEE (1996)Google Scholar
  2. 2.
    Boudriga, N.: Security of mobile communications. Boca Raton. CRC Press (2010)Google Scholar
  3. 3.
    C. Baylon, R. D.: Cyber Security at Civil Nuclear Facilities,. Clatham House Report (2015)Google Scholar
  4. 4.
    Chatham House: Emerging Risk Report – 2016, Use of Chemical, Biological, Radiological and Nuclear Weapons by Non-State Actors. Chatham House, The Royal Institute of International Affairs (2016)Google Scholar
  5. 5.
    Cornell University of Law: 44 U.S. Code § 3542 - Definitions. (1992) Retrieved from Cornell University of Law Web site: https://www.law.cornell.edu/uscode/text/44/3542
  6. 6.
    Fernandez, I.: Cybersecurity for Industrial Automation & Control Environments: Protection and Prevention Strategies in the Face of the Growing Threats. Frost & Sullivan (2013)Google Scholar
  7. 7.
    Gasser, M.: Building a Secure Computer System. Van Nostrand Reinhold (1988)Google Scholar
  8. 8.
    Hayden, E.: An Abbreviated History of Automation & Industrial Controls Systems and Cybersecurity. SANS Institute (2015)Google Scholar
  9. 9.
    Hege Schultz Heireng, M. E.: THE DEVELOPMENT AND USE OF CBRN SCENARIOS FOR EMERGENCY PREPAREDNESS ANALYSES. FOI (2015)Google Scholar
  10. 10.
    ICS-CERT: 10 Basic Cybersecurity Measure. US-CERT (2015)Google Scholar
  11. 11.
    ICS-CERT: Industrial Control Systems Cyber Emergency Response Team (2016) Retrieved from https://ics-cert.us-cert.gov
  12. 12.
    IEEE: IEEE Communications Surveys and Tutorials. IEEE (2012)Google Scholar
  13. 13.
    IEEE Communications Surveys & Tutorials: Introduction to Industrial Control Networks. IEEE (2013)Google Scholar
  14. 14.
    Martellini, M.: Deterrence and IT Protection for Critical Infrastructures. Springer (2013)Google Scholar
  15. 15.
    NIST: Guide to Intrusion Detection and Prevention Systems. NIST (2007)Google Scholar
  16. 16.
    NIST: Technical Guide to the Information Security Testing and Assessment. National Institute of Standards and Technology Special Publication (2008)Google Scholar
  17. 17.
    Paske, E. L.: Cyber Security of Industrial Control Systems, Global Conference on Cyber Space (2015)Google Scholar
  18. 18.
    Stout, T. M., & Williams, T. J.: Pioneering Work in the Field of Computer Process Control. IEEE Annals of the History of Computing (1995)Google Scholar
  19. 19.
    US Department of State: Cyber Security for Nuclear Power Plants. Washington: US Department of State (2012)Google Scholar
  20. 20.
    Vanessa Romero Segovia, A. T.: History of PLC and DCS (2012)Google Scholar
  21. 21.
    Verizon: Data Breach digest. Scenarios from the field. Verizon (2016)Google Scholar
  22. 22.
    Wamala, F.: National Cybersecurity Strategy Guide. International Telecommunication Union (2011)Google Scholar
  23. 23.
    Wilson, C.: Cyberpower and National Security (2009)Google Scholar
  24. 24.
    Wilson, C.: Cyberterrorism: Understanding, Assessment, and Response. Swansea University (2014)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.University of Rome Tor VergataRomeItaly
  2. 2.University of Insubria and Landau Network Fondazione VoltaComoItaly

Personalised recommendations