Abstract
Existing cyber security training programs for Critical Infrastructures (CI) place much emphasis on technical aspects, often related to a specific sector/expertise, overlooking the importance of communication (i.e. the ability of a stakeholder to gather and provide relevant information). We hypothesise that the achievement of a secure and resilient society requires a shared protocol among CI stakeholders, that would facilitate communication and cooperation. In order to validate our hypothesis and explore effective communication structures while facing a cyber incident and during recovery, we developed a discussion-based exercise using an Industrial Control System (ICS) incident scenario, and implemented it in pilot workshops where a total of 91 experts participated. Results suggest there are three possible incident communication structures centered around the IT department, the production department, and management, respectively. In future, these structures can be used as the framework to build an ICS-Security Incident Response Team (ICS-SIRT), which would strengthen cooperation among CI stakeholders.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
SANS Institute: 2016 Security Awareness Report. SANS Institute (2016). http://securingthehuman.sans.org/resources/security-awareness-report
Department of Homeland Security: Training available through ICS-CERT. https://ics-cert.us-cert.gov/Training-Available-Through-ICS-CERT#workshop
Sitnikova, E., Foo, E., Vaughn, R.B.: The power of hands-on exercises in SCADA cyber security education. In: Dodge, R.C., Futcher, L. (eds.) WISE 2009. IAICT, vol. 406, pp. 83–94. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39377-8_9
Foo, E., Branagan, M., Morris, T.: A proposed Australian industrial control system security curriculum. In: 2013 46th Hawaii International Conference on System Sciences (HICSS), pp. 1754–1762. IEEE (2013)
European Network for Cyber Security: E.ON teams get trained on ICS and smart grid cyber security during the ENCS red team blue team course—ENCS. https://www.encs.eu/2015/11/10/
Branlat, M.: Challenges to adversarial interplay under high uncertainty: staged-world study of a cyber security event. Ph.D. thesis, The Ohio State University (2011)
Branlat, M., Morison, A., Finco, G., Gertman, D., Le Blanc, K., Woods, D.: A study of adversarial interplay in a cybersecurity event. In: Proceedings of the 10th International Conference on Naturalistic Decision Making (NDM 2011), 31 May–3 June 2011
Aoyama, T., Naruoka, H., Koshijima, I., Watanabe, K.: How management goes wrong? The human factor lessons learned from a cyber incident handling exercise. Procedia Manuf. 3, 1082–1087 (2015). 6th International Conference on Applied Human Factors and Ergonomics (AHFE 2015) and the Affiliated Conferences, AHFE 2015. http://www.sciencedirect.com/science/article/pii/S2351978915001791
Aoyama, T., Naruoka, H., Koshijima, I., Machii, W., Seki, K.: Studying resilient cyber incident management from large-scale cyber security training. In: 2015 10th Asian Control Conference (ASCC), pp. 1–4. IEEE (2015)
Watanabe, K.: Developing public-private partnership based business continuity management for increased community resilience. J. Bus. Contin. Emerg. Plann. 3(4), 335–344 (2009)
Borell, J., Eriksson, K.: Learning effectiveness of discussion-based crisis management exercises. Int. J. Disaster Risk Reduct. 5, 28–37 (2013). http://www.sciencedirect.com/science/article/pii/S2212420913000332
US Department of Homeland Security and United States of America: Homeland security exercise and evaluation program (HSEEP) volume I: HSEEP overview and exercise program management (2007)
Aoyama, T., Koike, M., Koshijima, I., Hashimoto, Y.: A unified framework for safety and security assessment in critical infrastructures. In: Safety and Security Engineering V. Witpress Ltd., September 2013. http://dx.doi.org/10.2495/SAFE130071
Takagi, H., Morita, T., Matta, M., Moritani, H., Hamaguchi, T., Jing, S., Koshijima, I., Hashimoto, Y.: Strategic security protection for industrial control systems. In: 2015 54th Annual Conference of the Society of Instrument and Control Engineers of Japan (SICE), pp. 986–992. IEEE (2015)
Sheffi, Y., Rice Jr., J.B.: A supply chain view of the resilient enterprise. MIT Sloan Manag. Rev. 47(1), 41 (2005)
Bigley, G.A., Roberts, K.H.: The incident command system: high-reliability organizing for complex and volatile task environments. Acad. Manag. J. 44(6), 1281–1299 (2001)
Converse, S.: Shared mental models in expert team decision making. In: Castellan, N.J. (ed.) Individual and Group Decision Making: Current Issues, p. 221. Lawrence Erlbaum, Hillsdale (1993)
Mathieu, J.E., Heffner, T.S., Goodwin, G.F., Salas, E., Cannon-Bowers, J.A.: The influence of shared mental models on team process and performance. J. Appl. Psychol. 85(2), 273 (2000)
Bronk, H., Thorbruegge, M., Hakkaja, M.: A step-by-step approach on how to set up a CSIRT (2006)
Acknowledgements
This research is partially supported by the Ministry of Education, Science, Sports and Culture, Grant-in-Aid for Scientific Research (A), No. 16H01837 (2016); however, all remaining errors are attributable to the authors.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Aoyama, T., Watanabe, K., Koshijima, I., Hashimoto, Y. (2017). Developing a Cyber Incident Communication Management Exercise for CI Stakeholders. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds) Critical Information Infrastructures Security. CRITIS 2016. Lecture Notes in Computer Science(), vol 10242. Springer, Cham. https://doi.org/10.1007/978-3-319-71368-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-71368-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71367-0
Online ISBN: 978-3-319-71368-7
eBook Packages: Computer ScienceComputer Science (R0)