Abstract
Protecting our critical infrastructures like energy generation and distribution, telecommunication, production and traffic against cyber attacks is one of the major challenges of the new millennium. However, as security is such a complex and multilayer topic often the necessary structured foundation is missing for a manufacturer to assess the current security level of a system. This paper introduces a methodology for structured security assessments which has been successfully applied during the development of several products for critical infrastructures. The methodology is described in detail and the lessons learnt are given from applying it to several systems during their development.
Chapter PDF
References
Bundesverband der Energie- und Wasserwirtschaft: White Paper Requirements for Secure Control and Telecommunication Systems, Berlin (June 2008), http://www.bdew.de/bdew.nsf/id/A975B8333599F9B0C12574B400348E7A/$file/Whitepaper_Secure_Systems_Vedis_1.0final.pdf
Idaho National Laboratory: Cyber Security Procurement Language for Control Systems. Version 1.8 (February 2008), http://www.msisac.org/scada/
ISECOM: Open Source Software Testing Methodology (2007), http://www.isecom.org/osstmm/
National Institute of Standards and Technology Special Publication 800-30, Natl. Inst. Stand. Technol. Spec. Publ. 800-30, 54 pages (July 2002), http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
National Institute of Standards and Technology Special Publication 800-82 (FINAL PUBLIC DRAFT) Natl. Inst. Stand. Technol. Spec. Publ. 800-82, 156 pages (September 2008), http://csrc.nist.gov/publications/drafts/800-82/draft_sp800-82-fpd.pdf
North American Electric Reliability Council: Critical Infrastructure Protection (CIP), http://www.nerc.com/
US-CERT: Standards & References Web Site of the Control System Security Program of the US CERT, http://www.us-cert.gov/control_systems/csstandards.html
U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability: National SCADA Test Bed, A Summary of Control System Security Standards Activities in the Energy Sector (October 2005), http://www.inl.gov/scada/publications/d/a_summary_of_control_system_security_standards_activities_in_the_energy_sector.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Brandstetter, T., Knorr, K., Rosenbaum, U. (2009). A Structured Security Assessment Methodology for Manufacturers of Critical Infrastructure Components. In: Gritzalis, D., Lopez, J. (eds) Emerging Challenges for Security, Privacy and Trust. SEC 2009. IFIP Advances in Information and Communication Technology, vol 297. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01244-0_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-01244-0_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01243-3
Online ISBN: 978-3-642-01244-0
eBook Packages: Computer ScienceComputer Science (R0)