Abstract
In this paper, we considered that SCADA system has few authorized users and access control is one of the most important values for cyber security. We propose the method which reducing the success probability of attacker’s penetration using ordered countermeasures. We assume that any system has two or more safety countermeasures for authentication. It follows that setting multiple countermeasures in chain and making a causal relationship before and after action. And then, we making an access procedure matrix for it and sharing them among authorized users. As doing so, we can prevent attacker’s penetration and reduce risk level by hacking.
Jung-Ho Eom is co-author of this paper.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Beaver C, Gallup D, Neumann W et al (2002) Key management for SCADA. Cryptog information systems security dept, Sandia Nat. Labs, Technical Report SAND 2001–3252
Dawson R, Boyd C, Dawson E et al (2006) SKMA: a key management architecture for SCADA systems. In: Proceedings of the 2006 Australasian workshops on grid computing and e-research ACSW Frontiers ’06, vol 54, pp 183–192
Pietre-Cambacedes L, Sitbon P (2008) Cryptographic key management for SCADA systems-issues and perspectives. International conference on information security and assurance ISA 2008. pp 156–161
Ni M, McCalley JD, Vittal V et al (2003) Online risk-based security assessment. IEEE Trans Power Syst 18:258–265
Adar E, Wuchner A (2005) Risk management for critical infrastructure protection (CIP) challenges, best practices and tools. First IEEE international workshop on critical infrastructure protection
Taylor C, Krings A, Alves-Foss J (2002) Risk analysis and probabilistic survivability assessment (RAPSA) an assessment approach for power substation hardening
Haimes YY, Chittester CG (2005) A Roadmap for quantifying the efficacy of risk management of information security and interdependent SCADA systems. J Homel Secur Emerg Manage 2:1–21
Chiasson S, Forget A, Stobert E et al (2009) Multiple password interference in text passwords and click-based graphical passwords. In: Proceedings of the 16th ACM conference on computer and communications security CCS ’09. pp 500–511
Topkara U, Atallah MJ, Topkara M (2006) Passwords decay, words endure: secure and re-usable multiple password mnemonics. In: Proceedings of the 2007 ACM symposium on applied computing SAC ’07. pp 292–299
Cai N, Wang J, Yu X (2008) SCADA System security: complexity, history and new developments, industrial informatics. INDIN 2008. 6th IEEE international conference on 2008. pp 569–574
Igure VM, Laughter SA, Williams RD (2006) Security issues in SCADA networks. Computer and security 2006. pp 498–506
Qiu B, Gooi HB (2000) Web-based SCADA display systems (WSDS) for access via internet. IEEE transactions on power systems, vol 15. pp 681–686
Chunlei W, Lan F, Yiqi D (2010) A simulation environment for SCADA security analysis and assessment. International conference on measuring technology and mechatronics automation (ICMTMA) 2010, vol 1. pp 342–347
Acknowledgments
This work was supported by the IT R&D program of MKE/KEIT. [10041244, Smart TV 2.0 Software Platform].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media Dordrecht(Outside the USA)
About this paper
Cite this paper
Kim, SH., Park, MW., Eom, JH., Chung, TM. (2013). The Methodology for Hardening SCADA Security Using Countermeasure Ordering. In: Park, J., Ng, JY., Jeong, HY., Waluyo, B. (eds) Multimedia and Ubiquitous Engineering. Lecture Notes in Electrical Engineering, vol 240. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-6738-6_59
Download citation
DOI: https://doi.org/10.1007/978-94-007-6738-6_59
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-6737-9
Online ISBN: 978-94-007-6738-6
eBook Packages: EngineeringEngineering (R0)