Skip to main content
SpringerLink
Log in

Identification of Information Technology Security Issues Specific to Industrial Control Systems

  • Conference paper
  • First Online:
Contemporary Complex Systems and Their Dependability (DepCoS-RELCOMEX 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 761))

Included in the following conference series:

Abstract

The paper presents current cybersecurity issues in industrial automation and control systems (IACS). It also reviews the state of the art in literature, standards and frameworks used to evaluate and certify industrial control devices. Nowadays the Common Criteria (CC) security assurance methodology is commonly used for the vast majority of information technology (IT) products but not for IACS components. The paper proposes a security evaluation method of IACS to be based on the CC approach. The CC standard has not been used in industry so far and this is why it became the main motivation of the author’s doctoral research work in that field. The implementation of CC security requirements can enhance the “safety” of functional features in control devices by adding “security” measures typical of IT products. The paper delivers input information to the first stage of the author’s research whose goal is the identification of design needs and requirements for building the security evaluation method. As a result, in the next stage, the evaluation method can be built according to the model of a control system and to the criteria taken from the CC standard adjusted to IACS needs. Coupling both “security” and “safety” for industrial control systems is a promising way of using the CC assurance methodology for a new kind of devices.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Common Criteria for Information Technology Security Evaluation. Part 1: Introduction and general model. CCMB-2017-04-001, Version 3.1, Revision 5, April 2017

    Google Scholar 

  2. Common Criteria for Information Technology Security Evaluation. Part 2: Security functional components. CCMB-2017-04-002, Version 3.1, Revision 5, April 2017

    Google Scholar 

  3. Common Criteria for Information Technology Security Evaluation. Part 3: Security assurance components. CCMB-2017-04-003, Version 3.1, Revision 5, April 2017

    Google Scholar 

  4. Common Methodology for Information Technology Security Evaluation – Evaluation Methodology. CCMB-2017-04-004, Version 3.1, Revision 5, April 2017

    Google Scholar 

  5. ISO/IEC 18045:2008 – Information technology – Security techniques – Methodology for IT security evaluation

    Google Scholar 

  6. ICS-CERT Homepage. https://ics-cert.us-cert.gov/. Accessed 22 Oct 2018

  7. ICS-CERT Annual Assessment Report FY 2016. US Department of Homeland Security, National Cybersecurity and Integration Center (NCCIC) (2016)

    Google Scholar 

  8. Yang, W., Zhao, Q.: Cyber security issues of critical components for industrial control system. In: Proceedings of 2014 IEEE Chinese Guidance, Navigation and Control Conference, pp. 2698–2703. IEEE, Yantai (2014)

    Google Scholar 

  9. Miyachi, T., Yamada, T.: Current issues and challenges on cyber security for industrial automation and control systems. In: 2014 Proceedings of the SICE Annual Conference (SICE), pp. 821–826. IEEE, Sapporo (2014)

    Google Scholar 

  10. Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: 37th Annual Conference on IEEE Industrial Electronics Society, IECON 2011, pp. 4490–4494. IEEE, Melbourne (2011)

    Google Scholar 

  11. Robert M. Lee, R.M., Assante, M.,J., Conway, T.: Analysis of the Cyber Attack on the Ukrainian Power Grid. E-ISAC, Washington (2016)

    Google Scholar 

  12. Valentine Jr., S.E.: PLC Code Vulnerabilities Through SCADA Systems. (Doctoral dissertation), University of South Carolina (2013)

    Google Scholar 

  13. Webster, J., Watson, R.T.: Analyzing the past to prepare for the future: writing a literature review. MIS Q. 26(2), xiii–xxiii (2002)

    Google Scholar 

  14. Theron, P., Bologna, S.: Proposals from the ERNCIP Thematic Group, “Case Studies for the Cyber-security of Industrial Automation and Control Systems”, for a European IACS Components Cyber-security Compliance and Certification Scheme. EUR – Scientific and Technical Research series (2014). ISSN 1831-9424, ISBN 978-92-79-45417-2

    Google Scholar 

  15. ENISA Homepage. https://www.enisa.europa.eu/. Accessed 03 Oct 2018

  16. Communication network dependencies for ICS/SCADA Systems. ENISA (2016). ISBN 978-92-9204-192-2, https://doi.org/10.2824/397676, https://www.enisa.europa.eu/publications/ics-scada-dependencies

  17. Dufkova, A., Budd, J., Homola, J., Marden, M.: Good practice guide for CERTs in the area of Industrial Control Systems. Computer Emergency Response Capabilities considerations for ICS. ENISA (2013)

    Google Scholar 

  18. Leszczyna, R., et al.: Protecting Industrial Control Systems. Recommendations for Europe and Member States. ENISA (2011). https://www.enisa.europa.eu/publications/protecting-industrial-control-systems.-recommendations-for-europe-and-member-states/

  19. Babu, B., Ijyas, T., Muneer, P., Varghese, J.: Security issues in SCADA based industrial control systems. In: 2017 2nd International Conference on Anti-Cyber Crimes (ICACC). IEEE (2017)

    Google Scholar 

  20. Calvo, I., Etxeberria-Agiriano, I., Iñigo, M.A., González-Nalda, P.: Key vulnerabilities of industrial automation and control systems and actions to prevent cyber-attacks. IJOE (Int. J. Online Eng.) 12(1), 9–16 (2016)

    Article  Google Scholar 

  21. Xie, F., Peng, Y., Zhao, W., Gao, Y., Han, X.: Evaluating industrial control devices security: standards, technologies and challenges. In: Saeed, K., Snášel, V. (eds.) CISIM 2014. LNCS, vol. 8838, pp. 624–635. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45237-0_57

    Chapter  Google Scholar 

  22. General Electric. https://www.ge.com/digital/cyber-security. Accessed 07 Mar 2018

  23. Piggin, R.S.H.: Development of industrial cyber security standards: IEC 62443 for SCADA and Industrial Control System security. In: IET Conference on Control and Automation 2013: Uniting Problems and Solutions, pp. 1–6. IEEE, Birmingham (2013)

    Google Scholar 

  24. Leszczyna, R.: Cybersecurity and privacy in standards for smart grids – a comprehensive survey. In: O’Connor, R., Schummy, H. (eds.) Computer Standards and Interfaces, vol. 56, pp. 62–73. Elsevier (2018)

    Article  Google Scholar 

  25. ISA, ISA99: Industrial automation and control systems security. https://www.isa.org/isa99/. Accessed 24 Jan 2018

  26. ISO/IEC, ISO/IEC TR 27019:2017 Information technology — Security techniques — Information security controls for the energy utility industry. https://www.iso.org/standard/68091.html. Accessed 21 Jan 2018

  27. Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., Hahn, A.: NIST SP 800-82 Guide to Industrial Control Systems (ICS) Security Revision 2. NIST (2015)

    Google Scholar 

  28. Vavra, J., Hromada, M.: An evaluation of cyber threats to industrial control systems. In: International Conference on Military Technologies (ICMT), pp. 1–5. IEEE, Brno (2015)

    Google Scholar 

  29. The Common Criteria Homepage. http://www.commoncriteriaportal.org/. Accessed 03 Jan 2018

  30. SOG-IS MRA – Mutual Recognition Agreement of Information Technology Security Evaluation Certificates, version 3.0. Final version January 8th, 2010. https://www.sogis.org/uk/mra_en.html. Accessed 23 Jan 2018

  31. CCRA – Arrangement on the Recognition of Common Criteria Certificates. In the field of Information Technology Security, 2 July 2014. http://www.commoncriteriaportal.org/ccra/. Accessed 23 Jan 2018

  32. CC certified products list. http://www.commoncriteriaportal.org/products/. Accessed 23 Jan 2018

  33. Bialas, A.: Common criteria related security design patterns for intelligent sensors—knowledge engineering-based implementation. Sensors 11, 8085–8114 (2011)

    Article  Google Scholar 

  34. Bialas, A.: Computer-aided sensor development focused on security issues. Sensors 16, 759 (2016)

    Article  Google Scholar 

  35. Rogowski, D.: Software support for Common Criteria security development process on the example of a data diode. In: Zamojski, W., et al. (eds.) Proceedings of the Ninth International Conference on Dependability and Complex Systems DepCoS-RELCOMEX. Advances in Intelligent Systems and Computing, vol. 286, pp. 363–372. Springer (2014)

    Chapter  Google Scholar 

Download references

Acknowledgment

I would like to thank Prof. Andrzej Bialas for his support in my research work regarding the security evaluation method for ICS and Ms Barbara Flisiuk for her insightful proofreading.

Research activities are financed within the “Implementation Doctorates” program of the Polish Ministry of Science and Higher Education.

Author information

Authors and Affiliations

  1. Faculty of Automatic Control, Electronics and Computer Science, Institute of Informatics, Silesian University of Technology, Akademicka 16, 44-100, Gliwice, Poland

    Dariusz Rogowski

  2. Institute of Innovative Technologies EMAG, Leopolda 31, 40-189, Katowice, Poland

    Dariusz Rogowski

Authors
  1. Dariusz Rogowski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dariusz Rogowski .

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, Wrocław University of Technology, Wrocław, Poland

    Wojciech Zamojski

  2. Department of Computer Engineering, Wrocław University of Technology, Wrocław, Poland

    Jacek Mazurkiewicz

  3. Department of Computer Engineering, Wrocław University of Technology, Wrocław, Poland

    Jarosław Sugier

  4. Department of Computer Engineering, Wrocław University of Technology, Wrocław, Poland

    Tomasz Walkowiak

  5. Polish Academy of Sciences, Systems Research Institute, Warsaw, Poland

    Janusz Kacprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rogowski, D. (2019). Identification of Information Technology Security Issues Specific to Industrial Control Systems. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Contemporary Complex Systems and Their Dependability. DepCoS-RELCOMEX 2018. Advances in Intelligent Systems and Computing, vol 761. Springer, Cham. https://doi.org/10.1007/978-3-319-91446-6_37

Download citation

Publish with us

Policies and ethics

Search

Navigation