Browse > Article
http://dx.doi.org/10.14400/JDC.2019.17.8.105

A study on the cyber security assessment modeling of critical infrastructure  

Euom, Ieck-Chae (Cyber Security Consulting Team, KEPCO KDN)
Publication Information
Journal of Digital Convergence / v.17, no.8, 2019 , pp. 105-113 More about this Journal
Abstract
The purpose of this study is to analyze cyber security risk modeling of critical infrastructure, draw out limitations and improvement measures. This paper analyzed cyber security risk modeling of national critical infrastructure like as electricity sector, nuclear power plant, SCADA. This paper analyzed the 26 precedent research cases of risk modeling in electricity sector, nuclear power plant, SCADA. The latest Critical Infrastructure is digitalized and has a windows operating system. Critical Infrastructure should be operated at all times, it is not possible to patch a vulnerability even though find vulnerability. This paper suggest the advanced cyber security modeling characteristic during the life cycle of the critical infrastructure and can be prevented.
Keywords
Critical Infrastructure; Risk modeling; Vulnerability life cycle; Vulnerability detection model; Attack graph;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Window of exposure a real problem for SCADA systems Recommendations for Europe on SCADA patching.(2013).: ENISA
2 G. N. Ericsson. (2009). Information security for electric power utilities (EPUs)-CIGR developments on frameworks, risk assessment, and technology. IEEE Trans Power Delivery journal, 24(3), 1174-1181. DOI: 10.1109/tpwrd.2008.2008470   DOI
3 S. Grses. & M. Heisel. (2010). A comparison of security requirements SCADA engineering methods. Requirements of Security Enginering journal, 15(1), 7-40. DOI:10.1007/s00766-009-0092-x   DOI
4 D. Thornton. & J. Dawson. (2012). Security best practices and risk assessment of SCADA and industrial control systems. Proceedings of the 2012 world congress in computer science, computer engineering, and applied computing, 111-114. DOI:10.1109/rusautocon.2018.8501811
5 R. Folkers. & J. Roberts. (2006). Scenario-based approach to risk analysis in support of cyber security. Proceedings of the 5th international topical meeting on nuclear plant instrumentation controls, and human machine interface technology, 5(3), 293-300. DOI:10.1002/sec.321
6 R. Filippini. & M. Schimmer. (2012). Risk assessment methodologies for critical infrastructure protection. European Commission Joint Research Centre Institute for the Protection and Security of the Citizen journal, 18, 50-57. DOI:10.1016/j.ijcip.2017.07.001
7 K. Z. Snow. & D. R. Zaret. (2009). Evaluating the risk of cyber attacks on SCADA systems via Petri net analysis with application to hazardous liquid loading operations. IEEE conference on technologies for homeland security, 154-157. DOI:10.1109/ths.2009.5168093
8 S. Rudrapattana. & P. Kijsanayothin. (2014). Cyber security analysis of smart grid SCADA systems with game models. Proceedings of the 9th annual cyber and information security research conference, 143-145. DOI:10.1145/2602087.2602089
9 M. R. Permann. & K. Rohde. (2005). Cyber assessment methods for SCADA security. 15th annual joint ISA POWID/EPRI controls and instrumentation conference., .63-68.
10 F. Massacci. & F. Paci. (2013). An experimental comparison of two risk-based security methods. ACM/IEEE international symposium on empirical software engineering and measurement, 182-186. DOI:10.1109/ESEM.2013.29
11 A. Zielstra. (2013). Assessing and improving SCADA security in the dutch drinking water sector. Critical information infrastructure security journal,4(9),124-134. DOI:10.1016/j.ijcip.2011.08.002   DOI
12 A. Krings. & J. Alves. (2012). Risk analysis and probabilistic survivability assessment an assessment approach for power substation hardening. Proceedings of ACM workshop on scientific aspects of cyber terrorism. DOI:10.1109/isgt.2017.8085978
13 Cyber Security Technical Assesment Methodology: Vulnerability Identification and Mitigation Overview of Threat and Risk asseessment.(2016). Newyork : EPRI.
14 D. Gertman. & R. Folker. (2006). Scenario based approach to risk analysis in support of cyber security. Proceedings of the 5th international topical meeting on nuclear plant instrumentation controls, and human machine interface technology, 5(9),293-300. DOI:10.1002/sec.321
15 S. Patel. & J. Graham. (2008). Quantitatively assessing the vulnerability of critical information systems. new method for evaluating security enhancements International Journal, 28(9), 483-491. DOI:10.1016/j.ijinfomgt.2008.01.009
16 M. H. Henry. & R. M. Layer. (2009). Evaluating the risk of cyber attacks on SCADA systems via Petri net analysis with application to hazardous liquid loading operations. IEEE conference on technologies for homeland security. 76-79. DOI:10.1109/ths.2009.5168093
17 NEI 13-10 Cyber Security Control Assesment Rev5.(2016). Washington D.C: Nuclear Energy Institute
18 E. Byres. & D. Leversage.(2007). Security incidents and trends in SCADA and process industries. The industrial ethernet book, 39, 26. DOI:10.1016/b978-0-12-397189-0.00002-1
19 An Overview of Threat and Risk asseessment. (2002). Newyork : SANS.
20 R. Radvanovsky. & J. Brodsky.(2013). Handbook of SCADA/Control Systems Security. : CRC Press.
21 T. Gopal. M. Subbaraju. & R. Joshi. (2014). Methodology to articulate the requirements for security In SCADA. fourth international conference on innovative computing technology, 58-60. DOI:10.1109/INTECH.2014.6927744
22 A. Cardenas. & S. Amin. (2011). Attacks against process control systems: risk assessment, detection, and response. Proceedings of the 6th ACM symposium on information, computer and communications security,. 121-123. DOI:10.1145/1966913.1966959
23 F. Baiardi. (2009). Hierarchical, model-based risk management of critical infrastructures. Reliabilty Engineering System Safety journal, 94(9), 1403-1415. DOI:10.1016/j.ress.2009.02.001   DOI
24 S. Y. Oh. & J. K. Hong. (2018). Vulnerability Case Analysis of Wireless Moving Vehicle. journal of the Korea convergence society , 9(8), 41-46. DOI:10.15207/JKCS.2018.9.8.041   DOI
25 J. K. Cho. (2019). Study on Improvement of Vulnerability Diagnosis Items for PC Security Enhancement. Journal of Convergence for information Technology, 9(3), 1-7. DOI:10.22156/CS4SMB.2019.9.3.001   DOI
26 O. H. Alhazmi. & Y. K. Malaiya. (2007).Measuring, Analyzing and Predicting Security Vulnerabilities in Software Systems. Computers&Security journal, 26(3), 219-228. DOI:10.1016/j.cose.2006.10.002
27 J. Guan. & J. Hieb. (2011). A digraph model for risk identification and management in SCADA systems. 2011 IEEE international conference on intelligence and security informatics, 53-54. DOI:10.1109/ISI.2011.5983990
28 L. Durante. & A. Venzano. (2013). Review of security issues in industrial networks. IEEE Trans Industry Information, 35-36. DOI:10.1109/tii.2012.2198666
29 Y. Y. Haimes. & C. G. Chittester. (2005). A roadmap for quantifying the efficacy of risk management of information security and interdependent SCADA systems. 2005 IEEE international conference on intelligence and security informatics, 72-74. DOI:10.2202/1547-7355.1117
30 G. Dondossola. & F. Garrone. (2009). Supporting cyber risk assessment of power control systems with experimental data. Power systems conference and exposition, 2, 36-38. DOI:10.1109/PSCE.2009.4840170
31 M. Warren. (2009). Safeguarding Australia from cyber-terrorism:a proposed cyber-terrorism SCADA risk framework for industry adoption. Australian information warfare and security conference, 23-27. DOI:10.4225/75/57a7f3c09f482
32 M. Franz. & D. Miller. (2004). The use of attack trees in assessing vulnerabilities in SCADA systems. Proceedings of the international infrastructure survivability workshop, 1, 42-44.
33 G. Dondossola. & F. Garrone. (2009). Supporting cyber risk assessment of power control systems with experimental data. Power systems conference and exposition, 3, 12-15. DOI:10.1109/PSCE.2009.4840170
34 J. Szanto. (2011). Cyber risk assessment of power control systems metrics weighed by attack experiments. Power and energy society general journal. 112-116. DOI:10.1109/PES.2011.6039589