Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.4.757

A Study on Cyber Security Threat and Security Requirements for Industrial Wireless Communication Devices  

Lee, Jiseop (The Affiliated Institute of ETRI)
Park, Kyungmi (The Affiliated Institute of ETRI)
Kim, Sinkyu (The Affiliated Institute of ETRI)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.4, 2020 , pp. 757-770 More about this Journal
Abstract
Industrial Control System(ICS) is a system that measures, monitors, and controls various distributed assets, and is used in industrial facilities such as energy, chemical, transportation, water treatment, and manufacturing plants or critial infrastructure. Because ICS system errors and interruptions can cause serious problem and asset damage, research on prevention and minimization of security threats in industrial control systems has been carried out. Previously wireless communication was applied in limited fields to minimize security risks, but the demand for industrial wireless communication devices is increasing due to ease of maintenance and cost advantages. In this paper, we analyzed the security threats of industrial wireless communication devices supporting WirelessHART and ISA100.11a. Based on the analysis results, we proposed the security requirements for adopting and operating industrial wireless communication devices. We expect that the proposed requirements can mitigate security threats of industrial wireless devices in ICS.
Keywords
Industrial Control System; WirelessHART; ISA100.11a;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Kyungmi Park, Donghoon Shin, Woonyon Kim and Sinkyu Kim, "A study on Communication Robustness Testing for Industrial Control Devices," Journal of the Korea Institute of information Security & Cryptology, 29(5), pp. 1099-1116, Oct. 2019   DOI
2 "Industrial communication networks - Network and system security - Part 1-1: Terminology, concepts and models", IEC 62443-1-1:2009, Jul. 2009
3 Sunghyuck Hong, "Research on Wireless Sensor Networks Security Attack and Countermeasures: Survey", Journal of Convergence for Information Technology, 4(4), pp. 1-6, Dec. 2014   DOI
4 "Industrial Wireless Sensor Network(IWSN) Market Analysis and Segment Forecasts To 2025", Grand View Research, Inc., 2017
5 T.Tsao, R. Alexander, M. Dohler, V. Daza and A. Lozano, "A Security Framework for Routing over Low Power and Lossy Networks", Internet Engineering Task Force(IETF), Feb. 2009
6 Erwin Paternotte and Mattijs van Ommeren, "It WISN't me, attacking industrial wireless mesh networks", HITBSecConference, 2018
7 Lyes Bayou, David Espes, Nora Cuppens-Boulahia and Frederic Cuppens, "Security Analysis of WirelessHART Communication Scheme", Conference of International Symposium on Foundations and Practice of Security, Dec. 2017
8 Feng Xie, Yong Peng, Wei Zhao, Yang Gao and Xuefeng Han, "Evaluating Industrial Control Devices Security: Standards, Technologies and Challenges", IFIP International Conference on Computer Information Systems and Industrial Management, LNCS, vol. 8838, pp. 624-635, 2015
9 TUV SUD, https://www.tuev-sued-de/topics/information-technology-it/industrial-it-security
10 exida for IEC 62443 Cyber Certification, http://www.exida.com/ Certification/I EC62443-Cyber-Cert, 2019
11 ANSSI, Certification CSPN, https://www.ssi.gouv.fr/administration/produits-certifies/cspn
12 "Security Requirements for Industrial Control System - Part 2: Field Device Layer", Telecommunications Technology Association(TTA), Jun. 2017
13 "Security for industrial automation and control system -Part 4-2: Technical security requirements for IACS components", Korean Standards and Certification, Jan. 2019
14 "Intrinsically Secure WirelessHART Field Device Networks and the Industrial Internet of Things(IIoT)", Fieldcomm Group, Jun. 2017
15 "Security Requirements for Industrial Control System - Part. 1: Concepts and Reference Model", Telecommunications Technology Association(TTA), Jun. 2017
16 Cristina Alcaraz and Javier Lopez, "A Security Analysis for Wireless Sensor Mesh Networks in Highly Critical Systems", IEEE Transactions on Systems, Man, and Cybernetics, Part C, vol. 40, pp. 419-428, Jul. 2010   DOI
17 Stig Petersen and Simon Carlsen, "WirelessHART Versus ISA100.11a: The Format War Hits the Factory Floor", IEEE Industrial Electronics Magazine, vol. 5, pp. 23-34, Dec. 2011   DOI
18 Andrzej Bialas, "Vulnerability Assessment of Sensor Systems", Sensors, 19(11), Jun. 2019
19 Lyes Bayou, "Assessment and enforcement of wireless sensor network- based SCADA systems security", Hyper Articles on Line(HAL), Jun. 2018
20 "S3-17: SUTD Security Showdown Event Report", iTrust: Centre for Research in Cyber Security, Nov. 2017
21 "Wireless communication network and communication profiles - WirelessHART", IEC 62591 Edition 2.0, Mar. 2016
22 "NISTIR-7176, System Protection Profile-Industrial Control Systems Version 1.0", National Institute of Standards and Technology(NIST), Feb. 2004
23 "Field Device Protection Profile for SCADA systems in Medium Robustness Environments Version 0.71", National Institute of Standards and Technology(NIST), May. 2006
24 "Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5", The Common Criteria Recognition Agreement (CCRA), Apr. 2017
25 Woonyon Kim, Eungki Park and Sinkyu Kim, "A Study on a Cybersecurity Evaluation Method for Industrial Control Systems in the 4th Industrial Revolution Era", The Journal of Korean Institute of Communications & Information Sciences, 44(5), pp. 943-956, May. 2019   DOI
26 Dahye Jung, Jinyoung Choi and Songhee Lee, "Nuclear-related Software Analysis based on Secure Coding", Journal of the Korea Institute of Information Security & Cryptology, 23(2), pp. 243-250, Apr. 2013   DOI
27 BBC News, https://www.bbc.com/korean/international-49705340
28 Mark Nixon, "A Comparison of WirelessHART and ISA100.11a", Emerson, Sep. 2012