1 |
Advisory Committee on Reactor Safeguards Digital Instrumentation and Control Systems, U.S. Nuclear Regulatory Commission, 2019.
|
2 |
S. Eggers, M. Rowland, Deconstructing the nuclear supply chain cyber-attack surface, in: Proceedings of the INMM 61st Annual Meeting, Online Virtual Meeting, 2020. July 12-16.
|
3 |
S. Boyson, Cyber supply chain risk management: revolutionizing the strategic control of critical IT systems, Technovation 34 (7) (2014) 342-353.
DOI
|
4 |
C. Nissen, J. Gronager, R. Metzger, H. Rishikof, Deliver Uncompromised: A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War, The MITRE Corporation, 2019.
|
5 |
Global Oil and Gas Cyber Threat Perspective: Assessing the Threats, Risks, and Activity Groups Affecting the Global Oil and Gas Industry, Dragos, August 2019.
|
6 |
D. Shackleford, Combatting Cyber Risks in the Supply Chain, SANS Institute, 2015.
|
7 |
Regulatory Guide 5.71, Cyber Security Programs for Nuclear Facilities, U.S. Nuclear Regulatory Commission, January 2010.
|
8 |
T. Quinn, J. Mauck, K. Thomas, Digital Technology Qualification Task 2-Suitability of Digital Alternatives to Analog Sensors and Actuators, Idaho National Laboratory, 2012.
|
9 |
10 C.F.R. ξ 73.54 Protection of Digital Computer and Communication Systems and Networks, U.S. Nuclear Regulatory Commission, 2009.
|
10 |
M. Windelberg, Objectives for managing cyber supply chain risk, International Journal of Critical Infrastructure Protection 12 (2016) 4-11.
DOI
|
11 |
Symantec, Internet security threat report, February 24 (2019).
|
12 |
NEI 08-09, Cyber Security Plan for Nuclear Power Reactors, Revision 6, Nuclear Energy Institute, April 2010.
|
13 |
N. Bartol, Cyber supply chain security practices DNA - filling in the puzzle using a diverse set of disciplines, Technovation 34 (7) (2014) 354-361.
DOI
|
14 |
D.R. Coats, Statement for the Record: Worldwide Threat Assessment of the US Intelligence Community 29, Office of the Director of National Intelligence, 2019. January.
|
15 |
US-CERT, TA17-117A: Intrusions affecting multiple victims across multiple sectors, Revised December 20 (2018).
|
16 |
ICS-CERT, Ongoing Sophisticated Malware Campaign Compromising ICS, Update E, 2016.
|
17 |
Kingslayer - A Supply Chain Attack, RSA Research, February 2017.
|
18 |
Integrated circuits trade. The Obervatory of Economic Complexity (OEC). Accessed on: April 4, 2020. Available: https://oec.world/en/profile/hs92/8542/.
|
19 |
Securing the United States Bulk-Power System 85, Department of Energy, 2020. Federal Register, DOE-HQ-2020-0028.
|
20 |
US-CERT, TA14-098A: OpenSSL 'heartbleed' vulnerability (CVE-2014-0160), 2016. Revised October 5.
|
21 |
Attack Surface, Accessed on: July 8, National Institute of Standards and Technology, 2020. Available, https://csrc.nist.gov/glossary/term/attack_surface.
|
22 |
J. Wynn, et al., Threat Assessment & Remediation Analysis (TARA): Methodology Description, The MITRE Corporation, 2011, Version 1.0.
|
23 |
Cybersecurity Maturity Model Certification (CMMC), Version 1.02, Department of Defense, 2020.
|
24 |
Government-Industry Data Exchange Program. GIDEP, Accessed on: July 21 Available, www.gidep.org, 2020.
|
25 |
US-CERT, ICS joint security awareness report (JSAR-12-241-01B): Shamoon/DisTrack malware (Update B), Revised April 18 (2017).
|
26 |
U. Guin, N. Asadizanjani, M. Tehranipoor, Standards for hardware security, GetMobile: Mobile Comput. Commun. 23 (1) (2019) 5-9.
DOI
|
27 |
C. Anderson, K. Sadjadpour, Iran's Cyber Threat: Espionage, Sabotage, and Revenge, Carnegie Endowment for International Peace, 2018.
|
28 |
W.J. Heinbockel, E.R. Laderman, G.J. Serrao, Supply Chain Attacks and Resiliency Mitigations, The MITRE Corporation, 2017.
|
29 |
NEI 10-04, Identifying Systems and Assets Subject to the Cyber Security Rule, Revision 2, Nuclear Energy Institute, July 2012.
|
30 |
NEI 13-10, Cyber Security Control Assessments, Revision 5, Nuclear Energy Institute, February 2017.
|
31 |
Annual report to Congress, Military and security developments involving the People's Republic of China, Office of the Secretary of Defense, 2019.
|
32 |
https://arstechnica.com/information-technology/2019/05/stolen-nsahacking-tools-were-used-in-the-wild-14-months-before-shadow-brokersleak/.
|
33 |
CAPEC: Common Attack Pattern Enumeration and Classification. The MITRE Corporation. Accessed on: April 28, 2020. Available: https://capec.mitre.org/.
|
34 |
US-CERT, TA18-074A: Russian government cyber activity targeting energy and other critical infrastructure sectors, Revised March 16 (2018).
|
35 |
R. Langner, Stuxnet: dissecting a cyberwarfare weapon, IEEE Security & Privacy 9 (3) (2011) 49-51.
DOI
|
36 |
ICS-CERT, Cyber-attack against the Ukranian Critical Infrastructure, 2016.
|
37 |
B. Johnson, D. Caban, M. Krotofil, D. Scali, N. Brubaker, C. Glyer, Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure, FireEye Threat Research Blog, 2017.
|
38 |
S. Eggers, The nuclear digital I&C system supply chain cyber-attack surface, in: Transactions of the American Nuclear Society, Online Virtual Meeting, 122, 2020, pp. 8-11. June.
|
39 |
J.F. Miller, Supply Chain Attack Framework and Attack Patterns, The MITRE Corporation, MacLean, VA, 2013.
|
40 |
H. Li, Q. Liu, J. Zhang, A survey of hardware Trojan threat and defense, Integration 55 (2016) 426-437.
|
41 |
https://www.trendforce.com/presscenter/news/20190613-10149.html.
|
42 |
Cybersecurity Capability Maturity Model (C2M2) Version 1.1, Department of Energy, 2014.
|
43 |
ERAI, Accessed on: July 21 Available, www.erai.com, 2020.
|
44 |
Guidance documents and background information for counterfeit, fraudulent, and suspect items (CFSI), Accessed on: July 21, U.S. Nuclear Regulatory Commission (2020). Available, https://www.nrc.gov/about-nrc/cfsi/guidance.html.
|
45 |
M. Tehranipoor, U. Guin, D. Forte, Counterfeit Integrated Circuits: Detection and Avoidance, Springer, 2015.
|
46 |
https://www.zdnet.com/article/source-code-of-iranian-cyber-espionagetools-leaked-on-telegram/.
|
47 |
C. Levin, J. McCain, Senate Armed Services Committee Releases Report on Counterfeit Electronic Parts, Senate Committee On Armed Services, 2012.
|
48 |
Executive Order 13920 of May 1, 2020, Securing the United States Bulk-Power System, The U.S. President, 2020.
|
49 |
M. Beaumont, B. Hopkins, T. Newby, Hardware Trojans-Prevention, Detection, Countermeasures (A Literature Review), Australian Department of Defense, 2011.
|
50 |
K. Xiao, D. Forte, Y. Jin, R. Karri, S. Bhunia, M. Tehranipoor, Hardware Trojans: lessons learned after one decade of research, ACM Trans. Des. Autom. Electron. Syst. 22 (1) (2016) 1-23.
|
51 |
https://securelist.com/operation-shadowhammer-a-high-profile-supplychain-attack/90380/.
|
52 |
2019 State of the Software Supply Chain: the 5th Annual Report of Global Open Source Development, Sonatype, 2019.
|
53 |
N. Falliere, L.O. Murchu, E. Chien, W32.Stuxnet Dossier, Symantec, 2011, Version 1.4.
|
54 |
M. Graham, Context threat intelligence - the Monju incident, Context Information Security (Febrary 2014).
|
55 |
ICS-CERT, ICS-ALERT-14-176-021: ICS focused malware (Update A), Revised August 22 (2018).
|
56 |
US-CERT, TA17-181A, Petya ransomware, Revised Febrary 15 (2018).
|
57 |
NIST Special Publication 800-30, Revision 1, Guide for conducting risk assessments, 2012.
|
58 |
B. Liu, R. Sandhu, Fingerprint-based detection and diagnosis of malicious programs in hardware, IEEE Trans. Reliab. 64 (3) (2015) 1068-1077.
DOI
|