Browse > Article

ICS Security Risk Analysis Using Attack Tree  

Kim, Kyung-Ah (경기대학교 산업보안학과)
Lee, Dae-Sung (경기대학교 산업기술보호특화센터)
Kim, Kui-Nam (경기대학교 융합보안학과)
Publication Information
Convergence Security Journal / v.11, no.6, 2011 , pp. 53-58 More about this Journal
Abstract
There is increasing use of common commercial operation system and standard PCs to control industrial production systems, and cyber security threat for industrial facilities have emerged as a serious problem. Now these network connected ICS(Industrial Control Systems) stand vulnerable to the same threats that the enterprise information systems have faced and they are exposed to malicious attacks. In particular Stuxnet is a computer worm targeting a specific industrial control system, such as a gas pipeline or power plant and in theory, being able to cause physical damage. In this paper we present an overview of the general configuration and cyber security threats of a SCADA and investigate the attack tree analysis to identify and assess security vulnerabilities in SCADA for the purpose of response to cyber attacks in advance.
Keywords
ICS; SCADA; Vulnerability; Attack Tree; Stuxnet; Cyber Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 A. Mahboob and J. Zubairi, "Intrusion Avoidance for SCADA Security in Industrial Plants", IEEE CTS, 2010
2 Symantec, Internet Security Threat Report, Trends for 2010, vol. 16, 2011
3 Symantec, W32.Stuxnet Dossier Version 1.4, 2011
4 A. Matrosov, E. Rodionov, D. Harley and J. Malcho, Stuxnet Under the Microscope revision 1.31, eset, 2006
5 K. Stouffer, J. Falco and K. Scarfone, Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security, NIST. Spec. Publ. 800-82, 164pages, 2006
6 P. Welander, "10 Control System Security Threats," Control Engineering, 2007.
7 B. Schneier, "Attack Trees", Dr. Dobb's Journal, 24(12):21-29, 1999
8 J.Wang, R-W. Phan, J. Whitley and D. Parish, "Unified Parametrizable Attack Tree", International Journal for ISR, vol. 1, 2011
9 J.Wang, R-W. Phan, J. Whitley and D. Parish, "Augmented Attack Tree Modeling of Distributed Denial of Services and Tree Based Attack Detection Method", In Proceedings of IEEE 10th International Conference on CIT, 2010
10 E. Byres, "The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems", International Infrastructure Suvivability Workshop, Lisbon, 2004
11 P. Khand, "System Level Security Modeling Using Attack Trees", Proceedings of the 2nd International Conference on Computer Control and Communication, 2009
12 Symantec, State of Security Survey, 2011