• Nuclear Engineering and Technology
• /
• v.53 no.10
• /
• pp.3319-3326
• /
• 2021

As a form of industrial control systems (ICS), nuclear instrumentation and control (I&C) systems have been digitalized increasingly. This has raised in turn cyber security concerns. Cyber security for ICS is important because cyber-attacks against ICS can cause not only equipment damage and loss of production but also personal and public safety hazards unlike in general IT environments. Numerous risk analyses have been carried out to enhance the safety of ICS and recently, many studies related to the cyber security of ICS are being conducted. Many existing risk analyses and cyber security studies have considered safety and cyber security separately. However, both safety and cyber security perspectives should be considered when analyzing risks for complex and critical ICS facilities such as nuclear power plants (NPPs). In this paper, the STPA-SafeSec methodology is selected to consider both safety and security perspectives when performing a risk analysis for NPPs in order to assess impacts on the safety by cyber-attacks against the digital I&C systems. The STPA-SafeSec methodology was applied to a test-bed system that simulates a condensate water (CD) system in an NPP. The process of the application up to the development of mitigation strategies is described in detail.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.8
• /
• pp.1205-1212
• /
• 2022

Cyber threat targeting ICS (Industrial Control System) has indicated drastic increases over the past decade and Cyber Incident in Critical Infrastructure such as Energy, Gas Terminal and Petrochemical industries can lead to disaster-level accidents including casualties and large-scale fires. In order to effectively respond to cyber attacks targeting ICS, a multi-layered defense-in-depth strategy considering Control System Architecture is necessary. In particular, the centralized security log system integrating OT (Operational Technology) and IT (Information Technology) plays an important role in the ICS incident response plan. The paper suggests the way of implementing centralized security log system that collects security events and logs using OPC Protocol from Level 0 to Level 5 based on IEC62443 Purdue Model to integrate ICS security logs with SIEM (Security Information Event Management) operated in IT environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.471-484
• /
• 2018

Recently, cyber threats are frequently occurring in ICS(industrial control systems) of government agencies, infrastructure, and manufacturing companies. In order to cope with such cyber threats, it is necessary to apply CTI to ICS. For this purpose, a security information collection system is needed. However, it is difficult to install security solution in control devices such as PLC. Therefor, it is difficult to collect security information of ICS. In addition, there is a problem that the security information format generated in various assets is different. Therefore, in this paper, we propose an efficient method to collect ICS security information. We utilize CybOX/STIX/TAXII CTI models that are easy to apply to ICS. Using this model, we designed the formats to collect security information of ICS assets. We created formats for system logs, IDS logs, and EWS application logs of ICS assets using Windows and Linux. In addition, we designed and implemented a security information collection system that reflects the designed formats. This system can be used to apply monitoring system and CTI to future ICS.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.53-58
• /
• 2011

There is increasing use of common commercial operation system and standard PCs to control industrial production systems, and cyber security threat for industrial facilities have emerged as a serious problem. Now these network connected ICS(Industrial Control Systems) stand vulnerable to the same threats that the enterprise information systems have faced and they are exposed to malicious attacks. In particular Stuxnet is a computer worm targeting a specific industrial control system, such as a gas pipeline or power plant and in theory, being able to cause physical damage. In this paper we present an overview of the general configuration and cyber security threats of a SCADA and investigate the attack tree analysis to identify and assess security vulnerabilities in SCADA for the purpose of response to cyber attacks in advance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.331-346
• /
• 2019

Global cyber threats to industrial control systems are increasing. As a result, related research and cooperation are actively underway. However, we are focusing on strengthening security for physical network separation and perimeter. Internal threats are still vulnerable. This is because the easiest and strongest countermeasure is to enhance border security, and solutions for enhancing internal security are not easy to apply due to system availability problems. In particular, there are many vulnerabilities due to the large number of legacy systems remaining throughout industrial control systems. Unless these vulnerable systems are newly built according to the security framework, it is necessary to respond to these vulnerable systems, and therefore, a security solution considering availability has been verified and suggested. Using Sysmon and ELK, security solutions can detect Cyber-threat that are difficult to detect in unstructured ICS.

• International Journal of Computer Science & Network Security
• /
• v.23 no.12
• /
• pp.1-12
• /
• 2023

Ensuring the security of Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) is paramount to safeguarding the reliability and safety of critical infrastructure. This paper addresses the significant threat posed by reconnaissance attacks on SCADA/ICS networks and presents an innovative methodology for enhancing their protection. The proposed approach strategically employs imbalance dataset handling techniques, ensemble methods, and feature engineering to enhance the resilience of SCADA/ICS systems. Experimentation and analysis demonstrate the compelling efficacy of our strategy, as evidenced by excellent model performance characterized by good precision, recall, and a commendably low false negative (FN). The practical utility of our approach is underscored through the evaluation of real-world SCADA/ICS datasets, showcasing superior performance compared to existing methods in a comparative analysis. Moreover, the integration of feature augmentation is revealed to significantly enhance detection capabilities. This research contributes to advancing the security posture of SCADA/ICS environments, addressing a critical imperative in the face of evolving cyber threats.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.329-337
• /
• 2013

Cyber threats of the ICS(Industrial Control System) has been researched on the level to the threat to the network service as well as a specific system, even if the extent of damage was not intended. Although some range of "security" just include the protection of systems against the deliberate attacks of terrorists or cyber hackers, often more damage is done by carelessness, and equipment failures than by those deliberate attacks. This paper presented a taxonomy for classifying all abnormal behaviors of ICS, including deliberate attacks, inadvertent mistakes, equipment failures, and software problems. The classification criteria of ICS abnormal behaviors was selected to highlight commonalities and important features of deliberate attacks as well as inadvertent actions.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.1
• /
• pp.137-142
• /
• 2014

Industrial control system (ICS) is a computer based system which are typically used in nation-wide critical infra-structure facilities such as electrical, gas, water, wastewater, oil and transportation. In addition, ICS is essentially used in industrial application domain to effectively monitor and control the remotely scattered systems. The highly developed information technology (IT) and related network techniques are continually adapted into domains of industrial control system. However, industrial control system is confronted significant side-effects, which ICS is exposed to prevalent cyber threats typically found in IT environments. Therefore, cyber security vulnerabilities and possibilities of cyber incidents are dramatically increased in industrial control system. The vulnerabilities that may be found in typical ICS are grouped into Policy and Procedure, Platform, and Network categories to assist in determining optimal mitigation strategies. The order of these vulnerabilities does not necessarily reflect any priority in terms of likelihood of occurrence or severity of impact. Firstly, corporate security policy can reduce vulnerabilities by mandating conduct such as password usage and maintenance or requirements for connecting modems to ICS. Secondly, platfom vulnerabilities can be mitigated through various security controls, such as OS and application patching, physical access control, and security software. Thirdly, network vulnerabilities can be eliminated or mitigated through various security controls, such as defense-in-depth network design, encrypting network communication, restricting network traffic flows, and providing physical access control for network components.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.645-656
• /
• 2019

As the number of cyber threats to control systems increases, the need for control system cyber security is also increasing. Currently, various cyber security related education and control system education are being conducted. However, it does not fully reflect the characteristics of the control system and the characteristics of the participants. In this paper, we propose a training system and technique to enhance the control system cyber security capability. To this end, we analyze the limitations of existing security education. Based on the results, we develop a control system training environment model based on the IEC62443 Standard and develop an ARCH based training method.

• Nuclear Engineering and Technology
• /
• v.52 no.5
• /
• pp.995-1001
• /
• 2020

With the development of digital instrumentation and control (I&C) devices, cyber security at nuclear power plants (NPPs) has become a hot issue. The Stuxnet, which destroyed Iran's uranium enrichment facility in 2010, suggests that NPPs could even lead to an accident involving the release of radioactive materials cyber-attacks. However, cyber security research on industrial control systems (ICSs) and supervisory control and data acquisition (SCADA) systems is relatively inadequate compared to information technology (IT) and further it is difficult to study cyber-attack taxonomy for NPPs considering the characteristics of ICSs. The advanced research of cyber-attack taxonomy does not reflect the architectural and inherent characteristics of NPPs and lacks a systematic countermeasure strategy. Therefore, it is necessary to more systematically check the consistency of operators and regulators related to cyber security, as in regulatory guide 5.71 (RG.5.71) and regulatory standard 015 (RS.015). For this reason, this paper attempts to suggest a template for cyber-attack taxonomy based on the characteristics of NPPs and exemplifies a specific cyber-attack case in the template. In addition, this paper proposes a systematic countermeasure strategy by matching the countermeasure with critical digital assets (CDAs). The cyber-attack cases investigated using the proposed cyber-attack taxonomy can be used as data for evaluation and validation of cyber security conformance for digital devices to be applied, and as effective prevention and mitigation for cyber-attacks of NPPs.