A review of cyber security risk assessment methods for SCADA systems

https://hal.archives-ouvertes.fr/hal-01780365/document

Internet of things security: A top-down survey

The vision of Industry 4.0, otherwise known as the fourth industrial revolution, is the integration of massively deployed smart computing and network technologies in industrial production and manufacturing settings for the purposes of automation, reliability, and control, implicating the development of an Industrial Internet of Things (I-IoT). Specifically, I-IoT is devoted to adopting the IoT to enable the interconnection of anything, anywhere, and at any time in the manufacturing system context to improve the productivity, efficiency, safety, and intelligence. As an emerging technology, I-IoT has distinct properties and requirements that distinguish it from consumer IoT, including the unique types of smart devices incorporated, network technologies and quality-of-service requirements, and strict needs of command and control. To more clearly understand the complexities of I-IoT and its distinct needs and to present a unified assessment of the technology from a systems’ perspective, in this paper, we comprehensively survey the body of existing research on I-IoT. Particularly, we first present the I-IoT architecture, I-IoT applications (i.e., factory automation and process automation), and their characteristics. We then consider existing research efforts from the three key system aspects of control, networking, and computing. Regarding control, we first categorize industrial control systems and then present recent and relevant research efforts. Next, considering networking, we propose a three-dimensional framework to explore the existing research space and investigate the adoption of some representative networking technologies, including 5G, machine-to-machine communication, and software-defined networking. Similarly, concerning computing, we again propose a second three-dimensional framework that explores the problem space of computing in I-IoT and investigate the cloud, edge, and hybrid cloud and edge computing platforms. Finally, we outline particular challenges and future research needs in control, networking, and computing systems, as well as for the adoption of machine learning in an I-IoT context.

A Survey on Industrial Internet of Things: A Cyber-Physical Systems Perspective

After many years of rigid conventional procedures of production, industrial manufacturing is going through a process of change toward flexible and intelligent manufacturing, the so-called Industry 4.0. In this paper, human–robot collaboration has an important role in smart factories since it contributes to the achievement of higher productivity and greater efficiency. However, this evolution means breaking with the established safety procedures as the separation of workspaces between robot and human is removed. These changes are reflected in safety standards related to industrial robotics since the last decade, and have led to the development of a wide field of research focusing on the prevention of human–robot impacts and/or the minimization of related risks or their consequences. This paper presents a review of the main safety systems that have been proposed and applied in industrial robotic environments that contribute to the achievement of safe collaborative human–robot work. Additionally, a review is provided of the current regulations along with new concepts that have been introduced in them. The discussion presented in this paper includes multi-disciplinary approaches, such as techniques for estimation and the evaluation of injuries in human–robot collisions, mechanical and software devices designed to minimize the consequences of human–robot impact, impact detection systems, and strategies to prevent collisions or minimize their consequences when they occur.

Working Together: A Review on Safe Human-Robot Collaboration in Industrial Environments

DAG-based attack and defense modeling: don’t miss the forest for the attack trees

A survey of approaches combining safety and security for industrial control systems

Attack modeling has recently been adopted by security analysts as a useful tool in risk assessment of cyber-physical systems. We propose in this paper to model the Stuxnet attack with BDMP (Boolean logic Driven Markov Processes) formalism and to show the advantages of such modeling. After a description of the architecture targeted by Stuxnet, we explain the steps of the attack and model them formally with a BDMP. Based on estimated values of the success probabilities and rates of the elementary attack steps, we give a quantification of the main possible sequences leading to the physical destruction of the targeted industrial facility. This example completes a series of papers on BDMP applied to security by modeling a real case study. It highlights the advantages of BDMP compared to attack trees often used in security assessment.

https://www.researchgate.net/profile/Marc_Bouissou/publication/261487486_Modeling_the_Stuxnet_attack_with_BDMP_Towards_more_formal_risk_assessments/links/54f996cb0cf28d6deca4f3b7.pdf

Modeling the Stuxnet attack with BDMP: Towards more formal risk assessments

The digitalization of industrial control systems (ICS) raises several security threats that can endanger the safety of the critical infrastructures supervised by such systems This paper presents an analysis method that enables the identification and ranking of risks leading to a safety issue, regardless of the origin of those risks: accidental or due to malevolence This method relies on a modeling formalism called BDMP (Boolean logic Driven Markov Processes) that was initially created for safety studies, and then adapted to security The use of the method is first illustrated on a simple case to show how it can be used to make decisions in a situation where security requirements are in conflict with safety requirements Then it is applied to a realistic industrial system: a pipeline and its instrumentation and control system in order to highlight possible interactions between safety and security

http://sesamo-project.eu/sites/default/files/downloads/publications/safecomp2014-edf-safety-and-security-interactions-modeling-using-bdmp-formalism.pdf

Safety and Security Interactions Modeling Using the BDMP Formalism: Case Study of a Pipeline

Modern control systems are becoming complex and interconnected as they are increasingly integrating new information and communication technologies. Many industries like automobile, aeronautics and energy are facing great challenges as their systems are becoming less isolated and vulnerable to external malevolence. Indeed, cyber-attacks targeting industrial infrastructures can engender heavy impacts on the safety of humans and environment. In this topical context, we propose a new model based approach: S-cube for SCADA Safety and Security joint modelling. This approach provides a risk analysis framework that enables to evaluate industrial information and control architectures. Starting from the system description, S-cube generates automatically the different attack and failure scenarios it is exposed to. This approach is illustrated on a use case for which qualitative and quantitative results are given.

A Model Based Approach For SCADA Safety And Security Joint Modelling: S-Cube

The migration of modern industrial control systems toward information and communication technologies exposes them to cyber-attacks that can alter the way they function, thereby causing adverse cons...

/pdf/a-new-safety-and-security-risk-analysis-framework-for-5stkq3nr4w.pdf

Siwar Kriaa

Papers

A survey of approaches combining safety and security for industrial control systems

Modeling the Stuxnet attack with BDMP: Towards more formal risk assessments

Safety and Security Interactions Modeling Using the BDMP Formalism: Case Study of a Pipeline

A Model Based Approach For SCADA Safety And Security Joint Modelling: S-Cube

A new safety and security risk analysis framework for industrial control systems