Providing a strategic pattern for the secure use of industrial control systems in the critical infrastructure of the country

Document Type : Original Article

Authors

1 Assistant Professor of Electrical and Computer Faculty of Imam Hossein University

2 Assistant Professor of Master's Department of Computer Engineering, Islamic Azad University, Zanjan Branch

3 Assistant Professor of sndu, Tehran. Iran

4 phd. in sndu

Abstract

Today, cyber threats to industrial control systems, which are increasingly used in critical infrastructures, are more complex than can be easily dealt with. The security of these systems has become one of the most urgent concerns of all industrial players, including governments.Based on this, presenting a strategic model for the secure use of industrial control systems in critical infrastructures, which is the goal of this research, is essential.In this research, by referring to the directional elements of the cyber field, the country's upstream documents, documents and strategic measures of other countries, examining domestic and international models and plans and with expert analysis, designed a conceptual model and extracted researched the dimensions, components and indicators and then designed a researcher-made questionnaire based on interviews with experts and documents to answer the research questions.The results of this research show that the strategic pattern of secure use has 3 dimensions, 12 components and 67 sub-components, which are the most important components in the process dimension, in order of priority, structures and systems, policy , rules and regulations, use and administration. The technology dimension is security organization, preventive measures, incident analysis and management, diagnostic measures and recovery measures, and the human resources dimension is capacity building and human resource management

Keywords


  • فهرست منابع و مآخذ

    الف. منابع فارسی

    • تقی­ پور، رضا؛ لشکریان، حمیدرضا؛ ناصری، علی و یزدانی، رحیم(زمستان 1398). الگوی راهبردی حفاظت سایبری از زیرساخت‌های اطلاعاتی حیاتی جمهوری اسلامی ایران، فصلنامه امنیت ملی، سال نهم، شماره سی و چهار، 48-7.
    • کمیته دائمی پدافند غیرعامل کشور (1394)، سندراهبردی پدافند سایبری کشور. فرماندهی معظم کل قوا، کمیته دائمی پدافند غیرعامل کشور.
    • محمودزاده، ابراهیم؛ حسنی اصل، حمیدرضا؛ قوچانی، محمدمهدی و نیک نفس، علی (تابستان 1397). تدوین راهبردهای امنیت سایبری سامانه‌های کنترل صنعتی در زیرساخت‌های حیاتی کشور، فصلنامه مطالعات بین رشته­ای دانش راهبردی، سال هشتم شماره 31 ، 281-253.
    • میریوسفی، سید محسن و غفارپور، رضا (پاییز 1399). راهبردهای نوین حفاظت از زیرساخت‌های حیاتی، فصلنامه پدافند غیرعامل، سال یازدهم، شماره 3، صفحات 14-1.

     

     

    ب. منابع انگلیسی

    • Ara, Anees,(2022)," Security in Supervisory Control and Data Acquisition (SCADA) based Industrial Control Systems: Challenges and Solutions". IOP Conf. Series:Earth and Environmental Science 1026.
    • BSI-CS 005 | Version 1.50 ,(2022)," Industrial Control System Security Top 10 threats and countermeasures ". https://www.allianz-fuer-cybersicherheit.de /SharedDocs/Downloads/Webs/ACS/DE/BSI-CS/BSICS_005E.pdf?__blob= publicationFile&v=5
    • BSI-ICS,(2019), "Cybersecurity Assessment Framework" ,https: //www.bsigroup.com/globalassets/localfiles/it-it/csir/resources/whitepaper/bsi-ic-cybersecurity-assessment-framework.pdf.
    • CISA,(2020),"­Securing­ Industrial Control Systems ",https://www.cisa.gov/ r­esources-tools/ resources /securing-industrial-control-systems
    • ]H.S[,(2019),"A Guide toCritical Infrastructure Security and Resilience" November 2019,https://www.cisa.gov/sites/default/files/publications/Guide-Critical-Infrastructure-Security -Resilience-110819-508v2.pdf
    • ]H.S[,(2016),"Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies Industrial Control Systems", Cyber Emergency Response Team,https://www.cisa.gov/uscert/ sites /default /files/recommended_practices/NCCIC_ICS_CERT_Defense_in_Depth_2016_S508C.pdf
    • EISMANN,Christine(2014),"TRENDS IN CRITICAL INFRASTRUCTURE PROTECTION IN GERMANY",Technical university of Ostrava, Safety Engineering Series, ISSN 1805-3238.
    • Es-Salhi,Khaoula,(2019),"Segmentation and segregation mechanisms and models to secure the integration of Industrial control Systems(ICS) with corporate system", Ecole nationale supérieure Mines-Télécom Atlantique, 2019. English. ffNNT : 2019IMTA0143ff.
    • ENISA,(2011),"ICS Security Related Standards, Guidelines and Policy Documents", https://www.enisa.europa.eu/publications/annex-iii
    • Fortinet,(2021),"Global Threat Landscape Report A Semiannual Report by FortiGuard Labs",https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/report-threat-landscape -2021.pdf
    • Gabriel, P,(2017),"Global Health Observatory (GHO)": London, Pearson Publication.
    • Gartner,(2021),Sumic,Zarko;Foust,Nicole;Cohen,Ethan;Jones,Lloyd.and.Nair,Sruthi,"Top 10 Trends Driving the Utility Industry in 2021".
    • IEC 62443-1-1:Industrial communication networks – Network and system security – Part 1-1: Terminology , concepts and models IEC 62443-1-1.
    • kasperski,(2022),"Threat landscape for industrial automation systems " .https://ics-cert.kaspersky.com/publications/reports/2022/03/03/threat-landscape-for-industrial-automation -systems-statistics-for-h2-2021/
    • Luciana,Obregon,(2015),"Secure Architecture for Industrial Control Systems". SANS Institute InfoSec Reading Room. Available online: https:// www.sans.org /readingroom /whitepapers /ICS/secure-architecture-industrial-control-systems-36327
    • Maglaras,Leandros,(2018),"Intrusion Detection in SCADA Systemsusing Machine Learning Techniques", Department of Computing and Informatics University of
    • CSWP,(2018),"Framework for Improving Critical Infrastructure Cybersecurity". https://nvlpubs.nist.gov/nistpubs/cswp/nist.cswp.04162018.pdf.
    • NIST Special Publication 800-82 Revision2,(2015),"Guide to Industrial Control Systems (ICS) Security".
    • Siemens,(2018),https://assets.new.siemens.com/siemens/assets/api/uuid:2b57b21f-c87f-4dec-8368-90333cedd18e/whitepaper_securityen082018web.pdf
    • Sophos,(2015),"Security Threat Trends 2015".https://www.sophos.com/en-us/threat-center/medialibrary/PDFs/other/sophos-trends-and-predictions-2015.pdf
    • Timpsona,Dominic. And.Moradian, Esmiralda (2018),"A Methodology to Enhance Industrial Control System Security".22nd International Conference on Knowledge-Based and Intelligent Information & Engineering Systems.
    • Uchenna,D Ani;Jeremy,D McK Watson;Jason R C Nurse;Al Cook.and. Carsten, Maple,(2019),"a review of critical infrastructure protection approaches: improving security through responsiveness to the dynamic modelling landscape", published in PETRAS/IET Conference Living in the Internet of Things: Cybersecurity of the IoT – 2019.
    • Uchenna,DAni;Nneka,Daniel;Francisca,Oladipo.and.Sunday,EAdewumi,(2018), "Securing Industrial Control System Environments: The Missing Piece". Journal of Cyber Security Technology Volume 2, 2018 - Issue 3-4.
    • Uk National Cyber Security Strategy 2016-2021. https://assets.publishing .service.gov.uk /government/uploads/system/uploads/attachment_data/file/567242/national_cyber_security_strategy_2016.pdf.
    • Upadhyay,Darshana.and. Sampalli ,Srinivas, (2019),"SCADA (Supervisory Control and Data Acquisition) systems: Vulnerability assessment and security recommendations".Computers & Security Volume 89, February 2020, 101666.
    • UP KRITIS ,(2014),Public-Private Partnership for Critical Infrastructure Protection UP KRITIS,Germany ,2014. https://ccdcoe.org/uploads/2018/10/Germany_UP_KRITIS_Public-Private-Partnership-for-Critical-Infrastructure-Protection_2014_English.pdf
    • Viganò,Eleonora;Loi,Michele.and.Yaghmaei,Emad,(2019),"Cybersecurity of Critical Infrastructure "https :// researchgate.net /publication /335 752979.
    • Yadav,Geeta.and.Paul,Kolin,(2021),"Architecture and Security of SCADA Systems". International Journal of Critical Infrastructure Protection Volume 34, September 2021, 100433.