Availability Based Risk Analysis for SCADA Embedded Computer Systems

نویسندگان

  • Stephen M. Papa
  • William D. Casper
چکیده

Information Technology (IT) Security is often focused on Confidentiality, Integrity and Availability of software and data (information) contained in networked computers, servers and storage devices. In embedded industrial control or Supervisory Control and Data Acquisition (SCADA) systems the security focus must be on the protection of the availability of the system’s functions. This basic paradigm change of maintaining availability is not subtle and system protection cannot be met with the application of IT security measures alone. This paper advocates focusing on maintaining Availability and using Confidentiality and Integrity to secure an embedded control or SCADA system from attack. A risk assessment process to identify attacks on each system element’s availability is the first step to determining where protection mechanisms should be applied.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A review of cyber security risk assessment methods for SCADA systems

This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management address...

متن کامل

Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems

Industrial Control Systems (ICS) and SCADA (Supervisory Control And Data Acquisition) applications monitor and control a wide range of safety-related functions. These include energy generation where failures could have significant, irreversible consequences. They also include the control systems that are used in the manufacture of safety-related products. In this case bugs in an ICS/SCADA syste...

متن کامل

Formal Security Analysis of the DNP3-Secure Authentication Protocol

Supervisory Control and Data Acquisition (SCADA) systems are one of the key foundations of many utility industries and critical infrastructures. The Distributed Network Protocol Version 3 (DNP3) is one of the non-proprietary protocols used to facilitate substation communications within SCADA networks via serial-lines or TCP/IP protocols. DNP3 is the defacto standard for powergrid automation, ho...

متن کامل

Availability analysis of mechanical systems with condition-based maintenance using semi-Markov and evaluation of optimal condition monitoring interval

Maintenance helps to extend equipment life by improving its condition and avoiding catastrophic failures. Appropriate model or mechanism is, thus, needed to quantify system availability vis-a-vis a given maintenance strategy, which will assist in decision-making for optimal utilization of maintenance resources. This paper deals with semi-Markov process (SMP) modeling for steady state availabili...

متن کامل

Risk Assessment For Industrial Control Systems Quantifying Availability Using Mean Failure Cost (MFC)

1 Industrial Control Systems (ICS) are commonly used in industries such as oil and natural gas, transportation, electric, water and wastewater, chemical, pharmaceutical, pulp and paper, food and beverage, as well as discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervis...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011