Publication:
A review of security assessment methodologies in industrial control systems

No Thumbnail Available
Date
2019
Authors
Qassim Q.S.
Jamil N.
Daud M.
Patel A.
Ja�affar N.
Journal Title
Journal ISSN
Volume Title
Publisher
Emerald Group Holdings Ltd.
Research Projects
Organizational Units
Journal Issue
Abstract
Purpose: The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure. Design/methodology/approach: This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems. Findings: The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements. Originality/value: This paper presents a review and a comparative analysis of several standard SCADA security assessment methodologies and guidelines published by internationally recognised bodies. In addition, it explores the adequacy of the existing methodologies in meeting cyber security assessment practices required for electrical power networks. � 2019, Emerald Publishing Limited.
Description
Computer crime; Crime; Network security; Power control; SCADA systems; Standby power systems; Cyber-attacks; Design/methodology/approach; Electrical power networks; Industrial control systems; Security assessment; Security vulnerabilities; Vulnerability analysis; Vulnerability assessments; Electric power system control
Keywords
Citation
URI
https://www.scopus.com/inward/record.uri?eid=2-s2.0-85061306497&doi=10.1108%2fICS-04-2018-0048&partnerID=40&md5=e7ba884317630a35bf273740834b2983
 https://irepository.uniten.edu.my/handle/123456789/24767
Collections
SCOPUS