Comprehensive Risk Identification Model for SCADA Systems
作者: Abdelghafar M. Elhady , Hazem M. El-bakry , Ahmed Abou Elfetouh
DOI: 10.1155/2019/3914283
关键词: The Internet 、 Risk management 、 Paradigm shift 、 ISO 31000 、 Computer science 、 SCADA 、 Interdependence 、 Risk analysis (engineering) 、 Protocol (object-oriented programming) 、 Information and Communications Technology
摘要: The world is experiencing exponential growth in the use of SCADA systems many industrial fields. increased and considerable information communication technology has been forcing organizations to shift their from proprietary protocol-based into internet-based ones. This paradigm also risks that target systems. To protect such systems, a risk management process needed identify all risks. study presents detailed investigation on twenty-one scientific articles, guidelines, databases related identification parameters provides comparative among them. next proposes comprehensive model for was built based ISO 31000 principles guidelines. states parameters, identifies relationships between those uses hierarchical-based method draw complete scenarios. In addition, proposed defines interdependency map stated model. can be used understanding evolution through time then transformed benchmark database containing 19,163 scenarios affect Finally, case presented demonstrate one usages its database. 306 possible attack Hacktivist
hindawi.com参考文章(17)
Secure Smart Embedded Devices, Platforms and Applications Published in <b>2014</b>. ,(2013) , 10.1007/978-1-4614-7915-4
Jingcheng Gao, Jing Liu, Bharat Rajan, Rahul Nori, Bo Fu, Yang Xiao, Wei Liang, C. L. Philip Chen, SCADA communication and security issues Security and Communication Networks. ,vol. 7, pp. 175- 194 ,(2014) , 10.1002/SEC.698
Abdalhossein Rezai, Parviz Keshavarzi, Zahra Moravej, Secure SCADA communication by using a modified key management scheme ISA Transactions. ,vol. 52, pp. 517- 524 ,(2013) , 10.1016/J.ISATRA.2013.02.005
Pil Sung Woo, Balho H. Kim, A Study on Quantitative Methodology to Assess Cyber Security Risk of SCADA Systems Advanced Materials Research. pp. 1602- 1611 ,(2014) , 10.4028/WWW.SCIENTIFIC.NET/AMR.960-961.1602
Mouna Jouini, Latifa Ben Arfa Rabai, Anis Ben Aissa, None, Classification of Security Threats in Information Systems Procedia Computer Science. ,vol. 32, pp. 489- 496 ,(2014) , 10.1016/J.PROCS.2014.05.452
Gabriel J. Correa-Henao, Jose M. Yusta, Roberto Lacal-Arántegui, Using interconnected risk maps to assess the threats faced by electricity infrastructures International Journal of Critical Infrastructure Protection. ,vol. 6, pp. 197- 216 ,(2013) , 10.1016/J.IJCIP.2013.10.002
Cen Nan, Irene Eusgeld, Wolfgang Kröger, Analyzing vulnerabilities between SCADA system and SUC due to interdependencies Reliability Engineering & System Safety. ,vol. 113, pp. 76- 93 ,(2013) , 10.1016/J.RESS.2012.12.014
H. Janicke, A. Nicholson, S. Webber, S. Dyer, T. Patel, SCADA security in the light of Cyber-Warfare Computers & Security. ,vol. 31, pp. 418- 436 ,(2012) , 10.1016/J.COSE.2012.02.009
Barbara Kitchenham, Pearl Brereton, A systematic review of systematic review process research in software engineering Information & Software Technology. ,vol. 55, pp. 2049- 2075 ,(2013) , 10.1016/J.INFSOF.2013.07.010
Yulia Cherdantseva, Pete Burnap, Andrew Blyth, Peter Eden, Kevin Jones, Hugh Soulsby, Kristan Stoddart, A review of cyber security risk assessment methods for SCADA systems Computers & Security. ,vol. 56, pp. 1- 27 ,(2016) , 10.1016/J.COSE.2015.09.009