Consider the Consequences: A Powerful Approach for Reducing ICS Cyber Risk

Wyman, Richard

Title: Consider the Consequences: A Powerful Approach for Reducing ICS Cyber Risk

Full Record
Other Related Research

Abstract

Here, by identifying and analyzing threats, vulnerabilities, and impacts, asset owners can develop a risk profile for their industrial control systems (ICSs). This information is essential in developing, prioritizing, and implementing mitigations to reduce ICS cyber risk. To help bridge the gap between the cyber and physical domains, and gain a better understanding of cascading cyber/physical impacts, this paper will discuss the safety perspective of physical impacts, describe the ICS cyber kill chain model, explain the cyber/physical interface, review the “layers of protection analysis model” from a security perspective, discuss protection layers, and suggest a reference architecture for securing digital control devices.

Authors:

Wyman, Richard ^[1]

Idaho National Lab. (INL), Idaho Falls, ID (United States)

Publication Date:: Wed Jan 11 00:00:00 EST 2017

Research Org.:: Idaho National Laboratory (INL), Idaho Falls, ID (United States)

Sponsoring Org.:: USDOE Office of Nuclear Energy (NE)

OSTI Identifier:: 1469377

Report Number(s):: INL/JOU-16-40596-Rev000
Journal ID: ISSN 2398-5100

Grant/Contract Number:: AC07-05ID14517

Resource Type:: Accepted Manuscript

Journal Name:: Cyber Security

Additional Journal Information:: Journal Volume: 1; Journal Issue: 1; Journal ID: ISSN 2398-5100

Publisher:: Henry Stewart Publications

Country of Publication:: United States

Language:: English

Subject:: 99 GENERAL AND MISCELLANEOUS; cyber risk; industrial control systems; cybersecurity; vulnerability; Consequence-Driven Cyber-Informed Engineering; Cyber-Informed Engineering; CIE; CCE; Cybersecurity Resilience; Consequence-based Targeting; Energy Transition; Integrating Cybersecurity; Cyber Supply Chain Risk; Cyber-Resilience; Cyber; Cyber Threat and Vulnerability

Citation Formats


                    Wyman, Richard. Consider the Consequences: A Powerful Approach for Reducing ICS Cyber Risk.  United States: N. p., 2017. 
Web.

Copy to clipboard


                    Wyman, Richard. Consider the Consequences: A Powerful Approach for Reducing ICS Cyber Risk.  United States.

Copy to clipboard


                    Wyman, Richard. Wed .  
"Consider the Consequences: A Powerful Approach for Reducing ICS Cyber Risk".  United States.  https://www.osti.gov/servlets/purl/1469377.

Copy to clipboard


                    
@article{osti_1469377,

  title        = {Consider the Consequences: A Powerful Approach for Reducing ICS Cyber Risk},

  author       = {Wyman, Richard},

  abstractNote = {Here, by identifying and analyzing threats, vulnerabilities, and impacts, asset owners can develop a risk profile for their industrial control systems (ICSs). This information is essential in developing, prioritizing, and implementing mitigations to reduce ICS cyber risk. To help bridge the gap between the cyber and physical domains, and gain a better understanding of cascading cyber/physical impacts, this paper will discuss the safety perspective of physical impacts, describe the ICS cyber kill chain model, explain the cyber/physical interface, review the “layers of protection analysis model” from a security perspective, discuss protection layers, and suggest a reference architecture for securing digital control devices.},

  doi          = {},

  journal      = {Cyber Security},

  number       = 1,

  volume       = 1,

  place        = {United States},

  year         = {Wed Jan 11 00:00:00 EST 2017},

  month        = {Wed Jan 11 00:00:00 EST 2017}

}

Copy to clipboard

Journal Article:

Free Publicly Available Full Text

Accepted Manuscript (DOE)

Publisher's Version of Record

The DOI is not currently available

Other availability

Search WorldCat to find libraries that may hold this journal

Save / Share:

Export Metadata

Save to My Library

Similar Records in DOE PAGES and OSTI.GOV collections:

Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure

Technical Report Suski, N ; Wuest, C

Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments ofmore »« less
https://doi.org/10.2172/1030214

Full Text Available
Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector

Technical Report Glenn, Colleen ; Sterbentz, Dane ; Wright, Aaron

With utilities in the U.S. and around the world increasingly moving toward smart grid technology and other upgrades with inherent cyber vulnerabilities, correlative threats from malicious cyber attacks on the North American electric grid continue to grow in frequency and sophistication. The potential for malicious actors to access and adversely affect physical electricity assets of U.S. electricity generation, transmission, or distribution systems via cyber means is a primary concern for utilities contributing to the bulk electric system. This paper seeks to illustrate the current cyber-physical landscape of the U.S. electric sector in the context of its vulnerabilities to cyber attacks,more »« less
https://doi.org/10.2172/1337873

Full Text Available
Cyber risk assessment and investment optimization using game theory and ML-based anomaly detection and mitigation for wide-area control in smart grids

Other Hyder, Burhan

The electric power grid is increasingly becoming susceptible to cyber attacks that exploit vulnerabilities in the smart grid control, information, and physical layers. Successful cyber attacks can have catastrophic impacts on the social and economic well-being of any nation all over the globe. It has, thus, become imperative to secure the smart grid against such adversarial actions to ensure stable, secure, and reliable operation of the grid. The existing research and industry practices prove to be inadequate in terms of providing pragmatic and effective defense methodologies and measures for long-term cybersecurity planning and real-time cybersecurity for grid operation. For example,more »« less
Prioritizing ICS Beachhead Systems for Cyber Vulnerability Testing

Technical Report Keys, Daniel Paul ; Wright, Virginia L. ; Chanoski, Samuel Douglas ; ...

Cyber Testing for Resilient Industrial Control Systems™ (CyTRICS™) is the Department of Energy’s (DOE’s) program for cybersecurity vulnerability testing, digital subcomponent enumeration, and forensic assessment. CyTRICS leverages best-in-class test facilities and analytic capabilities at six DOE National Laboratories and strategic partnerships with key stakeholders including technology developers, manufacturers, asset owners and operators, and interagency partners. During the program’s development, CyTRICS established a unique methodology for prioritizing digital components within operational technology (OT) and industrial control systems (ICS) in the Energy Sector Industrial Base (ESIB) for cyber vulnerability testing. The CyTRICS Prioritization Process leverages multiple characteristics of systems, components, and theirmore »« less
https://doi.org/10.2172/1856808

Full Text Available
INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

Conference Anderson, Robert S ; Schanfein, Mark ; Bjornard, Trond ; ...

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's abilitymore »« less
Full Text Available

Similar Records