№2, 2023

Ramiz H. Shikhaliyev

The current frontiers in the description and simulation of advanced physical and biological Industrial control systems (ICS) used to control various critical industrial and social systems. ICS integrates modern computing, communication, and Internet technologies. The integration of these technologies makes ICS open to the outside world, which makes it vulnerable to various cyber-attacks. ICS’s cybersecurity is becoming one of the most important issues due to the significant damage caused by cyberattacks to organizations and society. This article analyzes the cybersecurity issues of ICS. In particular, an analysis of the main components and architectures of the ICS, security aspects of the ICS, vulnerabilities, and threats to the cybersecurity of the ICS, as well as measures and means to ensure the cybersecurity of the ICS, is carried out. The analysis will help to give some insight into the cybersecurity issues of ICS and identify various research objectives necessary to ensure the cybersecurity of ICS (pp.47-54). 

Keywords:Industrial control systems, Cybersecurity, Vulnerabilities, Threats, Cybersecurity measures and means

American Gas Association : www.AGA.org

ANSI/ISA-62443-3-3 (99.03.03)-2013, Security for Industrial Automation and Control Systems: System Security Requirements and Security Levels, https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu

Berge J., Fieldbuses for Process Control: Engineering, Operation, and Maintenance. ISA, 2002, 468 p.

Byres, E. J., Franz M., and Miller D. (2004) The Use ofAttack Trees in Assessing Vulnerabilities in SCADASystems, International Infrastructure Survivability Workshop (IISW’04), IEEE, Vol. 4, 2004.

Cheung, S, et al. (2007). Using model-based intrusion detection for SCADA networks. Proceedings of the SCADA security scientific symposium. Vol. 46. 2007.

Conpot—ICS/SCADA Honeypot, http://conpot.org/

DeviceNet: Architecture, Message Format, Error Codes, Working & Its Applications, https://www.elprocus.com/devicenet-architecture

DNP Users Group. Distributed Network Protocol Specification. 2007.

International Society of Automation: www.ISA.org

Katzke, S. and Stouffer K. (2006). Applying NIST SP 800-53 to Industrial Control Systems, ISO EXPO

Lee, S., Choi, D., Park, C., and Kim,S. (2008). An Efficient Key Management Scheme for Secure SCADA Communication, World Academy of Science, Engineering and Technology, vol. 45, 2008.

Line, M. B., Tondel, I. A. and Jaatun, M. G. (2011). Cyber security challenges in Smart Grids, in Innovative Smart Grid Technologies (ISGT Europe), 2nd IEEE PES International Conference and Exhibition on, pp.1-8.

Mehta B.R., Reddy Y.J. (2015). Industrial Process Automation Systems, 657 p., https://doi.org/10.1016/C2013-0-18954-4

Minimum Security Requirements for Federal Information and Information Systems, National Institute for Standards and Technology, FIPS 200, March 2006. Framework for Improving Critical Infrastructure Cybersecurity. NIST February 2014.

Modbus Organization. Modbus Application Protocol Specification. ModbusIDA Website.

Nicolas, F., Murchu, L. O. (2011). W32.Stuxnet Dossier.  Cupertino, CA, USA: Symantec.

Niv, G., and Wool, A. (2013). Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. International Journal of Critical Infrastructure Protection 6(2): 63-75.

North American Electric Reliability Corporation: http://www.nerc.com

Russel, J. (2015). A brief history of SCADA/EMS., http://scadahistory.com/

Spitzner, L. (2003). Honeypots: Catching the insider threat. In: The 19th Annual Conference on Computer Security Application (ACSAC). pp. 304–313.

Standards for Security Categorization of Federal Information and Information Systems, National Institute for Standards and Technology, FIPS 199, February 2004. 

Stouffer, K., Falco, J., and Scarfone, K. (2007) Guide to Industrial Control Systems Security.

Stoufler, K., Lightman, S. and Abrams, M. (2014). Guide to industrial control systems Security NIST special publication 80082.

Wojciech, T. (2013). Native support for Modbus RTU protocol in Snort intrusion detection system." New Results in Dependability & Comput. Syst. AISC 224 (2013): 479-487.

Zhu, B., and Sastry, S. (2010). SCADA—Specific intrusion detection/prevention systems: A survey and taxonomy. In Proceedings of the 1st Workshop on Secure Control Systems (SCS), Stockholm, Sweden, 12 April 2010.