Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

A security architectural pattern for risk management of industry control systems within critical national infrastructure

A security architectural pattern for risk management of industry control systems within critical... SCADA and ICS security have been focusing on addressing issues such as vulnerability discovery and intrusion detection within critical national infrastructure. Less attention has been paid to architectural solutions to the cyber security risks from an information assurance perspective. Security controls are not always traced back to the business requirements. This paper presents a holistic end-to-end view of the requirements, medium to high severity risks and proposes a generic security architectural pattern to address them. The architectural pattern is developed based on the Sherwood Applied Business Security Architecture (SABSA) top two layers, contextual and conceptual, which are responsible for understanding the business requirements and development of a concept architecture and strategy. Moreover, this research is motivated by industrial practices and has reflected the recent changes of GCHQ's mission. This research also contributes to the SCADA/ICS risk assessment by deriving holistic sets of risk management and architectural design requirements for SCADA/ICS. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png International Journal of Critical Infrastructures Inderscience Publishers

A security architectural pattern for risk management of industry control systems within critical national infrastructure

Loading next page...
 
/lp/inderscience-publishers/a-security-architectural-pattern-for-risk-management-of-industry-hmPawHUfSz
Publisher
Inderscience Publishers
Copyright
Copyright © Inderscience Enterprises Ltd
ISSN
1475-3219
eISSN
1741-8038
DOI
10.1504/IJCIS.2017.088229
Publisher site
See Article on Publisher Site

Abstract

SCADA and ICS security have been focusing on addressing issues such as vulnerability discovery and intrusion detection within critical national infrastructure. Less attention has been paid to architectural solutions to the cyber security risks from an information assurance perspective. Security controls are not always traced back to the business requirements. This paper presents a holistic end-to-end view of the requirements, medium to high severity risks and proposes a generic security architectural pattern to address them. The architectural pattern is developed based on the Sherwood Applied Business Security Architecture (SABSA) top two layers, contextual and conceptual, which are responsible for understanding the business requirements and development of a concept architecture and strategy. Moreover, this research is motivated by industrial practices and has reflected the recent changes of GCHQ's mission. This research also contributes to the SCADA/ICS risk assessment by deriving holistic sets of risk management and architectural design requirements for SCADA/ICS.

Journal

International Journal of Critical InfrastructuresInderscience Publishers

Published: Jan 1, 2017

There are no references for this article.